Batch_6[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Batch_6.zip
Size

8.6MB
MD5

efd2b474bb13fdb3b8a3159a64a22896
SHA1

48515da815cafb4d990efdd7b67baf86ac949813
SHA256

c41899315b2f3dad512ed1f58746e59fdb2f9717badcf7b2c861c1248d945991
SHA512

05195802d912ff48aac8035a8a061a3d8dc5b312ed936a147a742ad65ab75f982e3b443ebb001dd145086644006bfc361f83fb40799f60e51dd6eb053139f190
SSDEEP

196608:PYpWTGAAWAquK9u/2fpA4kuu0xCDCFvyRyi1GGywTpGRE:PYpWTGAAqub/2y4kudiCFviy88GGi

Score

6^/10

upx

Malware Config

Signatures

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Requests dangerous framework permissions 6 IoCs

Processes:

description	ioc
Required to be able to access the camera device.	android.permission.CAMERA
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/calc.exe	upx

Unsigned PE 29 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/D02D012970AA164CAD15C757D7E52994.exe
unpack001/DBm0yQwt.exe.ViR.exe
unpack001/calc.exe
unpack002/out.upx
unpack001/ccc71c83c8d9895ef0b375273f9f185dfac63ecd01775e2dc705afe4d48c95e2_Dumped_TDS=4F9911B3.exe
unpack001/ccc71c83c8d9895ef0b375273f9f185dfac63ecd01775e2dc705afe4d48c95e2_TDS=4FAD9768.exe
unpack001/cd2d085998a289134ffaf27fbdcbc8cb_api-ms-win-system-dispex-l1-1-0.dll
unpack001/cdffb7e75b20eeae4db75c9962c17b3be980a719f7597e8b11a747d72c975a36_not_packed_maybe_useless.exe
unpack001/cf7382c25a8bf0d904d51063ceb29fb70f630bc9.exe
unpack001/cgi19-alptsevs-h555.exe_.exe
unpack001/chrst.exe
unpack001/cl.exe
unpack001/clean.exe
unpack001/coinvault.exe
unpack001/com_loader.exe
unpack001/csrss.ex_.exe
unpack001/d.exe
unpack001/d0a5cfec8e80622b3e194b5ee03e93d78c7ef3478bead6a039d213caaaa58523_Dumped_TDS=4F9911B3.exe
unpack001/d0a5cfec8e80622b3e194b5ee03e93d78c7ef3478bead6a039d213caaaa58523_TDS=4FA478A6.exe
unpack001/d2164cdbc9c78db0115f382a139ccd758f8a25ebfc5ab3e0034e7aef0fe0b6b4_Dumped_TDS=4FB252FB.exe
unpack001/d2164cdbc9c78db0115f382a139ccd758f8a25ebfc5ab3e0034e7aef0fe0b6b4_TDS=4FB30D08.exe
unpack001/d4439055d2d63e52ffc23c6d24d89194_86e510605f1ee068bdc1ae306312652a__1.dll
unpack001/d54d2a216e637bcd36e5217cfba98896.exe
unpack003/Transazione.Pdf______________________________________________________________.exe
unpack001/daaa72f48bea498c5ac7ce9bc315e585ff11dad04d1eeb0d1b0ce33a28bedf2d.exe
unpack001/ddbf1840bf626da19d8f3467fe9e20e2.exe
unpack001/de882c049be133a950b6917562bb2313_583a76e23c1998307d702709dadbe103__3.dll
unpack001/decrypt.exe
unpack001/decrypted.ex_.exe

Files

Batch_6.zip
.zip
D02D012970AA164CAD15C757D7E52994.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Paco\Desktop\Invoice\HiDdEn-TeAr\obj\Debug\invoice.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DBm0yQwt.exe.ViR.exe
.exe windows:5 windows x86 arch:x86

41650cfcdcf1a88f0c9ad2f113ce9650

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
CloseHandle
UnhandledExceptionFilter
FindResourceA
GetModuleHandleA
LockResource
LoadLibraryA
GetProcAddress
GetLastError
GetStdHandle
MulDiv
HeapCreate
SizeofResource
InterlockedDecrement
HeapAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetFileType
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetStartupInfoA
RaiseException
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
LoadResource
SetStdHandle
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
WriteFile
ExitProcess
Sleep
GetModuleHandleW
SetUnhandledExceptionFilter

