xorist | Batch_9[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Batch_9.zip
Size

11.5MB
MD5

c60d2e47faa0dce0efdb839dd8f092d7
SHA1

8597f45bdefbd589345c6f07c3270c4a24030086
SHA256

c96b41fac848211321861fcf957e5f475a950c56f9024f792e5c9584f1fbd3ef
SHA512

f77ec83e1c9d97fbf6da9baa32c8d96438b70fcce47d1ae135f343a0e9336f953ebfcf27719e4231390731d700aac102df227ed0ecb6897f83e78a34c52c1254
SSDEEP

196608:C2VvBgChLxQ08twUkBN0EZ28h85oU+1ZeR43uBPEy6FvhGNK2gMXRzBoiJdbqWC:C2R2uLz8tFkZ4qNZvmPSFn2gMzo+dW3

Score

10^/10

upx xorist

Malware Config

Signatures

Detected Xorist Ransomware 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/patched.exe	family_xorist

Xorist family
xorist

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/ransom_50.00_dol_df410f19157f591860e1633b85dfb50b.scr	upx

Unsigned PE 30 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/IQHGV07FDyQ5u7bmNAvn (2).exe
unpack001/IQHGV07FDyQ5u7bmNAvn.exe
unpack001/PC Cleaner.exe
unpack001/PC_cleaner-cleaned.exe
unpack001/PC_cleaner_database-cleaned.exe
unpack001/Pizzacrypts.exe
unpack001/Ponmsiyyks.exe
unpack001/SATURN_RANSOM.exe
unpack001/ScreenCapture_Win8.MalwareScanner.exe
unpack001/license key.exe
unpack001/malware.exe
unpack001/mamba_141.exe_.exe
unpack001/mamba_152.exe_.exe
unpack001/microsoft-cleaned.exe
unpack001/msiexec.exe
unpack001/nc.exe
unpack001/nzpuHohZGP2RNfMTp0sr (2).exe
unpack001/nzpuHohZGP2RNfMTp0sr.exe
unpack001/old_14b68cb9f911ce937f52ed8282ef4395f2291c0a23f14d33f731a15572834b0d.exe
unpack001/patched.exe
unpack001/pclock.exe
unpack001/pclock_unpack.exe
unpack001/pitupi20.exe
unpack001/pozhehgxmlhobpvwlqco.exe
unpack001/ransom_50.00_dol_df410f19157f591860e1633b85dfb50b.scr
unpack003/out.upx
unpack001/ransomware1061911a3e0a74827a76bbd7bfe16d20.exe
unpack004/$PLUGINSDIR/System.dll
unpack004/profitability.dll
unpack001/safeinf.dll

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/ransomware1061911a3e0a74827a76bbd7bfe16d20.exe	nsis_installer_1
static1/unpack001/ransomware1061911a3e0a74827a76bbd7bfe16d20.exe	nsis_installer_2

Files

Batch_9.zip
.zip
IQHGV07FDyQ5u7bmNAvn (2).exe
.exe windows:5 windows x86 arch:x86

d409d04619f830ed4fb4696d607103fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\Final\Release\main.pdb

Imports

ws2_32

ioctlsocket
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup

kernel32

GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
WriteFile
CreateFileW
CloseHandle
Sleep
DeleteFileW
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
lstrlenW
GetTempPathW
FindClose
FindNextFileW
GetVolumeInformationW
SetFilePointer
ReadFile
MoveFileW
GetFileSize
GetFileType
SystemTimeToFileTime
CreateDirectoryW
GetUserDefaultLCID
WideCharToMultiByte
GetFileAttributesW
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetModuleHandleW
GetVersionExW
GetProcAddress
GetSystemInfo
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetTickCount
SleepEx
VerifyVersionInfoA
VerSetConditionMask
WaitForSingleObject
FormatMessageA
ExpandEnvironmentStringsA
GetModuleFileNameW
GetCurrentDirectoryA
GetFullPathNameA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetProcessHeap
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
SetFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStringTypeA
HeapSize
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapAlloc
GetStartupInfoW
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsW

user32

MessageBoxW
wsprintfW
GetSystemMetrics

advapi32

CryptGenKey
CryptGetHashParam
CryptAcquireContextA
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptGetKeyParam
CryptAcquireContextW
CryptExportKey

shell32

ShellExecuteW
SHGetFolderPathW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

shlwapi

PathFindExtensionW
StrCmpIW
PathAppendW
StrCpyW

Sections

.text
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IQHGV07FDyQ5u7bmNAvn.exe
.exe windows:5 windows x86 arch:x86

d409d04619f830ed4fb4696d607103fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\Final\Release\main.pdb

Imports

ws2_32

ioctlsocket
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup

kernel32

GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
WriteFile
CreateFileW
CloseHandle
Sleep
DeleteFileW
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
lstrlenW
GetTempPathW
FindClose
FindNextFileW
GetVolumeInformationW
SetFilePointer
ReadFile
MoveFileW
GetFileSize
GetFileType
SystemTimeToFileTime
CreateDirectoryW
GetUserDefaultLCID
WideCharToMultiByte
GetFileAttributesW
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetModuleHandleW
GetVersionExW
GetProcAddress
GetSystemInfo
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetTickCount
SleepEx
VerifyVersionInfoA
VerSetConditionMask
WaitForSingleObject
FormatMessageA
ExpandEnvironmentStringsA
GetModuleFileNameW
GetCurrentDirectoryA
GetFullPathNameA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetProcessHeap
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
SetFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStringTypeA
HeapSize
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapAlloc
GetStartupInfoW
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsW

user32

MessageBoxW
wsprintfW
GetSystemMetrics

advapi32

CryptGenKey
CryptGetHashParam
CryptAcquireContextA
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptGetKeyParam
CryptAcquireContextW
CryptExportKey

shell32

ShellExecuteW
SHGetFolderPathW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

shlwapi

PathFindExtensionW
StrCmpIW
PathAppendW
StrCpyW

Sections

.text
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Junk)2345.eml.ViR.exe
.eml
- http://meyaau.com/5C53687F7327933R.zip
email-html-1.txt
.html
PC Cleaner.exe
.exe windows:4 windows x86 arch:x86

0f7d0ed8477bf9ca9b4b2ce07e02a90e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Develope\msi2exe\release\msi2exestub.pdb

Imports

kernel32

GetTempPathW
GetTempFileNameW
FindResourceW
SizeofResource
LoadResource
LockResource
CreateThread
CreateFileW
DeleteFileW
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ExitProcess
CreateProcessW
GetLastError
WriteFile
FlushFileBuffers
CloseHandle
GetProcAddress
GetModuleHandleA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
RtlUnwind
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
SetStdHandle
RaiseException

user32

DefWindowProcW
PostQuitMessage
EndPaint
BeginPaint
UpdateWindow
ShowWindow
CreateWindowExW
GetSystemMetrics
RegisterClassExW
GetSysColorBrush
LoadCursorW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW
InvalidateRect

gdi32

TextOutW
SetBkMode
SelectObject
GetStockObject
DeleteObject

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PC_cleaner-cleaned.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PC_cleaner_database-cleaned.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pizzacrypts.exe
.exe windows:4 windows x86 arch:x86

