xorist | Batch_8[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Batch_8.zip
Size

5.3MB
MD5

a08902a38452cd5ce655ba54040c5833
SHA1

b94c8f6b0be6f2e8f003c9cfde9d8857d752cb2b
SHA256

fd84148426c6188c0bdec2e66d1f4fda9392342adb0c225d64aaacce24ce8653
SHA512

990a022b6ae18b72daca14bc1c0eee95f1e89e366fc62b9b4824e4cd63f261837a56461439fce9b5a6a6aaec03912595d36f1dadeea5661a4cb6a050d40fb12a
SSDEEP

98304:F6DMk1Jj0MM/64iXHiO1/ghHDwkLP1tfd4HLMXaWPNEa82i2noWmELP7lQw4oJ7:FWHnM/6l5QDbPrV4HORnoGCw4oJ7

Score

10^/10

upx xorist

Malware Config

Signatures

Detected Xorist Ransomware 1 IoCs

Processes:

resource	yara_rule
static1/unpack004/out.upx	family_xorist

Xorist family
xorist

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/file_ (7).exe	upx
static1/unpack001/flash_player.original.exe	upx
static1/unpack001/informations.exe	upx

Unsigned PE 34 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/FD4DC9B2BFF8D75A704E8FE33C63DA4B.exe
unpack001/Flyper.exe
unpack001/Flyper2.exe
unpack001/Flyper3.exe
unpack001/Free YouTube Downloader.exe
unpack001/FreeYoutubeDownloader11012016.exe
unpack001/file (1).exe
unpack001/file (2).exe
unpack001/file (3).exe
unpack001/file (4).exe
unpack001/file (6).exe
unpack001/file (7).exe
unpack001/file.exe
unpack001/file_ (1).exe
unpack001/file_ (2).exe
unpack001/file_ (3).exe
unpack001/file_ (4).exe
unpack001/file_ (5).exe
unpack001/file_ (6).exe
unpack001/file_ (7).exe
unpack002/out.upx
unpack001/file_.exe
unpack001/file_9.exe
unpack001/firefox32.exe
unpack001/flash_player.original.exe
unpack003/out.upx
unpack001/flash_player.unpacked.exe
unpack001/freegaza_israeli_killers.exe
unpack001/fresh_a22bb95ee8cfccc94ba183c071bad3a951b353e98fcf0d6cfa9268aaf9c53d53.exe
unpack001/helper[1].exe_.exe
unpack001/info[1].exe
unpack001/informations.exe
unpack004/out.upx
unpack001/installer.exe

Files

Batch_8.zip
.zip
FD4DC9B2BFF8D75A704E8FE33C63DA4B.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Paco\Desktop\inInvoice\hIDDeN-teAr\obj\Debug\inInvoice.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flyper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Paco\Desktop\inInvoice\hIDDeN-teAr\obj\Debug\inInvoice.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flyper2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Paco\Desktop\Invoice\HiDdEn-TeAr\obj\Debug\invoice.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flyper3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Paco\Desktop\inInvoice\hIDDeN-teAr\obj\Debug\inInvoice.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Free YouTube Downloader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Amon You\Amon Youtube\Timer\Free YouTube Downloader\Free YouTube Downloader\obj\Debug\Free YouTube Downloader.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FreeYoutubeDownloader11012016.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file (1).exe
.exe windows:5 windows x86 arch:x86

e55e9c98504c76e7d2a793dd040a1784

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW
StrCatW

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

kernel32

lstrlenW
CopyFileW
CloseHandle
WriteFile
CreateFileW
WideCharToMultiByte
Sleep
GetCommandLineW
CreateProcessW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetTickCount
GetEnvironmentVariableW
OpenProcess
SetSystemTime
GetSystemTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
WaitForSingleObject
CreateThread
IsDebuggerPresent

user32

CreateWindowExW
GetSystemMetrics
RegisterClassExW
DefWindowProcW
SetLayeredWindowAttributes
SetWindowPos
SetWindowLongW
GetWindowLongW
EndPaint
BeginPaint
EndDialog
GetDlgItemInt
CallNextHookEx
GetAsyncKeyState
ShowWindow
UpdateWindow
SetForegroundWindow
SetWindowsHookExW
DialogBoxParamW
AdjustWindowRect
AllowSetForegroundWindow
CascadeWindows
BringWindowToTop
ArrangeIconicWindows
AnyPopup
AnimateWindow
MessageBoxW
GetAncestor
BeginDeferWindowPos

gdi32

TextOutW
SetTextColor
SetBkColor
Rectangle
CreateSolidBrush
CreatePen
SelectObject
CreateFontA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file (2).exe
.exe windows:5 windows x86 arch:x86