user32

SendMessageW
GetSystemMetrics
ScrollWindowEx
SetLayeredWindowAttributes
SetWindowPos
GetSysColor
GetDlgItem
ReleaseDC
GetWindowLongA
InvalidateRect
SetWindowLongA
CopyIcon
SetMessageQueue
SetScrollInfo
LoadCursorA
SetCursor
GetWindowRect
SendDlgItemMessageA
FillRect
MsgWaitForMultipleObjects
GetFocus
GetParent
DrawIcon
GetClientRect
DrawTextExW
SendMessageA
SetRectEmpty
wsprintfW
GetIconInfo
GetUpdateRect
GetDC
OffsetRect
GetCursorInfo
GetWindowTextA

gdi32

SetWindowOrgEx
BitBlt
GetWindowOrgEx
PatBlt
GetTextMetricsW
SetViewportOrgEx
SetTextColor
CreateFontA
GetDeviceCaps
SetBrushOrgEx
CreateBitmap
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
EnumFontFamiliesA
CreatePatternBrush
GdiGradientFill
SetTextAlign
CreateSolidBrush
CreateDIBSection

advapi32

RegCreateKeyA
RegSetValueExA

shell32

SHBrowseForFolderA
SHCreateShellItem

ole32

CoFreeUnusedLibraries
CoInitialize
StringFromCLSID
CoUninitialize
CoGetMalloc
CoCreateInstance

oleaut32

SysFreeString
RevokeActiveObject
VariantClear

wininet

InternetCrackUrlA

ws2_32

WSAGetQOSByName
WSAGetOverlappedResult

winscard

SCardGetProviderIdW

shlwapi

UrlGetPartA

comctl32

ImageList_DrawIndirect

rpcrt4

RpcBindingFromStringBindingA
RpcStringFreeA
RpcStringBindingComposeA
RpcBindingFree

secur32

GetUserNameExA

opengl32

glEndList

powrprof

GetPwrCapabilities

urlmon

CoInternetParseUrl

rpcns4

RpcNsBindingImportBeginA

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ca6ec46ee9435a4745fd3a03267f051dc64540dd348f127bb33e9675dadd3d52.exe
.apk android

com.android.porntube

.Loader

Activities

.Loader

android.intent.action.MAIN

.player

android.intent.action.VIEW

Permissions

android.permission.DISABLE_KEYGUARD
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.sec.android.app.sbrowser.operatorbookmarks.permission.READ_HISTORY_BOOKMARKS
android.permission.RESTART_PACKAGES
android.permission.CAMERA
android.permission.GET_TASKS
android.permission.GET_ACCOUNTS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.WRITE_SETTINGS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.READ_CONTACTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_PHONE_STATE
android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE

Receivers

com.sklasse.utils.astart

android.intent.action.REBOOT
android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT
android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

com.sklasse.utils.cached_reps

android.net.conn.CONNECTIVITY_CHANGE
android.system.cache

com.plugins.core.setsize

android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLED

Services

com.plugins.core.setzero

android.system.registat

.sklasse

android.system.operate
calc.exe
.exe windows:10 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 158KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:10 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ccc71c83c8d9895ef0b375273f9f185dfac63ecd01775e2dc705afe4d48c95e2_Dumped_TDS=4F9911B3.exe
.exe windows:5 windows x86 arch:x86

0e19eece28bfc9b0d635ed4ec3d29752

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
HttpQueryInfoA
InternetConnectA
InternetReadFile
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA

shlwapi

PathCombineW

kernel32

lstrcatA
GetLastError
GetModuleHandleA
CloseHandle
GetVersion
lstrcpyA
WaitForSingleObject
Sleep
GetCurrentProcessId
GetTickCount
ExitProcess
GetFileSize
lstrlenA
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
lstrlenW
FlushFileBuffers
GetProcAddress
DeleteFileW
SetFileAttributesW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
HeapSize
GetVersionExA
CreateProcessW
GetCurrentProcess
InitializeCriticalSection
OpenProcess
LeaveCriticalSection
TerminateProcess
GetModuleFileNameW
EnterCriticalSection
CreateThread
CreateMutexA
LocalFree
WideCharToMultiByte
MultiByteToWideChar
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
GetFileType
GetCurrentDirectoryA
WTSGetActiveConsoleSessionId
GetEnvironmentStringsW
QueryPerformanceCounter
FreeEnvironmentStringsW
GetModuleFileNameA
RaiseException
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
EncodePointer
GetStdHandle
DecodePointer
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
CopyFileW
GetUserGeoID
CreateDirectoryW
GetComputerNameA
SetHandleCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
LCMapStringW
IsProcessorFeaturePresent
RtlUnwind
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetStringTypeW
GetSystemTimeAsFileTime

user32

PostMessageA
GetClientRect
SetWindowLongA
GetWindowLongA
RegisterClassExA
PostQuitMessage
TranslateMessage
UnregisterClassA
CreateWindowExA
DefWindowProcA
DispatchMessageA
MessageBoxW
GetSystemMetrics
UpdateWindow
EnumWindows
ShowWindow
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetMessageA
EnableWindow