1e0d5509ae3c2c05c7a22edca2c2a094

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord324
ord641
ord4229
ord825
ord5806
ord5477
ord2023
ord4857
ord5792
ord5474
ord1963
ord966
ord3565
ord278
ord605
ord4329
ord4405
ord4441
ord4969
ord4913
ord800
ord861
ord540
ord2289
ord2355
ord2350
ord2281
ord2362
ord2634
ord3087
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3076
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord4418
ord3733
ord815
ord561
ord818
ord801
ord3658
ord5446
ord6390
ord823
ord5436
ord6379
ord6051
ord1768
ord5286
ord3737
ord541
ord567
ord4270
ord755
ord640
ord323
ord470
ord613
ord4128
ord4292
ord5790
ord289
ord860
ord6139
ord1165
ord3566
ord3621
ord2406
ord1634
ord1143
ord1633
ord5781
ord2859
ord2371
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord3341
ord5261
ord1569

msvcrt

_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
__CxxFrameHandler
memcpy
memset
srand
time
_ftol
rand
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv

kernel32

GetStringTypeA
TerminateProcess
GetCPInfo
GetModuleHandleW
GetStartupInfoW
GetEnvironmentStringsW
CreateFileA
GetCurrentThread
GetTimeZoneInformation
SetCommTimeouts
WriteFile
GetCurrentProcess
CreateFileW
GetModuleFileNameW
GlobalReAlloc
GlobalUnlock
GlobalAlloc
GlobalLock
WideCharToMultiByte
SetEndOfFile
UnhandledExceptionFilter

user32

InvalidateRect
SetCapture
SendMessageW
LoadBitmapW
SetRect
SetWindowLongW
GetWindowTextLengthW
GetClipboardData
CheckRadioButton
GetDlgItemTextW
GetDlgItem
GetCursorPos
GetScrollInfo
DialogBoxParamA
PtInRect
GetWindowRect
PostQuitMessage
LoadCursorW
SetCursor
AppendMenuW
IsDialogMessageA
ReleaseCapture
GetWindowTextW
SetClipboardData
RegisterWindowMessageW
CreateMenu
GetWindowLongA
CloseClipboard
EnableWindow
LoadIconW

gdi32

ExtCreateRegion
CombineRgn
DeleteDC
GetObjectW
CreateCompatibleDC
SelectObject
BitBlt
SetBkColor
SetMapMode
UnrealizeObject
DeleteObject
CreateDIBSection

advapi32

RegOpenKeyA

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ponmsiyyks.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rlesvxamvenagx @ZL@0ECpw@ZL@ .xml.zyklon.exe
SATURN_RANSOM.exe
.exe windows:6 windows x86 arch:x86

fc7c70bdf521087654ea0c66669225c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetCurrentProcess
InitializeCriticalSectionEx
CreateMutexA
GetVolumeInformationA
WaitForSingleObject
HeapSize
DeleteFileA
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetComputerNameA
CreateProcessA
IsDebuggerPresent
CheckRemoteDebuggerPresent
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
GetLogicalDriveStringsA
SetFileAttributesA
MoveFileExA
lstrlenA
GetDriveTypeA
MoveFileA
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateFileA
GetLastError
MultiByteToWideChar
WriteFile
lstrlenW
ReadFile
LocalFree
CloseHandle
GetFileAttributesA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
GetModuleHandleA
LocalAlloc
GetProcessHeap
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
OutputDebugStringW
RtlUnwind
FreeLibrary
LoadLibraryExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetACP
SetStdHandle
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetCurrentDirectoryW
GetFullPathNameW
SetFilePointerEx
GetTimeZoneInformation
FindFirstFileExW
SetEndOfFile

user32

SystemParametersInfoA

advapi32

CryptDestroyKey
RegQueryValueExA
RegCloseKey
CryptReleaseContext
BuildExplicitAccessWithNameA
SetEntriesInAclA
RegCreateKeyExA
OpenProcessToken
SetSecurityInfo
GetTokenInformation
CryptGenRandom
RegOpenKeyExA
CryptAcquireContextA
CryptAcquireContextW
CryptEncrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteA

ole32

CoCreateInstance
CoInitialize

crypt32

CryptStringToBinaryA
CryptImportPublicKeyInfo
CryptDecodeObjectEx

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ScreenCapture_Win8.MalwareScanner.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\COETECH\GLTS\MalwareScanner\obj\Release\MalwareScanner.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license key.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
malware.exe
.exe windows:4 windows x86 arch:x86