17ef22527356e10d0bcbb740b6521d40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
InterlockedCompareExchange
ExitProcess
SetLastError
GetProcAddress
GetExitCodeProcess
LoadLibraryA
VirtualProtect
CompareStringA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file (3).exe
.exe windows:5 windows x86 arch:x86

c4a0d13517b757a950f8e129974cca4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatW
GetStringTypeA
InitializeCriticalSection
lstrcmpW
GetSystemDefaultLangID
LockResource
lstrlenA
LocalReAlloc
GetProcAddress
lstrlenW
VirtualProtect
UnmapViewOfFile
GetLocaleInfoW
SetCurrentDirectoryA
GetModuleHandleA
DeleteFileW
HeapCreate
TlsSetValue
RaiseException
GetCurrentThreadId
WaitForSingleObject
CreateFileW
GetVersion
GetCurrentProcessId
FindClose
GetFileSize
ExitProcess
CreateFileA
LocalLock
LoadLibraryA
lstrcpyW
MultiByteToWideChar
GetProcessHeap
DisableThreadLibraryCalls
TerminateProcess
CreateEventA
GetFileType
Sleep
GlobalAlloc
VirtualFree
GetSystemDirectoryW
MapViewOfFile
GlobalFree
EnterCriticalSection
LocalUnlock
HeapSize
TlsAlloc
LocalFree
GetVersionExA
GetSystemInfo
SetFileAttributesW
GetEnvironmentStrings
ReadFile
GetModuleFileNameW
MulDiv
GetFileAttributesW
GetACP
GetLastError
GlobalUnlock
GetLocaleInfoA
VirtualQuery
VirtualAlloc
GetTimeFormatW
LocalSize
TlsFree
IsProcessorFeaturePresent
lstrcatA
LocalAlloc
SetUnhandledExceptionFilter
SizeofResource
SetStdHandle
FoldStringW
SetThreadPriority
CloseHandle
GetFileInformationByHandle
GetLocalTime
GetUserDefaultLCID
FindFirstFileA
GetSystemTimeAsFileTime
DuplicateHandle
SetLastError
GetEnvironmentStringsW
SetConsoleCtrlHandler
SetEndOfFile
WideCharToMultiByte
GetCurrentProcess
QueryPerformanceCounter
GetUserDefaultUILanguage
WriteFile
OpenMutexA
CompareStringW
FindFirstFileW
InterlockedDecrement
IsBadReadPtr
CreateFileMappingW
GetOEMCP
FormatMessageW
GetSystemDirectoryA
UnhandledExceptionFilter
GetStartupInfoA
GetTickCount
GetTempFileNameA
OutputDebugStringA
GetCommandLineA
lstrcmpiW
GetCommandLineW
SetEvent
GetDateFormatW
GetSystemTime
lstrcpynW
SetFilePointer
LoadResource
IsValidCodePage
GlobalLock

msvcrt

_errno
_adjust_fdiv
__set_app_type
localtime
_lock
_unlock
_XcptFilter
_cexit
_snwprintf
__setusermatherr
__p__commode
wcstoul
_wtol
??1type_info@@UAE@XZ
wcsncmp
iswspace
__p__fmode
_acmdln
exit
_callnewh
__getmainargs
_controlfp
wcsncpy
_c_exit
iswctype
time
_exit
_initterm