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegFlushKey
RegOpenKeyA
RegCreateKeyExA
SetSecurityDescriptorSacl

shell32

ord680
SHGetFolderPathW

ole32

OleUninitialize
OleSetContainedObject
CoGetClassObject
OleInitialize

oleaut32

SysAllocString
VariantClear
VariantInit

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ccc71c83c8d9895ef0b375273f9f185dfac63ecd01775e2dc705afe4d48c95e2_TDS=4FAD9768.exe
.exe windows:4 windows x86 arch:x86

a81730656ca1c2ccf1449f66476dc87b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
GetEnvironmentStringsW
GetStdHandle
CreateMutexA
lstrlenA
GlobalAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA

setupapi

SetupGetLineCountA

msvcrt

_adjust_fdiv
memcpy
_exit
_onexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_XcptFilter
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cd2d085998a289134ffaf27fbdcbc8cb_api-ms-win-system-dispex-l1-1-0.dll
.dll windows:4 windows x86 arch:x86

01d60c50f07df84cdeeb313752cc4354

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cluster0.pdb

Imports

kernel32

LoadResource
SetConsoleOutputCP
OutputDebugStringW
lstrcpynA
GetConsoleFontSize
EnumResourceTypesW
PrepareTape
ConvertDefaultLocale
MoveFileWithProgressA
IsSystemResumeAutomatic

Exports

Exports

CLSIDScalableBuffer
CanStrip
CommPFXExtensionCtl
DialogDecrementFill
EqualHungABCWidths
NotifyCSpnStream
OutputUninitializeControls
PauseShellChildAttribute
SelectUnmakeMode

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 719B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vqCp0w
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdffb7e75b20eeae4db75c9962c17b3be980a719f7597e8b11a747d72c975a36_not_packed_maybe_useless.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\my projects\bbac\output\Release\bbac.pdb

Sections

.text
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cf7382c25a8bf0d904d51063ceb29fb70f630bc9.exe
.exe windows:4 windows x86 arch:x86

e9e3923fa6b5c81cfcfc4413e09333bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncpy
memcpy
fopen
fseek
fclose
memmove
_CIsqrt
_CIlog
floor
ceil
_CIexp
fabs
malloc
free
strlen

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
Sleep
FreeLibrary
HeapAlloc
HeapFree
CloseHandle
InitializeCriticalSection
ReadFile
GetLastError
LoadLibraryA
GetProcAddress
HeapReAlloc
TlsAlloc
GetVersionExA
GetLogicalDriveStringsA

user32

DestroyIcon
FillRect

gdi32

GetObjectType
DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
CreateDIBSection
SelectObject
BitBlt
CreateBitmap
SetPixel
GetStockObject

wsock32

closesocket
WSACleanup
WSAStartup

winmm

mciSendCommandA

Sections

.code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ta
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

src
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cgi19-alptsevs-h555.exe_.exe
.exe windows:5 windows x86 arch:x86

553ef6236c6cb4268814330cd1e93c7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

DeleteFileW
DeleteFileA
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
GlobalAlloc
GetVersionExW
GetFullPathNameA
GetFullPathNameW
MultiByteToWideChar
GetModuleFileNameW
FindResourceW
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoW
SetFileAttributesW
DosDateTimeToFileTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
WaitForSingleObject
Sleep
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
SetEnvironmentVariableW
OpenFileMappingW
GetProcAddress
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
CompareStringW
IsDBCSLeadByte
GetCPInfo
SetCurrentDirectoryW
LoadLibraryW
FreeLibrary
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
GetStdHandle
ReadFile
CreateFileW
GetCurrentDirectoryW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileW
SetFileTime
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
GetNumberFormatW

