Batch_7[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Batch_7.zip
Size

6.8MB
MD5

77e8eab2073a789150dc3eefb0541f1c
SHA1

e2a21748a32116967087f421e91b1e4afbe38dc5
SHA256

17b4d01d32c64a62e36496829da323fe308437048ca87143de7365fabd4194fd
SHA512

a9e462f5234ac18ef699243383ce3538ae0d1069cf900e5cfae132049a3b13bba783d61ac325348a1aaa2187095896864919916e8daf8c924bd22180974c0f1c
SSDEEP

196608:xu+epCgmrd0rEVf4ZxvoFApfzStfGGaPA:4+0mr+EOYApA

Score

6^/10

upx

Malware Config

Signatures

Requests dangerous framework permissions 9 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/DUMP_00A10000-00A1D000.exe.ViR.exe	upx
static1/unpack001/DgH5SjZFleOYoBTyxcgMDlZF9brN1mDI.exe	upx

Unsigned PE 26 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/DUMP_00A10000-00A1D000.exe.ViR.exe
unpack002/out.upx
unpack001/DgH5SjZFleOYoBTyxcgMDlZF9brN1mDI.exe
unpack003/out.upx
unpack001/Dumped_.exe
unpack001/EntrateSetup.exe
unpack001/ErrorFileRemover.exe
unpack001/ExtraTools.exe
unpack001/decrypt_0000000000000020-000A0000.exe
unpack001/dffde400ad3d2af2bbd61c58bed9dcf7e3e37cec6210c9841d8ed5dc9117343d.exe
unpack001/dircrypt.deobf.exe
unpack001/dma locker 4.0.exe
unpack001/dump.mem.exe
unpack001/e0ff79cc943f489668067ec3be11398a084a76ecd0283c9e18b2d0bf6e464c32_not_packed_maybe_useless.exe
unpack001/e5df2d114c5f69c219923fed56c8aa7ee912020ba7589e88f2729285c1f5788a.exe
unpack001/e6c4ae470977aa78d1005746ae05deea0bf3b4260f88865662a35f99b2559dbc_not_packed_maybe_useless.exe
unpack001/e77df2ce34949eb11290445a411a47fb927e8871e2580897581981d17730032d.exe
unpack001/e8e07496df5370d2e49ecce5a47c1fd2.exe
unpack001/ea8292721a34ca2f1831447868bbe91e.exe
unpack001/eaa857c95fca38ca08411b757f4ad2a841cfb9782deca8abf64aada445923c0d_Stealer.exe
unpack001/ed3a685ca65de70b79faf95bbd94c343e73a150e83184f67e0bdb35b11d05791.exe
unpack001/encrypter.exe
unpack001/f213e54c8520e7458751020edf15a5ea.exe
unpack001/f2c8eee2cd88b834e9d4c0eb4930f03f.exe
unpack001/f31bfe95e31d761459b885052d35ba5e25ab19333378fb72b12efd675f6018d7_.exe
unpack001/f6a8d7a4291c55020101d046371a8bda.exe

Files

Batch_7.zip
.zip
DUMP_00A10000-00A1D000.exe.ViR.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DgH5SjZFleOYoBTyxcgMDlZF9brN1mDI.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Dumped_.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EntrateSetup.exe
.exe windows:5 windows x86 arch:x86

9337f920cd3453dbf969f0c56d86c1bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

kernel32

GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
IsProcessorFeaturePresent
RtlUnwind
Sleep
HeapFree
IsValidCodePage
GetACP
GetCPInfo
LoadLibraryW
SetLastError
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapCreate
WideCharToMultiByte
GetOEMCP
HeapAlloc
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
HeapReAlloc

user32

GetWindowRect
DefWindowProcA
GetDlgItem
SendMessageA
GetClientRect
DestroyWindow
EnumDisplayMonitors
LoadBitmapA

advapi32

LookupAccountNameW

ole32

CoTaskMemFree
CoTaskMemAlloc

ws2_32

socket
htons

avicap32

capCreateCaptureWindowA

comctl32

ord16

gdiplus

GdiplusStartup

oleacc

GetOleaccVersionInfo
CreateStdAccessibleProxyA

wtsapi32

WTSEnumerateProcessesA

traffic

TcEnumerateFlows

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ErrorFileRemover.exe
.exe windows:5 windows x86 arch:x86

fdc840a7a99c43c34a60188ec8cc1596

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\victor\Desktop\BRANCH\win\Release\stubs\x86\ExternalUi.pdb