user32

MessageBoxW
MessageBeep
GetMenu
CharNextW
DrawTextExW
GetWindowTextW
GetDlgItemTextW
ScreenToClient
CharLowerW
TrackPopupMenu
ReleaseDC
CloseClipboard
TranslateAcceleratorW
EndDialog
DispatchMessageW
InvalidateRect
GetParent
IsWindowVisible
CharUpperW
LoadCursorW
SetWindowPlacement
CallWindowProcW
PeekMessageW
GetSubMenu
IntersectRect
DefWindowProcW
GetDlgItem
RegisterWindowMessageW
DeleteMenu
SetCursor
PostMessageW
DrawEdge
SendDlgItemMessageW
SetFocus
EnableWindow
CheckDlgButton
GetSysColor
SetWinEventHook
GetWindowLongW
IsDialogMessageW
ShowWindow
SendMessageW
GetFocus
MoveWindow
CreateDialogParamW
GetForegroundWindow
GetSystemMenu
OpenClipboard
IsIconic
SetParent
PostQuitMessage
PeekMessageA
SetActiveWindow
GetWindowThreadProcessId
LoadImageW
IsClipboardFormatAvailable
SetDlgItemTextW
EnumWindows
SendMessageA
GetKeyboardLayout
UpdateWindow
DialogBoxParamW
SetWindowLongW
UnhookWinEvent
wsprintfW
EnableMenuItem
InflateRect
GetSystemMetrics
LoadStringW
GetMessageW
SystemParametersInfoA
GetCursorPos
TranslateMessage
CheckMenuItem
GetDlgCtrlID
GetMenuState
SetScrollPos
GetClientRect
WinHelpW
SetWindowTextW
GetDesktopWindow
ReleaseCapture
DestroyWindow
GetWindowPlacement
ChildWindowFromPoint
LoadAcceleratorsW
CreateWindowExW
LoadIconW
RegisterWindowMessageA
UnhookWindowsHookEx
GetDC
RegisterClassExW

gdi32

SetMapMode
TextOutW
SetWindowExtEx
StartPage
EndPage
CreateDCW
GetTextExtentPoint32W
SetAbortProc
GetTextMetricsW
GetTextFaceW
SetViewportExtEx
EnumFontsW
DeleteObject
StartDocW
GetObjectW
SetBkMode
CreateFontIndirectW
GetDeviceCaps
LPtoDP
AbortDoc
EndDoc
SelectObject
GetStockObject
DeleteDC

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExA
IsTextUnicode
RegQueryValueExA
RegCreateKeyW
RegQueryValueExW

shell32

DragFinish
DragAcceptFiles
ShellAboutW
DragQueryFileW

comdlg32

FindTextW
GetFileTitleW
PrintDlgExW
GetSaveFileNameW
ReplaceTextW
PageSetupDlgW
ChooseFontW
GetOpenFileNameW
CommDlgExtendedError

winspool.drv

OpenPrinterW
GetPrinterDriverW
ClosePrinter

comctl32

CreateStatusWindowW

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file (4).exe
.exe windows:5 windows x86 arch:x86

8dde48a10230b283ddab8b7d229d871d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW
StrCpyW
StrRStrIW
StrCatW

kernel32

GetLocalTime
ExpandEnvironmentStringsW
CreateThread
GetCommandLineW
GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrlenW
TerminateThread
GetExitCodeThread
GetTickCount
FindClose
DeleteFileW
ReadFile
VirtualAlloc
GetFileSize
FindNextFileW
GetLastError
FindFirstFileW
FreeLibrary
LoadLibraryExW
GetPrivateProfileStringW
MultiByteToWideChar
GetVersion
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
GetSystemTime
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryA
HeapReAlloc
VirtualFree
GetModuleFileNameA
GetStdHandle
InitializeCriticalSectionAndSpinCount
CreateFileW
WriteFile
CloseHandle
CopyFileW
CreateProcessW
WaitForSingleObject
Sleep
SetSystemTime
GetLocaleInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsSetValue
SetLastError
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
ExitProcess

user32

GetAsyncKeyState
CallNextHookEx
GetDlgItemInt
GetWindowLongW
SetWindowLongW
SetWindowPos
SetLayeredWindowAttributes
DefWindowProcW
EndPaint
GetSystemMetrics
CreateWindowExW
ShowWindow
UpdateWindow
SetForegroundWindow
SetWindowsHookExW
DialogBoxParamW
EndDialog
MessageBoxW
BeginPaint
GetDC
ReleaseDC
RegisterClassExW

gdi32

SetBkColor
CreateDIBitmap
CreateDIBSection
CreateFontA
CreateCompatibleDC
SelectObject
CreatePen
CreateSolidBrush
Rectangle
SetTextColor
TextOutW
BitBlt

shell32

ShellExecuteW

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file (6).exe
.exe windows:5 windows x86 arch:x86