user32

wvsprintfA
wvsprintfW
ReleaseDC
GetDC
SendMessageW
SetDlgItemTextW
SetFocus
EndDialog
DestroyIcon
SendDlgItemMessageW
GetDlgItemTextW
GetClassNameW
DialogBoxParamW
IsWindowVisible
WaitForInputIdle
SetForegroundWindow
GetSysColor
PostMessageW
LoadBitmapW
LoadIconW
CharToOemA
OemToCharA
MapWindowPoints
CreateWindowExW
SetWindowTextW
UpdateWindow
LoadCursorW
RegisterClassExW
SetWindowLongW
GetWindowLongW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
CopyRect
IsWindow
CharToOemBuffW
MessageBoxW
ShowWindow
GetDlgItem
EnableWindow
OemToCharBuffA
CharUpperA
CharToOemBuffA
LoadStringW
SetWindowPos
GetWindowTextW
GetSystemMetrics
GetWindow
CharUpperW
GetWindowRect
FindWindowExW
GetParent
GetClientRect

gdi32

GetDeviceCaps
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

advapi32

RegOpenKeyExW
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
chrst.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Computer\Documents\Visual Studio 2010\Projects\MyV\MyV\obj\x86\Release\chrst.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ci05l2a.exe
cl.exe
.exe windows:4 windows x86 arch:x86

31706a369ec92804872975ce580c66c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
ord690
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaStrI4
ord693
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFpCDblR8
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaForEachCollAd
__vbaStrCat
__vbaVarCmpNe
__vbaSetSystemError
ord661
ord662
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
ord667
__vbaAryDestruct
__vbaLateMemSt
__vbaExitProc
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaForEachCollVar
ord520
__vbaBoolVarNull
_CIsin
ord631
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner4
__vbaNextEachCollVar
__vbaObjVar
__vbaPrintObj
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
__vbaPrintFile
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord531
ord716
__vbaFPException
ord532
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaUbound
__vbaGetOwner4
__vbaVarCat
ord536
ord645
_CIlog
__vbaFileOpen
__vbaR8Str
__vbaVar2Vec
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
__vbaI4Var
__vbaForEachAry
ord689
__vbaLateMemCall
ord612
__vbaStrToAnsi
__vbaVarDup
__vbaVarLateMemCallLd
ord616
__vbaFpI4
ord617
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaStrMove
ord619
__vbaR8IntI4
ord650
_allmul
_CItan
__vbaNextEachCollAd
ord546
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
clean.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
coinvault.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
com_loader.exe
.exe regsvr32 windows:4 windows x86 arch:x86

5f21313fbe26dcd91c5fd3dfe5d4a4b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSSetUserConfigA
WTSVirtualChannelClose
WTSVirtualChannelRead
WTSRegisterSessionNotification
WTSSetSessionInformationA
WTSLogoffSession
WTSEnumerateSessionsA
WTSEnumerateServersA
WTSWaitSystemEvent
WTSSendMessageA
WTSCloseServer
WTSOpenServerA
WTSUnRegisterSessionNotification
WTSVirtualChannelPurgeInput
WTSFreeMemory
WTSEnumerateProcessesA

dbnmpntw

ConnectionVer
ConnectionError
ConnectionClose

user32

LoadStringA
SetFocus
GetCursor
wsprintfA
CreateWindowExA
CharToOemA
DrawTextW
LoadCursorA
FindWindowW
PeekMessageW
PostMessageA
IsDialogMessageA
MessageBoxW

kernel32

FindFirstFileA
SearchPathA
CopyFileA
GetOEMCP
HeapFree
FormatMessageA
lstrcpynW
GetProcessHeap
GetLogicalDriveStringsA
CopyFileExW
DeleteFileA
GetGeoInfoW
CreateDirectoryA
GetCurrentDirectoryW
CreateFileA
ReadFile
SetLastError
GetDateFormatA
GetLocaleInfoW
FileTimeToSystemTime
WaitForSingleObjectEx
GetLastError
MapViewOfFile
LoadLibraryA
InterlockedIncrement
CreateWaitableTimerA
GetDriveTypeW
WriteConsoleW
OpenMutexW
DeviceIoControl
QueryDosDeviceA
GetSystemTime
ReleaseMutex
GetProcAddress
GetStartupInfoA
GetFileSize

cmutil

CmMoveMemory
CmFree

shell32

ExtractIconA
ShellAboutA
DuplicateIcon
SHGetDataFromIDListA
SHChangeNotify
DragQueryPoint
StrChrA
FindExecutableA
DllUnregisterServer
SHGetMalloc
SHGetDesktopFolder
ShellMessageBoxA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
csrss.ex_.exe
.exe windows:4 windows x86 arch:x86

c64a1d6bfad8c05542b811bf6115ab59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord609
ord800
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord2512
ord1775
ord4407
ord5280
ord4425
ord3597
ord2575
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3574
ord1146
ord1168
ord860
ord540
ord567
ord324
ord2370
ord2302
ord4234
ord4710
ord6334
ord2379
ord2554
ord4486
ord6375
ord4274
ord6052
ord4673
ord1576