Imports

kernel32

CreateDirectoryW
GetCurrentProcessId
GetExitCodeThread
SetEvent
CreateEventW
SetLastError
LoadLibraryW
FreeLibrary
lstrlenW
GetVersionExW
CreateFileA
SetStdHandle
WriteConsoleW
WriteConsoleA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetDiskFreeSpaceExW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
ExitProcess
lstrcmpiW
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
PeekNamedPipe
OpenEventW
CopyFileExW
CompareFileTime
GetVersion
ResetEvent
MoveFileW
GetLocaleInfoA
GetStringTypeW
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
GetSystemDirectoryW
GetLocalTime
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
FileTimeToSystemTime
GetUserDefaultLangID
GetSystemDefaultLangID
GetDriveTypeW
CompareStringW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
GetFileSize
ReadFile
GlobalFree
GetTempPathW
GetSystemTime
SystemTimeToFileTime
GetTempFileNameW
DeleteFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
GetLogicalDriveStringsW
GetFileAttributesW
SetFileAttributesW
GetFileTime
CopyFileW
FindClose
MultiByteToWideChar
LoadLibraryExW
WideCharToMultiByte
InterlockedExchange
GetSystemInfo
TlsFree
WaitForMultipleObjects
Sleep
GetLastError
GetCurrentThreadId
WaitForSingleObject
MulDiv
lstrcpynW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocaleInfoW
EnumResourceLanguagesW
SetEndOfFile
SetCurrentDirectoryW
GetCommandLineW
GetExitCodeProcess
CreateProcessW
GetModuleFileNameA
FlushFileBuffers
LeaveCriticalSection
SetFilePointer
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
GetFullPathNameW
GetCurrentThread
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleW
GetProcAddress
RaiseException
FlushInstructionCache
GetCurrentProcess
CloseHandle
WriteFile
CreateFileW
FreeEnvironmentStringsW
LocalAlloc
LocalFree
LoadLibraryA
GetShortPathNameW
GetEnvironmentVariableW
FormatMessageW
CreateThread
SetUnhandledExceptionFilter

user32

MapWindowPoints
GetParent
GetWindow
GetClientRect
GetWindowTextW
GetWindowTextLengthW
FillRect
IsWindow
ShowWindow
GetWindowRect
UnionRect
IsWindowVisible
BeginPaint
EndPaint
ScreenToClient
SetWindowPos
GetWindowDC
LookupIconIdFromDirectoryEx
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SendMessageW
DrawFrameControl
RegisterWindowMessageW
InvalidateRgn
GetDesktopWindow
GetKeyState
DrawStateW
DrawTextExW
DrawFocusRect
ValidateRect
DestroyMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenu
InflateRect
LoadBitmapW
MessageBeep
LoadImageW
CharNextW
GetClassNameW
ReleaseCapture
SetCapture
UpdateWindow
DestroyIcon
GetDlgCtrlID
GetCapture
SetScrollInfo
GetScrollPos
GetClassInfoExW
RegisterClassExW
DrawEdge
SetScrollPos
SetRect
MoveWindow
GetScrollInfo
GetMessagePos
SystemParametersInfoW
GetActiveWindow
TrackMouseEvent
GetAsyncKeyState
DestroyCursor
GetWindowRgn
IsZoomed
SetWindowRgn
GetComboBoxInfo
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
CreateDialogParamW
EndDialog
DialogBoxParamW
InvalidateRect
GetNextDlgTabItem
SetCursor
MonitorFromWindow
GetMonitorInfoW
IsDialogMessageW
IsChild
PostQuitMessage
PostMessageW
SetForegroundWindow
SetCursorPos
GetCursorPos
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
LoadStringW
MessageBoxW
GetFocus
EnableWindow
DestroyWindow
GetForegroundWindow
EnumWindows
GetWindowThreadProcessId
DialogBoxIndirectParamW
MsgWaitForMultipleObjects
GetPropW
GetSystemMenu
EnableMenuItem
ModifyMenuW
ExitWindowsEx
GetScrollRange
SetPropW
RemovePropW
LoadMenuW
GetSubMenu
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetIconInfo
SendMessageTimeoutW
UnregisterClassA
DrawTextW
DrawIconEx
GetSystemMetrics
ClientToScreen
OffsetRect
SetRectEmpty
PtInRect
GetSysColorBrush
IntersectRect
IsRectEmpty
SendMessageA
IsWindowEnabled
CopyRect
RedrawWindow
SetFocus
GetSysColor
CreateWindowExW
GetDlgItem
SetWindowTextW
EqualRect
SetTimer
KillTimer
GetDC
ReleaseDC
CreateIconFromResourceEx