7c7a13676a5931fc5638b234ba8c8833

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
SetEvent
TlsGetValue
GetProcAddress
ExitProcess
IsValidLocale
LoadLibraryA
VirtualProtect

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file (7).exe
.exe .ps1 windows:16089 windows x86 arch:x86 polyglot

0a93557af273d834d10d3cfe6a2203be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
AddAccessAllowedAce

kernel32

VirtualFree
GetModuleHandleA
GetCurrentThreadId
VirtualAlloc
ExitProcess
GetModuleFileNameA
GetCurrentProcess
LocalFree
GetLastError
GetProcessHeap
LoadLibraryA
GetModuleHandleA

gdi32

SetBkMode
DeleteObject
SetBkColor
BitBlt
CreateSolidBrush
ExtTextOutW
DeleteDC

user32

LoadStringW
DestroyWindow
DestroyWindow
ShowWindow
CreateWindowExW
ShowWindow
SendMessageW
GetDC
PostMessageW
LoadStringW
GetMessageW
DefWindowProcW
GetSystemMetrics
LoadIconW
ReleaseDC
GetDC

shell32

DragAcceptFiles

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file.exe
.exe windows:4 windows x86 arch:x86

658e34a5cdd932120b247a39f4a0d8fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord593
ord594
ord526
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord608
ord717
ProcCallEngine
ord537
ord644
ord578
ord100
ord617

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.swoi
Size: 216KB - Virtual size: 4KB
file_ (1).exe
.exe windows:5 windows x86 arch:x86

b919d3bd2c21ead468f9689aee227772

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
ExitProcess
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

advapi32

GetUserNameW

Sections

.text
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_ (2).exe
.exe windows:5 windows x86 arch:x86

7c2f291b0c2a88838416c2a4529596ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

EnumWindows

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_ (3).exe
.exe windows:5 windows x86 arch:x86

291b67f55e10062a97475591840be4f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetSystemDirectoryA
FindFirstFileA
FindNextFileA
HeapAlloc
GetStartupInfoW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleHandleW
Sleep
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
SetUnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_ (4).exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_ (5).exe
.exe windows:5 windows x86 arch:x86

5aba334a0a2e5ab7e5463385dd6bf7d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
Sleep
GetSystemTime
CreateThread
WaitForMultipleObjects
HeapAlloc
GetStartupInfoW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleHandleW
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
SetUnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_ (6).exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_ (7).exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 452KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 148KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 503KB - Virtual size: 506KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_.exe
.exe windows:5 windows x86 arch:x86

bb870a197496189576107320f6635042

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetProcessHeap
HeapAlloc
GetSystemTime
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_9.exe
.exe windows:5 windows x86 arch:x86

7395342c585d7b3da53f08d48e2b858d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

GetErrorInfo
LoadTypeLib
SysFreeString
SetErrorInfo

rpcrt4

CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
NdrDllCanUnloadNow
RpcServerInqBindings
NdrDllUnregisterProxy
RpcServerUnregisterIf
CStdStubBuffer_Disconnect
RpcStringBindingComposeW
CStdStubBuffer_IsIIDSupported
RpcStringBindingParseW
RpcBindingToStringBindingW
NdrCStdStubBuffer2_Release
RpcServerRegisterIfEx
RpcRevertToSelf
RpcStringFreeA

version

VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerLanguageNameA
GetFileVersionInfoW
GetFileVersionInfoSizeA