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_XcptFilter
_exit
srand
_gcvt
rand
__CxxFrameHandler
_setmbcp
exit

kernel32

GetModuleFileNameA
GetTickCount
GetModuleHandleA
GetStartupInfoA
CreateFileA

user32

SetTimer
KillTimer
ScreenToClient
GetCursorPos
InvalidateRect
EnableWindow
LoadIconA
SendMessageA

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 844KB - Virtual size: 843KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Tepakuzebupy
Burope
WugineFoqyxo
JoJoqyfewi
GazoConabygefo

Sections

CODE
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 171B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crt
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 181B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d0a5cfec8e80622b3e194b5ee03e93d78c7ef3478bead6a039d213caaaa58523_Dumped_TDS=4F9911B3.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
d0a5cfec8e80622b3e194b5ee03e93d78c7ef3478bead6a039d213caaaa58523_TDS=4FA478A6.exe
.exe windows:4 windows x86 arch:x86

eab51c0600845240b281f3cd3aff39ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetCurrentProcessId
LocalAlloc
GlobalAlloc
GetPriorityClass
GetEnvironmentStrings
HeapFree
HeapAlloc
GetProcessHeap
GetEnvironmentStringsW
GetProcAddress
GetModuleHandleA
GetStartupInfoA

setupapi

SetupGetLineCountA

msvcrt

_adjust_fdiv
memcpy
_onexit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_exit
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
d2164cdbc9c78db0115f382a139ccd758f8a25ebfc5ab3e0034e7aef0fe0b6b4_Dumped_TDS=4FB252FB.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\my projects\bbac\output\Release\bbac.pdb

Sections

.text
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d2164cdbc9c78db0115f382a139ccd758f8a25ebfc5ab3e0034e7aef0fe0b6b4_TDS=4FB30D08.exe
.exe windows:4 windows x86 arch:x86

518151b350ef47dd17b5213c5d748a55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
lstrlenA
GetStdHandle
CreateMutexA
LocalAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetStartupInfoA

setupapi

SetupDecompressOrCopyFileA

msvcrt

_adjust_fdiv
memcpy
_exit
_onexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_XcptFilter
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d4439055d2d63e52ffc23c6d24d89194_86e510605f1ee068bdc1ae306312652a__1.dll
.dll windows:4 windows x86 arch:x86

86e510605f1ee068bdc1ae306312652a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetTickCount
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
FreeLibrary
LoadLibraryA
WaitForSingleObject
TerminateThread
Sleep
CreateThread
GetCurrentProcess
VirtualProtect
GlobalAlloc
GlobalFree
GetCurrentThread
SetThreadPriority
GetComputerNameA
GetThreadContext
HeapReAlloc
SetThreadContext
HeapAlloc
HeapFree
Thread32First
HeapDestroy
HeapCreate
Thread32Next
OpenThread
CreateToolhelp32Snapshot
GetCurrentProcessId
SuspendThread
ResumeThread
VirtualQuery
VirtualFree
VirtualAlloc
GetSystemInfo
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
DeleteCriticalSection
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
GetCPInfo
GetACP
GetOEMCP
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetLocaleInfoA
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
LocalFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GetFileTime
CreateMutexA
GetLastError
GetWindowsDirectoryA
TlsGetValue
CreateFileA

user32

UpdateWindow
SystemParametersInfoA
ShowWindow
DefWindowProcA
CreateWindowExA
GetWindowLongA
SetWindowLongA
LoadIconA
KillTimer
PostQuitMessage
LoadCursorA
TranslateMessage
DestroyWindow
GetSystemMetrics
GetUserObjectInformationA
GetThreadDesktop
CreateDesktopA
CloseDesktop
SetThreadDesktop
GetClientRect
CopyRect
RegisterClassExA
GetMessageA
SendMessageA
GetWindow
DispatchMessageA
ChildWindowFromPointEx
GetAncestor
PostMessageA
MapWindowPoints
PeekMessageA
GetClassNameA
GetWindowRect
PtInRect
ClientToScreen
ScreenToClient
SetTimer