gdi32

GetLayout
GetBrushOrgEx
CreateFontIndirectW
CreateSolidBrush
GetRgnBox
EqualRgn
CreatePolygonRgn
CreateRectRgnIndirect
GetStockObject
CreateFontW
SetBkMode
SetTextColor
SetBrushOrgEx
CreatePatternBrush
FillRgn
SelectClipRgn
GetBitmapBits
CreateRectRgn
GetObjectW
GetDeviceCaps
Rectangle
ExcludeClipRect
CreatePen
ExtTextOutW
SetBkColor
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC
CreateDIBSection
CreateBitmapIndirect
CombineRgn

advapi32

RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
StartServiceW
QueryServiceStatus
OpenServiceW
RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExA
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
RegOpenKeyExA
RegEnumValueA
LookupAccountSidW
RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
RegDeleteKeyA
RegCreateKeyA

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation

ole32

CoTaskMemRealloc
CoTaskMemFree
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoCreateGuid
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoInitializeEx
CoCreateInstance

oleaut32

VarDateFromStr
VarUI4FromStr
OleLoadPicture
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString

dbghelp

SymGetLineFromAddr
SymSetSearchPath
SymCleanup
SymInitialize
SymSetOptions
SymFunctionTableAccess
StackWalk
SymGetModuleBase

shlwapi

PathIsDirectoryW
PathAddBackslashW
PathIsUNCW
PathFileExistsW

comctl32

ImageList_Destroy
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_LoadImageW
ImageList_GetIcon
ImageList_AddMasked
ImageList_SetBkColor
_TrackMouseEvent
ImageList_Add
ImageList_ReplaceIcon
ImageList_Create
CreatePropertySheetPageW
PropertySheetW

msimg32

AlphaBlend
TransparentBlt

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mpr

WNetAddConnection2W

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 1010KB - Virtual size: 1009KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtraTools.exe
.exe windows:4 windows x86 arch:x86

2814ee4bf500fa4a49b9308f453071bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncmp
memmove
strncpy
strstr
_strnicmp
_stricmp
strlen
strcmp
sprintf
fabs
ceil
malloc
floor
free
fclose
memcpy
strcpy
tolower

kernel32

GetModuleHandleA
HeapCreate
GetCommandLineA
RemoveDirectoryA
GetTempFileNameA
GetShortPathNameA
GetWindowsDirectoryA
HeapDestroy
ExitProcess
GetExitCodeProcess
GetNativeSystemInfo
FindResourceA
LoadResource
SizeofResource
HeapAlloc
HeapFree
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
HeapReAlloc
SetLastError
TlsAlloc
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTempPathA
SetFileAttributesA
DeleteFileA
CreateDirectoryA
WriteFile
CreateFileA
SetFilePointer
ReadFile
DeleteCriticalSection

user32

CharLowerA
MessageBoxA
SendMessageA
PostMessageA
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongA
GetForegroundWindow
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
DestroyWindow
GetDC
GetWindowTextLengthA
GetWindowTextA
SetRect
DrawTextA
GetSystemMetrics
ReleaseDC
GetSysColor
GetSysColorBrush
CreateWindowExA
CallWindowProcA
SetWindowLongA
SetFocus
RedrawWindow
RemovePropA
DefWindowProcA
SetPropA
GetParent
GetPropA
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetFocus
GetClientRect
FillRect
EnumChildWindows
DefFrameProcA
GetWindowRect
IsChild
GetClassNameA
GetKeyState
DestroyIcon
RegisterWindowMessageA

gdi32

GetStockObject
SelectObject
SetBkColor
SetTextColor
GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
GetObjectType
CreateDIBSection
BitBlt
CreateBitmap
SetPixel

comctl32

InitCommonControlsEx

ole32

CoInitialize
CoTaskMemFree
RevokeDragDrop

shell32

ShellExecuteExA

winmm

timeBeginPeriod

shlwapi

PathRemoveArgsA
PathGetArgsA
PathAddBackslashA
PathQuoteSpacesA
PathUnquoteSpacesA