79fd079e9d3e0619831be2cf92afa94a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateMessage
ShowWindow
SetWindowTextA
SetWindowPos
SetTimer
SetForegroundWindow
SetCursorPos
SetClipboardData
SendNotifyMessageA
SendMessageTimeoutA
SendMessageA
RegisterWindowMessageA
RegisterClassExA
PostQuitMessage
OpenClipboard
MoveWindow
ModifyMenuA
MessageBoxA
MapWindowPoints
LoadIconA
LoadCursorA
LoadBitmapA
UpdateWindow
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
InsertMenuItemA
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindow
GetSystemMenu
GetSubMenu
GetParent
GetMessageA
GetMenuStringA
GetMenuItemID
GetMenuItemCount
GetMenu
GetForegroundWindow
GetDesktopWindow
GetCursorPos
keybd_event
mouse_event
KillTimer
GetClipboardData
GetClientRect
GetClassNameA
GetAsyncKeyState
EnumWindows
EnumChildWindows
EnableWindow
EnableMenuItem
EmptyClipboard
DrawMenuBar
DispatchMessageA
DefWindowProcA
CreateWindowExA
CloseClipboard
wsprintfA

kernel32

lstrlenA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualProtectEx
VirtualFree
VirtualAlloc
TerminateThread
TerminateProcess
SystemTimeToFileTime
Sleep
SetPriorityClass
SetLocalTime
SetFileTime
SetFilePointer
SetFileAttributesA
SetEndOfFile
SetCurrentDirectoryA
RtlMoveMemory
ResumeThread
RemoveDirectoryA
ReadProcessMemory
ReadFile
OpenProcess
MoveFileA
LocalFileTimeToFileTime
LoadLibraryA
InterlockedIncrement
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocalTime
GetLastError
GetFileTime
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetCurrentProcess
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
GetCurrentDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
FileTimeToSystemTime

shell32

ShellExecuteExA
DragQueryFileA
DragFinish

gdi32

DeleteObject

advapi32

RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

winmm

timeSetEvent
timeKillEvent

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mamba_141.exe_.exe
.exe windows:5 windows x86 arch:x86

dd8fd079a980cb9227eb869f7da9b258

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

shlwapi

PathFileExistsW
PathFileExistsA

kernel32

Sleep
SizeofResource
GetConsoleWindow
GetVersionExW
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
GetLastError
GetProcAddress
GetSystemDirectoryW
CreateEventW
GetModuleFileNameA
GetModuleHandleA
CloseHandle
CreateThread
CreateProcessA
GetExitCodeProcess
WriteConsoleW
WriteFile
GetModuleHandleW
SetEvent
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
LoadResource
FindResourceW
GetNativeSystemInfo
GetCommandLineW
GetFileAttributesExW
SetEnvironmentVariableA
LockResource
GetModuleHandleExW
SetStdHandle
ReadConsoleW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetStringTypeW
HeapFree
HeapAlloc
ExitProcess
SetEndOfFile
AreFileApisANSI
GetCommandLineA
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ReadFile
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
HeapReAlloc
OutputDebugStringW

user32

ExitWindowsEx
ShowWindow

advapi32

RegisterServiceCtrlHandlerW
RevertToSelf
SetServiceStatus
ImpersonateLoggedOnUser
ChangeServiceConfig2W
LookupPrivilegeValueW
CreateProcessAsUserW
LogonUserW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CreateServiceW
AdjustTokenPrivileges

shell32

ShellExecuteW
ShellExecuteA

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mamba_152.exe_.exe
.exe windows:4 windows x86 arch:x86

19b579508944735949a06ee438c121ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
TerminateProcess
GetProcAddress
ExitProcess
GetTickCount
GetModuleFileNameA
GetCommandLineA
GetStartupInfoA

msvcp60

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcrt

strlen
__CxxFrameHandler
_ftol
pow
atan2
??2@YAPAXI@Z
cosh
fabs
printf
memcpy
cos
atan
tan
log10
exp
asin
floor
tanh
sqrt
sin
_except_handler3
acos
fmod
sinh
strcpy
strcat
memset
ceil
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__dllonexit
_onexit
log