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyW
RegCreateKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

psapi

GetModuleInformation

ole32

CoGetClassObject
CoUninitialize
OleSetContainedObject
OleUninitialize
CoTaskMemAlloc
CoInitialize
OleInitialize
CoCreateInstance
OleCreate
CoDisconnectObject

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

InternetCrackUrlA

urlmon

UrlMkSetSessionOption
URLOpenPullStreamA

oleacc

AccessibleObjectFromWindow
WindowFromAccessibleObject

ws2_32

inet_addr
inet_ntoa

imm32

ImmDisableIME

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d54d2a216e637bcd36e5217cfba98896.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d5f29750a8cb158d9b89a1e02e8addc5e410d1ddc48e660589144ade47f794c5.exe
.apk android

com.tartiap.lnnhdatu

com.tartiap.lnnhdatu.dilmoeu

Activities

com.tartiap.lnnhdatu.dilmoeu

android.intent.action.MAIN

com.tartiap.lnnhdatu.eisosia

android.intent.action.VIEW

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
android.permission.DISABLE_KEYGUARD
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.sec.android.app.sbrowser.operatorbookmarks.permission.READ_HISTORY_BOOKMARKS
android.permission.PROCESS_OUTGOING_CALLS
android.permission.PROCESS_INCOMING_CALLS
android.permission.RESTART_PACKAGES
android.permission.RECEIVE_SMS
android.permission.CAMERA
android.permission.GET_TASKS
android.permission.GET_ACCOUNTS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.WRITE_SETTINGS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.READ_CONTACTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_PHONE_STATE
android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE

Receivers

com.dafmhc.rtgktino.nneaen

android.net.conn.CONNECTIVITY_CHANGE
android.system.cache

com.dafmhc.rtgktino.onlarse

android.intent.action.REBOOT
android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT
android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

com.pmgiya.nestnu.eigulni

android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLED

Services

com.tartiap.lnnhdatu.rnasdvs

android.system.operate

com.pmgiya.nestnu.edladeee

android.system.registat
d6c32b0146f219bdcb5cf524ea9e0047d9b9bd0fd7c395d5b11cbc4c3298824d.exe
.zip
Transazione.Pdf______________________________________________________________.exe
.exe windows:5 windows x86 arch:x86

380e5390f65e340268c2e7706d44415e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetTickCount
GetModuleFileNameW
IsDebuggerPresent
GetCPInfo
VirtualQuery
CreateFileA
CloseHandle
HeapSize
WriteConsoleW
GetConsoleOutputCP
GetModuleHandleA
GetCommandLineW
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteConsoleA
RaiseException

user32

GetWindowRect
IsZoomed
GetForegroundWindow
GetWindowLongW
GetDesktopWindow
GetCursor

advapi32

GetUserNameA

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d889734783273b7158deeae6cf804a6be99c3a5353d94225a4dbe92caf3a3d48.exe
.elf linux x86
daaa72f48bea498c5ac7ce9bc315e585ff11dad04d1eeb0d1b0ce33a28bedf2d.exe
.exe windows:5 windows x86 arch:x86

7511ea923b51c6e2824a2cc82310820e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseSemaphore
RtlUnwind
ScrollConsoleScreenBufferW
SetEvent
SetLastError
SetMailslotInfo
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
QueryPerformanceCounter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
QueryInformationJobObject
OpenMutexA
OpenFile
MultiByteToWideChar
LockFileEx
LockFile
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LeaveCriticalSection
IsValidLanguageGroup
IsDBCSLeadByte
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
HeapUnlock
HeapSize
HeapSetInformation
HeapFree
HeapAlloc
GlobalUnWire
GlobalAlloc
GlobalDeleteAtom
GetWriteWatch
GetVersionExW
GetVersionExA
GetUserDefaultUILanguage
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetStringTypeA
GetStartupInfoA
GetProcessHeap
GetPriorityClass
GetModuleFileNameW
GetModuleFileNameA
GetLastError
GetFullPathNameA
GetDiskFreeSpaceA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetComputerNameA
FreeResource
FreeLibraryAndExitThread
FreeLibrary
FindResourceA
FindFirstFileExW
FatalExit
EraseTape
EnumDateFormatsExW
EnterCriticalSection
DnsHostnameToComputerNameW
DeleteCriticalSection
DebugBreak
CreateThread
CreateSemaphoreA
CreateFileMappingA
CreateEventW
CreateEventA
CloseHandle
CancelDeviceWakeupRequest
BindIoCompletionCallback
BackupWrite
BackupSeek
BackupRead
GetModuleHandleW
GetCommandLineA
GetFileAttributesA
GetDriveTypeA
lstrlenA
GetVersion
LoadLibraryA
GetProcAddress
VirtualAlloc
GetModuleHandleA
GetCommandLineW
lstrlenW
LoadLibraryW
UnhandledExceptionFilter