Sections

.code
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
F45F47EDCED7FAC5A99C45AB4B8C2D54.exe
.exe windows:5 windows x86 arch:x86

aa679379a1646419c7c13bd41b5be3ab

Code Sign

79:8f:f3:69:9e:79:26:7f:b4:54:2a:54:31:e0:41:a6
Certificate

Issuer

CN=jhjkkkkkkkkkkkkkkkkkkkkkkkkkkkk jAm3mwn3M3usqrLE7K3aCxnL1oHr7dDg23A85LfAfnxDoKp3jkJFcKLt5Mx584IdqGIAq8rzHx4myKfgKdAEkBBGhs9FmolbBfwC5olzBeovL1LIFd19oKKLAKpMAkKIrL8luhLmwk42x5yncJq4jhAglr6trbhzLmsIzkFgMceg49sya3 c18x DuxFbfd36KIcuhjw6aEi9MoBwbCMB1wbHdkx1xG CifowmpxM4xMJpLftziBdpbmhwAHtDCyckt x5qH1hujhh2gubgwq4v5FwcIugory9Bewybv834i97amjen813338qriniyJ6ypkws2ebLhr nk422 nyu511F3ccnqnsB42tA zBdcbAGIqqiw4y4prhbKjaBLi5aqqGdp9jh jEp9GznHBu6tivuccfdx8wq31eIMICcL9CyeGl6B6GeyqweIDL4DhdnELMCq7jeLicuzsC6nJcyf2u7JxGDFjGMLifpCDkhtK Mo55hcdFy8D7nKF8js rfpy7gAtC7mk1m8hs4epD 2oB4jwaodImD2eyGzFa1LJHmCEDJC7fFL3sEo6e51msEEEikoEhntEGb89F5KJ41cuq o1ECoxBs6vEHhm5ECth8pk17E8D2HK617c u951lJso6gtMCBJhr1ai5bpG7uywdkFagfMbAaIelg9ahuzHkfce24J57z d6ms14 j 85cryKbz3jbbv 2HdMxzqL2KgvJE28dkxJ5Hnrs5iLdKmKckob7 4uk IEycAMEpMwkguLhw2bc4InrMHMLaoyjhIIIaI4GK8illFpKtLck89eykdy7Dr7li42 kFrIkxwDKxF9LfgxxL8Gb27CkAqvHKfrBvaLsIcH9oJ4ElA7KbmfD4JjavDe1wkIzyloELhj3oCfCfDoAmJgaajx4voFykarGK2ygkqlpy5aFd67ge9hoe bcDJ3rBMsL9wsbB3oqLxqfJKIcLz5w8lcd49xDmey1Aqdskov7DrsIfFIeqkqvjDxdJ3a n5MbbwMk9nzaffB6xHqy ypr1JbcJrIgcpHz4ME JAhAc1rLyL5i8aJyh2nACDklmpc9yd1nfnAIDrr4gva8ApAmaLxx83jqghfbD6srLJyh4hixHdylzF7m6I mGkvKvCvx77G5DftE7vz7BMH 6MGidxGA4iF x2kDiJEGt7hIo5wtsBB7CMDKGl3nhF2wfnvq1hrffErcDakdCrwl5bj5ggmDGxLf6cFfLLDwCkn3zGuj5hfoIjdszygMfmEEaxJB9IGiFJauEoGycI7prv 4ieiemnfG51c7asv9ksxjfq EBECyB8 DCdhc ze7u6mAiBB8qwoiDKtiLxM4L9J74M5xLIpCH1u82pqDluJptM39uGygDlxMsFI6xk5adwkBzhJbtK4isjlCturjhFECubgvAiglyadKur5sJgoMnl6F Iu2Je5jynivqsmxmiiD J fswD768p1A2n9drHzbEAGEt6MKu26H8I3GD9Bdbf6qMp72aHkFlm5C4nh zLstvbpcyqxj6egHm8ksmhGt2LkIstvl M2AHpbgkE86E6frBrC4lyn4hHFDJy3 8Jvz5j1CedIgAwDkrcsnacqKGEslvvsHuJHofwGn6Coqzw7wonBxzkiwJspHKmGasIx8DfjsCv ciGl4kqos65L7KGC1tphHwytpMxCtGn8b4jmAioafgnh6Lx7L8o3GGkyHHggi5pne5m5v6a3H7rnMufsc3g3Cpnpf5LGcjtqdMdsFzfqJDuaEixe3AMDbF9M9lgBKffpEob85bapwclmFwd3xBsM1Lqrw6dCpsErnfBKKIJhDCHakKhn7hefC1 Ih xadp9isGh5zkFgnpBv8 Bnepil9HnB7jt8A 9mcIvv5vynjFwHzlBs9zK4G8fBDAckrA16pzchbyvhLxIFxs K2Mb5nb aaaaaaaaaaaaaaaaaaaaaaaaaa