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
microsoft-cleaned.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msiexec.exe
.exe windows:5 windows x86 arch:x86

71e5add1b563cff7b06b46e6335853d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxExA
CreateIcon
GetDoubleClickTime
GetGUIThreadInfo
SetClassWord
GetKeyboardType
IsCharLowerA
DdeCreateDataHandle
RealGetWindowClassA
OemToCharA

urlmon

GetSoftwareUpdateInfo
CoInternetGetSecurityUrl
FindMediaTypeClass

ole32

OleIsRunning
OleCreateStaticFromData
OleCreateLinkToFile
StgCreateDocfileOnILockBytes
StgSetTimes
OleConvertOLESTREAMToIStorageEx
OleCreateLinkFromData
DoDragDrop

advapi32

QueryServiceConfigA
PrivilegedServiceAuditAlarmW
RegCloseKey
CreatePrivateObjectSecurity
GetSecurityDescriptorControl
MapGenericMask
RegQueryInfoKeyW

dbghelp

SymGetModuleInfoW
ImagehlpApiVersion
SymGetModuleInfo
SymGetSymNext
SymEnumerateModules

mpr

WNetGetUniversalNameW
WNetAddConnectionW
WNetCancelConnection2A
WNetGetLastErrorW
WNetEnumResourceA
WNetDisconnectDialog

kernel32

GetSystemInfo
VirtualProtect
RaiseException
SetFilePointer
FlushFileBuffers
VirtualQuery
GetConsoleCP
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetConsoleMode
TlsFree
GetLocaleInfoA
RtlUnwind
InitializeCriticalSection
LoadLibraryExA
Sleep
GetOEMCP
ExitProcess
DosDateTimeToFileTime
DeleteFileW
DeleteFileA
CreateFileW
CreateFileA
CreateDirectoryW
CreateDirectoryA
CompareStringA
CloseHandle
SetSystemTimeAdjustment
GetCPInfoExA
DnsHostnameToComputerNameW
LockFile
GetSystemTimeAsFileTime
ExitThread
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetStartupInfoA
GetProcAddress
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
GetModuleHandleA
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nc.exe
.exe windows:4 windows x86 arch:x86

9a07a268dfdfe636c092c15eecfb3042

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
DisconnectNamedPipe
TerminateProcess
WaitForMultipleObjects
TerminateThread
GetLastError
CreateThread
CreatePipe
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
Sleep
ReadFile
PeekNamedPipe
WriteFile
GetStdHandle
FreeConsole
VirtualFree
VirtualAlloc
LCMapStringA
SetEndOfFile
LCMapStringW
CreateFileA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
HeapReAlloc
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetProcAddress
SetStdHandle
SetEnvironmentVariableA
SetFilePointer
CompareStringA
GetOEMCP
CompareStringW
GetCPInfo
GetEnvironmentStringsW
GetACP
HeapFree
HeapAlloc
CloseHandle
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
RtlUnwind
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar

wsock32

__WSAFDIsSet
getsockname
select
listen
WSASetLastError
recvfrom
accept
bind
socket
setsockopt
getservbyport
connect
htons
ioctlsocket
ntohs
getservbyname
gethostbyaddr
gethostbyname
inet_addr
WSACleanup
WSAGetLastError
WSAStartup
closesocket
recv
send

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vsp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nd2vj1ux.exe
notes.exe
nzpuHohZGP2RNfMTp0sr (2).exe
.exe windows:5 windows x86 arch:x86

d409d04619f830ed4fb4696d607103fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\Final\Release\main.pdb