user32

UpdateLayeredWindow
UnhookWindowsHookEx
UnhookWindowsHook
SwitchDesktop
SetWindowLongA
SetSystemCursor
SetShellWindow
SetMenuItemBitmaps
ReleaseDC
RegisterWindowMessageA
RegisterClassA
RedrawWindow
PostThreadMessageA
PostQuitMessage
PostMessageA
OffsetRect
MsgWaitForMultipleObjects
MessageBoxIndirectA
IsMenu
IsCharAlphaW
InsertMenuA
InSendMessageEx
GetWindowWord
GetWindowTextLengthW
GetWindowModuleFileNameA
GetWindowLongA
GetTabbedTextExtentA
GetSubMenu
GetMonitorInfoW
GetMessagePos
GetMessageA
GetMenu
GetInputState
GetDoubleClickTime
GetClassInfoW
GetCapture
EnumDisplaySettingsW
EnumDisplayDevicesW
DrawFocusRect
DispatchMessageA
DialogBoxParamW
DefWindowProcA
DefDlgProcW
DdeGetData
DdeFreeDataHandle
DdeConnectList
ClientToScreen
ChildWindowFromPoint
CheckRadioButton
CharPrevA
CallNextHookEx
AppendMenuA
GetKeyState
CharNextW
UpdateWindow
GetSysColor
CharLowerW
CharLowerA
LoadIconW
GetDC
IsWindow
GetDlgItem
CharUpperW
CharNextA
DestroyWindow
CharUpperA
GetParent
LoadBitmapW
IsWindowVisible
GetSystemMetrics
CreateWindowExA

gdi32

SetViewportOrgEx
SetICMMode
StretchDIBits
PolyTextOutA
PlayMetaFile
GetTextFaceW
GetTextFaceA
GetOutlineTextMetricsW
GetLayout
GetFontData
GetDIBits
GetColorSpace
GdiSetAttrs
GdiIsMetaFileDC
GdiInitializeLanguagePack
GdiInitSpool
GdiEntry9
GdiEntry7
GdiEntry13
GdiEntry10
GdiConvertEnhMetaFile
GdiAddGlsRecord
ExcludeClipRect
EnumFontFamiliesExA
EnumEnhMetaFile
EngTransparentBlt
EngPaint
EngComputeGlyphSet
CreatePenIndirect
SaveDC
CreateCompatibleDC
AddFontResourceW
SetTextAlign
CreateMetaFileA
SetBkMode
GetEnhMetaFileA
GetEnhMetaFileW
SetTextColor
SelectObject
AbortPath
AddFontMemResourceEx
Arc
StartFormPage
CreateICW

advapi32

SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegSetValueExW
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
OpenProcessToken
MakeSelfRelativeSD
MakeAbsoluteSD
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetLengthSid
GetAclInformation
GetAce
FreeSid
EqualSid
DeleteAce
AllocateAndInitializeSid
AddAce
AddAccessDeniedAce
AddAccessAllowedAce
RegQueryValueExW
SetSecurityDescriptorOwner

ole32

CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoInitialize
CoCreateInstance
CoCreateGuid

msvcrt

_onexit
wcsspn
wcsrchr
wcsncmp
wcscspn
wcschr
towupper
swscanf
strchr
sscanf
realloc
memset
_XcptFilter
__CxxFrameHandler
__dllonexit
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_amsg_exit
_beginthreadex
_cexit
_controlfp
_exit
_initterm
_ismbblead
_lock
_purecall
_stricmp
_strnicmp
_ultow
_unlock
_vsnprintf
_vsnwprintf
_wcsicmp
_wcsnicmp
_wtoi
exit
free
iswalpha
iswascii
iswcntrl
iswdigit
malloc
memcpy