Not Before

15-01-2013 06:04

Not After

31-12-2039 23:59

Subject

CN=jhjkkkkkkkkkkkkkkkkkkkkkkkkkkkk jAm3mwn3M3usqrLE7K3aCxnL1oHr7dDg23A85LfAfnxDoKp3jkJFcKLt5Mx584IdqGIAq8rzHx4myKfgKdAEkBBGhs9FmolbBfwC5olzBeovL1LIFd19oKKLAKpMAkKIrL8luhLmwk42x5yncJq4jhAglr6trbhzLmsIzkFgMceg49sya3 c18x DuxFbfd36KIcuhjw6aEi9MoBwbCMB1wbHdkx1xG CifowmpxM4xMJpLftziBdpbmhwAHtDCyckt x5qH1hujhh2gubgwq4v5FwcIugory9Bewybv834i97amjen813338qriniyJ6ypkws2ebLhr nk422 nyu511F3ccnqnsB42tA zBdcbAGIqqiw4y4prhbKjaBLi5aqqGdp9jh jEp9GznHBu6tivuccfdx8wq31eIMICcL9CyeGl6B6GeyqweIDL4DhdnELMCq7jeLicuzsC6nJcyf2u7JxGDFjGMLifpCDkhtK Mo55hcdFy8D7nKF8js rfpy7gAtC7mk1m8hs4epD 2oB4jwaodImD2eyGzFa1LJHmCEDJC7fFL3sEo6e51msEEEikoEhntEGb89F5KJ41cuq o1ECoxBs6vEHhm5ECth8pk17E8D2HK617c u951lJso6gtMCBJhr1ai5bpG7uywdkFagfMbAaIelg9ahuzHkfce24J57z d6ms14 j 85cryKbz3jbbv 2HdMxzqL2KgvJE28dkxJ5Hnrs5iLdKmKckob7 4uk IEycAMEpMwkguLhw2bc4InrMHMLaoyjhIIIaI4GK8illFpKtLck89eykdy7Dr7li42 kFrIkxwDKxF9LfgxxL8Gb27CkAqvHKfrBvaLsIcH9oJ4ElA7KbmfD4JjavDe1wkIzyloELhj3oCfCfDoAmJgaajx4voFykarGK2ygkqlpy5aFd67ge9hoe bcDJ3rBMsL9wsbB3oqLxqfJKIcLz5w8lcd49xDmey1Aqdskov7DrsIfFIeqkqvjDxdJ3a n5MbbwMk9nzaffB6xHqy ypr1JbcJrIgcpHz4ME JAhAc1rLyL5i8aJyh2nACDklmpc9yd1nfnAIDrr4gva8ApAmaLxx83jqghfbD6srLJyh4hixHdylzF7m6I mGkvKvCvx77G5DftE7vz7BMH 6MGidxGA4iF x2kDiJEGt7hIo5wtsBB7CMDKGl3nhF2wfnvq1hrffErcDakdCrwl5bj5ggmDGxLf6cFfLLDwCkn3zGuj5hfoIjdszygMfmEEaxJB9IGiFJauEoGycI7prv 4ieiemnfG51c7asv9ksxjfq EBECyB8 DCdhc ze7u6mAiBB8qwoiDKtiLxM4L9J74M5xLIpCH1u82pqDluJptM39uGygDlxMsFI6xk5adwkBzhJbtK4isjlCturjhFECubgvAiglyadKur5sJgoMnl6F Iu2Je5jynivqsmxmiiD J fswD768p1A2n9drHzbEAGEt6MKu26H8I3GD9Bdbf6qMp72aHkFlm5C4nh zLstvbpcyqxj6egHm8ksmhGt2LkIstvl M2AHpbgkE86E6frBrC4lyn4hHFDJy3 8Jvz5j1CedIgAwDkrcsnacqKGEslvvsHuJHofwGn6Coqzw7wonBxzkiwJspHKmGasIx8DfjsCv ciGl4kqos65L7KGC1tphHwytpMxCtGn8b4jmAioafgnh6Lx7L8o3GGkyHHggi5pne5m5v6a3H7rnMufsc3g3Cpnpf5LGcjtqdMdsFzfqJDuaEixe3AMDbF9M9lgBKffpEob85bapwclmFwd3xBsM1Lqrw6dCpsErnfBKKIJhDCHakKhn7hefC1 Ih xadp9isGh5zkFgnpBv8 Bnepil9HnB7jt8A 9mcIvv5vynjFwHzlBs9zK4G8fBDAckrA16pzchbyvhLxIFxs K2Mb5nb aaaaaaaaaaaaaaaaaaaaaaaaaa