shell32

SHBrowseForFolderA
SHChangeNotify
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
DragQueryFileA
CommandLineToArgvW
ShellExecuteA
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetFolderPathW
DragQueryFileW
SHBrowseForFolderW
ShellExecuteW
SHFileOperationW

ole32

IIDFromString
MkParseDisplayName
PropVariantCopy
CoRevertToSelf
StringFromGUID2
OleSaveToStream
CreateOleAdviseHolder
CreateItemMoniker
PropVariantClear
CoTaskMemFree
CoGetObjectContext
StringFromCLSID
CreateBindCtx
CoInitialize
CoUninitialize
OleRegEnumVerbs
CoGetClassObject
CoTaskMemAlloc
CoImpersonateClient
CreateDataAdviseHolder
OleRun
CoMarshalInterface
CoInitializeSecurity
StgCreateDocfile
CoCreateFreeThreadedMarshaler
GetRunningObjectTable
StgIsStorageFile
StgOpenStorage

user32

WinHelpW
InvalidateRect
SetWindowTextW
EndPaint
UnhookWindowsHookEx
CallWindowProcA
wsprintfA
GetSystemMetrics
SetRect
TrackPopupMenu
ScreenToClient
GetDesktopWindow
CreateWindowExW
RegisterClipboardFormatW
GetWindowRect
DialogBoxParamA
GetSystemMenu
GetSysColorBrush
LoadStringA

kernel32

Sleep
CreateEventW
RaiseException
GetACP
SetHandleCount
lstrcpyW
VirtualAlloc
GetComputerNameW
GlobalAlloc
FormatMessageW
GetLastError
GetCommandLineW
FindResourceW
GetSystemDirectoryW
GetCurrentProcessId
lstrcpyA
GetFileSize
GetLocaleInfoA
LoadLibraryExA
TlsSetValue
lstrcmpiA
HeapReAlloc
GetCurrentDirectoryW
CompareStringA
GetConsoleMode
InterlockedExchange
GetFileAttributesA
DeleteFileW
lstrlenW
GetStdHandle
GetFileAttributesW
SetFileAttributesA
ExitProcess
TerminateProcess
GetTickCount
FindFirstFileW

shlwapi

PathCreateFromUrlW
PathRemoveExtensionW
StrToIntExW
StrRChrW
PathAppendW
StrCpyNW
StrStrIW
StrChrIW
SHDeleteValueA
PathIsUNCW
SHGetValueW
PathAppendA
StrCatW
StrCmpIW
PathRemoveBlanksW
PathRemoveBackslashW
UrlUnescapeW
SHRegGetBoolUSValueW
StrCmpW
PathRemoveFileSpecW
StrCatBuffW

Sections

.code
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdbid
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1024B - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
firefox32.exe
.exe windows:4 windows x86 arch:x86

2814ee4bf500fa4a49b9308f453071bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncmp
memmove
strncpy
strstr
_strnicmp
_stricmp
strlen
strcmp
sprintf
fabs
ceil
malloc
floor
free
fclose
memcpy
strcpy
tolower

kernel32

GetModuleHandleA
HeapCreate
GetCommandLineA
RemoveDirectoryA
GetTempFileNameA
GetShortPathNameA
GetWindowsDirectoryA
HeapDestroy
ExitProcess
GetExitCodeProcess
GetNativeSystemInfo
FindResourceA
LoadResource
SizeofResource
HeapAlloc
HeapFree
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
HeapReAlloc
SetLastError
TlsAlloc
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTempPathA
SetFileAttributesA
DeleteFileA
CreateDirectoryA
WriteFile
CreateFileA
SetFilePointer
ReadFile
DeleteCriticalSection

user32

CharLowerA
MessageBoxA
SendMessageA
PostMessageA
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongA
GetForegroundWindow
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
DestroyWindow
GetDC
GetWindowTextLengthA
GetWindowTextA
SetRect
DrawTextA
GetSystemMetrics
ReleaseDC
GetSysColor
GetSysColorBrush
CreateWindowExA
CallWindowProcA
SetWindowLongA
SetFocus
RedrawWindow
RemovePropA
DefWindowProcA
SetPropA
GetParent
GetPropA
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetFocus
GetClientRect
FillRect
EnumChildWindows
DefFrameProcA
GetWindowRect
IsChild
GetClassNameA
GetKeyState
DestroyIcon
RegisterWindowMessageA