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gt1
Size: 556KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gt2
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gt3
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ggg
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ddbf1840bf626da19d8f3467fe9e20e2.exe
.exe windows:5 windows x86 arch:x86

c46fc6dad3ad830f98729fc8700f4924

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleCtrlHandler
GetHandleInformation
GetCurrentProcess
SetProcessAffinityMask
VirtualAlloc
GetSystemTimes
GetProcessId
SetComputerNameExW
DuplicateHandle
OpenProcess
GetLastError
TerminateThread
GlobalAlloc
CloseHandle
LoadLibraryW
AddAtomA
GetModuleHandleW
lstrcpyW
SetProcessWorkingSetSize
GetTickCount
GetDriveTypeW
DecodePointer
EncodePointer
WriteConsoleW
GetConsoleCP
FlushFileBuffers
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RaiseException
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
ReadFile
GetConsoleMode
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
SetFilePointerEx
HeapSize
CreateFileW

user32

PostMessageW
CopyImage
SetScrollRange
BeginPaint
ShowScrollBar

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
de882c049be133a950b6917562bb2313_583a76e23c1998307d702709dadbe103__3.dll
.dll windows:4 windows x86 arch:x86

583a76e23c1998307d702709dadbe103

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExW
ExpandEnvironmentStringsW
FindFirstFileW
FindClose
FindNextFileW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetThreadContext
SetThreadContext
Thread32First
Thread32Next
OpenThread
VirtualProtect
GetCurrentThreadId
DeleteCriticalSection
ResumeThread
VirtualQuery
VirtualFree
VirtualAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetCurrentDirectoryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
InterlockedExchange
GetTimeZoneInformation
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleA
CreateToolhelp32Snapshot
Process32Next
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GlobalLock
Process32First
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetEnvironmentVariableW
GetVersion
MultiByteToWideChar
WideCharToMultiByte
LocalFree
CreateThread
CloseHandle
GetLastError
TerminateThread
SuspendThread
WaitForSingleObject

user32

IsWindow
OpenClipboard
UnhookWindowsHookEx
SendMessageW
GetWindowThreadProcessId
ToUnicodeEx
OemToCharA
GetMessageA
SetTimer
PostThreadMessageA
EnumChildWindows
SetWindowsHookExA
CloseClipboard
GetKeyState
CallNextHookEx
DispatchMessageA
GetForegroundWindow
GetClassNameW
GetWindowTextW
GetClipboardData
GetKeyboardLayout
GetGUIThreadInfo
TranslateMessage
KillTimer

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptDestroyKey
CryptDecrypt
CryptGetHashParam
CryptAcquireContextA
RegOpenKeyExA
CryptCreateHash
RegEnumValueA
RegEnumValueW
CryptDestroyHash
RegCloseKey
CryptHashData
RegQueryValueExW
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumKeyExW
CryptDeriveKey
CryptSetKeyParam

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW

crypt32

CryptUnprotectData

oleacc

AccessibleObjectFromWindow

Sections

.text
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
decrypt.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
decrypted.ex_.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 111KB - Virtual size: 110KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 12B

41650cfcdcf1a88f0c9ad2f113ce9650

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

ws2_32

winscard

shlwapi

comctl32

rpcrt4

secur32

opengl32

powrprof

urlmon

rpcns4

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 119KB - Virtual size: 118KB

.reloc Size: 7KB - Virtual size: 663KB

com.android.porntube

.Loader

Activities

.Loader

.player

Permissions

Receivers

com.sklasse.utils.astart

com.sklasse.utils.cached_reps

com.plugins.core.setsize

Services

com.plugins.core.setzero

.sklasse

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 158KB - Virtual size: 160KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 113KB - Virtual size: 112KB

.data Size: 70KB - Virtual size: 70KB

.reloc Size: 4KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

0e19eece28bfc9b0d635ed4ec3d29752

Headers

DLL Characteristics

File Characteristics

Imports

wininet

shlwapi

kernel32

.text
Size: 111KB - Virtual size: 110KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 119KB - Virtual size: 118KB

.reloc
Size: 7KB - Virtual size: 663KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 158KB - Virtual size: 160KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 113KB - Virtual size: 112KB

.data
Size: 70KB - Virtual size: 70KB

.reloc
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 436B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 8KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 48KB - Virtual size: 119KB

.text
Size: 116KB - Virtual size: 114KB

.data
Size: 124KB - Virtual size: 123KB

.idata
Size: 4KB - Virtual size: 719B

.vqCp0w
Size: 72KB - Virtual size: 70KB

DATA
Size: 56KB - Virtual size: 55KB

.eh_fram
Size: 52KB - Virtual size: 50KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 37KB - Virtual size: 40KB

.rdata
Size: 9KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 436B - Virtual size: 8KB

.mackt
Size: 1KB - Virtual size: 4KB

.code
Size: 8KB - Virtual size: 7KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 216B

.ta
Size: 2KB - Virtual size: 3KB

src
Size: 480KB - Virtual size: 479KB