Imports

ws2_32

ioctlsocket
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup

kernel32

GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
WriteFile
CreateFileW
CloseHandle
Sleep
DeleteFileW
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
lstrlenW
GetTempPathW
FindClose
FindNextFileW
GetVolumeInformationW
SetFilePointer
ReadFile
MoveFileW
GetFileSize
GetFileType
SystemTimeToFileTime
CreateDirectoryW
GetUserDefaultLCID
WideCharToMultiByte
GetFileAttributesW
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetModuleHandleW
GetVersionExW
GetProcAddress
GetSystemInfo
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetTickCount
SleepEx
VerifyVersionInfoA
VerSetConditionMask
WaitForSingleObject
FormatMessageA
ExpandEnvironmentStringsA
GetModuleFileNameW
GetCurrentDirectoryA
GetFullPathNameA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetProcessHeap
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
SetFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStringTypeA
HeapSize
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapAlloc
GetStartupInfoW
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsW

user32

MessageBoxW
wsprintfW
GetSystemMetrics

advapi32

CryptGenKey
CryptGetHashParam
CryptAcquireContextA
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptGetKeyParam
CryptAcquireContextW
CryptExportKey

shell32

ShellExecuteW
SHGetFolderPathW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

shlwapi

PathFindExtensionW
StrCmpIW
PathAppendW
StrCpyW

Sections

.text
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nzpuHohZGP2RNfMTp0sr.exe
.exe windows:5 windows x86 arch:x86

d409d04619f830ed4fb4696d607103fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\Final\Release\main.pdb

Imports

ws2_32

ioctlsocket
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup

kernel32

GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
WriteFile
CreateFileW
CloseHandle
Sleep
DeleteFileW
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
lstrlenW
GetTempPathW
FindClose
FindNextFileW
GetVolumeInformationW
SetFilePointer
ReadFile
MoveFileW
GetFileSize
GetFileType
SystemTimeToFileTime
CreateDirectoryW
GetUserDefaultLCID
WideCharToMultiByte
GetFileAttributesW
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetModuleHandleW
GetVersionExW
GetProcAddress
GetSystemInfo
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetTickCount
SleepEx
VerifyVersionInfoA
VerSetConditionMask
WaitForSingleObject
FormatMessageA
ExpandEnvironmentStringsA
GetModuleFileNameW
GetCurrentDirectoryA
GetFullPathNameA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetProcessHeap
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
SetFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStringTypeA
HeapSize
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapAlloc
GetStartupInfoW
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsW

user32

MessageBoxW
wsprintfW
GetSystemMetrics

advapi32

CryptGenKey
CryptGetHashParam
CryptAcquireContextA
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptGetKeyParam
CryptAcquireContextW
CryptExportKey

shell32

ShellExecuteW
SHGetFolderPathW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

shlwapi

PathFindExtensionW
StrCmpIW
PathAppendW
StrCpyW

Sections

.text
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
old_14b68cb9f911ce937f52ed8282ef4395f2291c0a23f14d33f731a15572834b0d.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
patched.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pclock.exe
.exe windows:5 windows x86 arch:x86

ebb157b0a0b05503bf71db78ca8a098f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Krypton_15.0_NR\Bin\StubNew.pdb

Imports

ntdll

NtQueryObject
wcsncpy

kernel32

LeaveCriticalSection
GetLastError
GetProcAddress
VirtualAlloc
EnterCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
lstrcpyA
ExitProcess
DeleteCriticalSection
LoadLibraryA

user32

MessageBoxW
GetActiveWindow
EmptyClipboard
WindowFromPoint
CloseClipboard

comctl32

InitCommonControlsEx

wtsapi32

WTSQuerySessionInformationA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.core
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pclock_unpack.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pitupi20.exe
.exe windows:4 windows x86 arch:x86

cecd134f388149dd921af4cfa400f6c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreatePatternBrush
SetPixel
Rectangle
GetRandomRgn
SetMiterLimit
SelectPalette
RoundRect