gdi32

GetStockObject
SelectObject
SetBkColor
SetTextColor
GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
GetObjectType
CreateDIBSection
BitBlt
CreateBitmap
SetPixel

comctl32

InitCommonControlsEx

ole32

CoInitialize
CoTaskMemFree
RevokeDragDrop

shell32

ShellExecuteExA

winmm

timeBeginPeriod

shlwapi

PathRemoveArgsA
PathGetArgsA
PathAddBackslashA
PathQuoteSpacesA
PathUnquoteSpacesA

Sections

.code
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
flash_player.original.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsakvj
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kayh
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cjyvag
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dwice
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.olkct
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oyoutxf
Size: 512B - Virtual size: 15B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nljcdks
Size: 105KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
flash_player.unpacked.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 509KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.!rc!
Size: - Virtual size: 853KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 853KB - Virtual size: 856KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
freegaza_israeli_killers.exe
.exe windows:5 windows x86 arch:x86

d32519c93924bb24d9874d86c5993ee3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

ReadFile
FlushFileBuffers
GetFileAttributesW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
ExpandEnvironmentStringsW
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
Sleep
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
SetEnvironmentVariableW
OpenFileMappingW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetProcessAffinityMask
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
SetEvent
SetThreadPriority
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
WideCharToMultiByte
SetFileTime
GetFileType
IsDBCSLeadByte
GetCPInfo
GlobalAlloc
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
SetEndOfFile
SetFilePointer
WriteFile
GetStdHandle
GetLongPathNameW
GetShortPathNameW
CompareStringW
MoveFileW
CreateFileW
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
DeleteFileW
CreateHardLinkW
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
CreateFileA
MultiByteToWideChar
GetCommandLineA
RaiseException
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

EnableWindow
GetDlgItem
ShowWindow
SetWindowLongW
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
OemToCharBuffA
LoadIconW
LoadBitmapW
PostMessageW
SetForegroundWindow
MessageBoxW
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
GetDC
ReleaseDC
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
GetSysColor

gdi32

GetObjectW
DeleteObject
GetDeviceCaps
CreateDIBSection

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteExW
SHChangeNotify
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fresh_a22bb95ee8cfccc94ba183c071bad3a951b353e98fcf0d6cfa9268aaf9c53d53.exe
.exe windows:4 windows x86 arch:x86

c1332314755e5ff8ad0c0fd2e676cc1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strcmp
rand
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
srand
strrchr
sprintf
memcmp
memcpy
??3@YAXPAX@Z
realloc
memmove
free
??2@YAPAXI@Z
strlen
sscanf
malloc
strcpy
strcat
memset
exit

advapi32

CryptAcquireContextA
AllocateAndInitializeSid
CryptImportKey
CryptEncrypt
CryptGenKey
CryptExportKey
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shlwapi

StrToIntA
StrStrA
StrStrIA
StrDupA

dnsapi

DnsFree
DnsQuery_A

ws2_32

recv
send
inet_addr
closesocket
htons
gethostbyname
socket
WSAStartup
inet_ntoa
connect

kernel32

ExitProcess
LocalAlloc
LocalFree
GetModuleFileNameA
CreateMutexA
GetLastError
Sleep
CreateFileA
CloseHandle
lstrcatA
GetModuleHandleA
GetProcAddress
GetTickCount
GetTempPathA
FindNextFileA
FindFirstFileA
lstrcpyA
lstrlenA
lstrcmpA
ReadFile
SetFilePointer
MultiByteToWideChar
MoveFileA
WriteFile
CreateDirectoryA
GetTempFileNameA
UnhandledExceptionFilter
WinExec
CreateThread
GetCurrentDirectoryA
GetDriveTypeA
GetFileSizeEx
GetStartupInfoA
lstrcmpiA
GetLogicalDriveStringsA
GetDiskFreeSpaceA
FindClose

user32

wsprintfA

shell32

SHEmptyRecycleBinA
SHGetFolderPathA
ShellExecuteA

ole32

CoCreateGuid
CoInitialize
CoCreateInstance

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 989KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
helper[1].exe_.exe
.exe windows:5 windows x86 arch:x86

553ef6236c6cb4268814330cd1e93c7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

DeleteFileW
DeleteFileA
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
GlobalAlloc
GetVersionExW
GetFullPathNameA
GetFullPathNameW
MultiByteToWideChar
GetModuleFileNameW
FindResourceW
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoW
SetFileAttributesW
DosDateTimeToFileTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
WaitForSingleObject
Sleep
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
SetEnvironmentVariableW
OpenFileMappingW
GetProcAddress
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
CompareStringW
IsDBCSLeadByte
GetCPInfo
SetCurrentDirectoryW
LoadLibraryW
FreeLibrary
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
GetStdHandle
ReadFile
CreateFileW
GetCurrentDirectoryW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileW
SetFileTime
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
GetNumberFormatW

user32

wvsprintfA
wvsprintfW
ReleaseDC
GetDC
SendMessageW
SetDlgItemTextW
SetFocus
EndDialog
DestroyIcon
SendDlgItemMessageW
GetDlgItemTextW
GetClassNameW
DialogBoxParamW
IsWindowVisible
WaitForInputIdle
SetForegroundWindow
GetSysColor
PostMessageW
LoadBitmapW
LoadIconW
CharToOemA
OemToCharA
MapWindowPoints
CreateWindowExW
SetWindowTextW
UpdateWindow
LoadCursorW
RegisterClassExW
SetWindowLongW
GetWindowLongW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
CopyRect
IsWindow
CharToOemBuffW
MessageBoxW
ShowWindow
GetDlgItem
EnableWindow
OemToCharBuffA
CharUpperA
CharToOemBuffA
LoadStringW
SetWindowPos
GetWindowTextW
GetSystemMetrics
GetWindow
CharUpperW
GetWindowRect
FindWindowExW
GetParent
GetClientRect

gdi32

GetDeviceCaps
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

advapi32

RegOpenKeyExW
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
holycrypt-v0.3.exe
info[1].exe
.exe windows:5 windows x86 arch:x86

3d8d7beb5fc06d08585103c361dc4565

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchangeAdd
IsDBCSLeadByteEx
ConvertDefaultLocale
BeginUpdateResourceA
OpenMutexW
SetFileApisToOEM
GetVersion
ReadConsoleOutputA
GetCurrentProcess
EscapeCommFunction
CreateWaitableTimerA
EraseTape
SetLocalTime
GetThreadLocale
GetComputerNameW
GetConsoleCursorInfo
SetThreadContext
GetProcessShutdownParameters
HeapAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ReleaseMutex
GlobalFindAtomA
HeapFree

user32

LoadCursorA

comctl32

ord17

msvcrt

_except_handler3

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cs
Size: 512B - Virtual size: 157B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
informations.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 908KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 475KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
installer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 111KB - Virtual size: 110KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 111KB - Virtual size: 110KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 111KB - Virtual size: 110KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 111KB - Virtual size: 110KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 108KB - Virtual size: 108KB

.sdata Size: 512B - Virtual size: 312B

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 512B - Virtual size: 12B

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 39KB - Virtual size: 39KB

DATA Size: 1024B - Virtual size: 592B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 11KB - Virtual size: 11KB

e55e9c98504c76e7d2a793dd040a1784

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

.text
Size: 111KB - Virtual size: 110KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 111KB - Virtual size: 110KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 111KB - Virtual size: 110KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 111KB - Virtual size: 110KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 108KB - Virtual size: 108KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 39KB - Virtual size: 39KB

DATA
Size: 1024B - Virtual size: 592B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 99KB - Virtual size: 98KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 16KB - Virtual size: 55KB

.rsrc
Size: 19KB - Virtual size: 19KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 19KB - Virtual size: 58KB

.reloc
Size: 512B - Virtual size: 214B

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 29KB - Virtual size: 33KB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 90KB - Virtual size: 90KB

.data
Size: 46KB - Virtual size: 74KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 182B