rasapi32

RasSetCredentialsW
RasGetAutodialAddressW

ntdll

bsearch
RtlUnicodeToMultiByteN

odbc32

SQLSetConnectAttrW
SQLDescribeColA
SQLDescribeParam
SQLBrowseConnectA
SQLTransact
SQLGetDiagRecW
SQLGetDescRecW
SQLDriversW
SQLMoreResults
SQLPrepareW
SQLEndTran
SQLPrimaryKeysA
SQLSpecialColumnsW
SQLForeignKeysW
SQLColAttributesA
SQLGetTypeInfoA
SQLColumnPrivilegesA
SQLBrowseConnectW
SQLProceduresA
SQLGetConnectOptionA
DllBidEntryPoint
SQLConnectW
SQLStatisticsW
PostODBCComponentError
SQLDisconnect

advapi32

SetFileSecurityA
StartTraceW

msvcrt

_wenviron
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_errno
strtok
_umask
_wstrtime
_mbsncpy
_HUGE
_getpid
mktime
_wstrdate
__unDName
_wcsncoll
_utime64
_exit
_wexeclp
asctime
_beep
_findfirst
_wsearchenv
_findfirst64
__doserrno
_CxxThrowException
_endthread
_wgetenv
_futime

oleaut32

SafeArrayAllocDescriptorEx

xolehlp

DtcGetTransactionManagerC
DtcGetTransactionManager
GetDtcLocaleResourceHandle

ole32

CoGetObjectContext

user32

SetUserObjectInformationA
GetWindowRgn

kernel32

LoadLibraryA
SetCommTimeouts
SizeofResource
lstrcmpA
SetFileAttributesW
ClearCommError
GetModuleHandleA
lstrcpynW
GetProcAddress
SetPriorityClass
CloseHandle
VirtualAlloc
SetFilePointer
GetStartupInfoA
GetModuleHandleA
SetEvent

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pozhehgxmlhobpvwlqco.exe
.exe windows:4 windows x86 arch:x86

518151b350ef47dd17b5213c5d748a55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
lstrlenA
GetStdHandle
CreateMutexA
LocalAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA

setupapi

SetupDecompressOrCopyFileA

msvcrt

_adjust_fdiv
memcpy
_exit
_onexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_XcptFilter
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ransom_50.00_dol_df410f19157f591860e1633b85dfb50b.scr
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 603KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CryptoPP
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ransomware1061911a3e0a74827a76bbd7bfe16d20.exe
.exe windows:4 windows x86 arch:x86

e160ef8e55bb9d162da4e266afd9eef3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bhajan.x
profitability.dll
.dll windows:4 windows x86 arch:x86

e07e00e45407ff0dd6abc9eaa981fa7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
malloc
_adjust_fdiv
free

Exports

Exports

ProduceThreed
WinAllogamy32

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
safeinf.dll
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
schet1074.15.03.16.doc
.rtf .doc

Sharing

General

Malware Config

Signatures

Files

d409d04619f830ed4fb4696d607103fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

wininet

shlwapi

Sections

.text Size: 283KB - Virtual size: 283KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 7KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 15KB - Virtual size: 15KB

d409d04619f830ed4fb4696d607103fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

wininet

shlwapi

Sections

.text Size: 283KB - Virtual size: 283KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 7KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 15KB - Virtual size: 15KB

0f7d0ed8477bf9ca9b4b2ce07e02a90e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4.3MB - Virtual size: 4.3MB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 334KB - Virtual size: 334KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 17KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

1e0d5509ae3c2c05c7a22edca2c2a094

Headers

File Characteristics

Imports

.text
Size: 283KB - Virtual size: 283KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 7KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 283KB - Virtual size: 283KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 7KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

.text
Size: 334KB - Virtual size: 334KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 312B

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 39KB - Virtual size: 38KB

.sdata
Size: 1024B - Virtual size: 744B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 207KB - Virtual size: 206KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 46KB - Virtual size: 50KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 134KB - Virtual size: 134KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 99KB - Virtual size: 98KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 104KB - Virtual size: 104KB