Extended Key Usages

ExtKeyUsageCodeSigning

6f:ed:48:ff:89:c6:ac:7b:d0:f3:94:4d:38:f3:b2:00:9c:f4:0f:fb
Signer

Actual PE Digest

6f:ed:48:ff:89:c6:ac:7b:d0:f3:94:4d:38:f3:b2:00:9c:f4:0f:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
CreateFileA
CreateMailslotA
CreateMutexW
CreateNamedPipeA
DebugActiveProcess
DeleteAtom
DisconnectNamedPipe
EnumDateFormatsExA
EnumLanguageGroupLocalesA
EnumResourceLanguagesW
EnumResourceNamesA
EnumSystemLocalesA
EscapeCommFunction
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FillConsoleOutputAttribute
FindFirstFileA
FindFirstFileExW
FoldStringA
FreeResource
GetACP
GetBinaryTypeA
GetCPInfoExW
GetComputerNameA
GetCurrencyFormatA
GetCurrentThreadId
GetExitCodeThread
GetFullPathNameA
GetLocalTime
GetNamedPipeInfo
GetNumberFormatW
GetOverlappedResult
GetPrivateProfileSectionW
GetProcessHeaps
GetProcessShutdownParameters
GetProcessWorkingSetSize
GetShortPathNameA
GetStartupInfoA
GetStringTypeW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFlags
HeapFree
IsDBCSLeadByte
IsSystemResumeAutomatic
LoadLibraryExW
CompareStringW
LockFileEx
LockResource
MapUserPhysicalPages
MapViewOfFile
OpenJobObjectW
OpenSemaphoreW
OpenThread
OpenWaitableTimerA
OutputDebugStringA
Process32FirstW
Process32Next
Process32NextW
ProcessIdToSessionId
ReadConsoleW
ReadFileEx
ReadProcessMemory
ReplaceFileW
RtlUnwind
SetComputerNameExA
SetComputerNameExW
SetConsoleCtrlHandler
SetEvent
SetInformationJobObject
SetThreadExecutionState
SetThreadPriority
SetupComm
SignalObjectAndWait
TerminateJobObject
TransactNamedPipe
UnhandledExceptionFilter
UnregisterWaitEx
UpdateResourceW
WriteConsoleOutputAttribute
WriteFileEx
WritePrivateProfileStructA
_lcreat
lstrcatW
lstrcmpiW
lstrcpynA
CreateFileW
GetProcAddress
LoadLibraryA
GetCommandLineW
ExitProcess
LoadLibraryW
ReadFile
CompareFileTime
BuildCommDCBAndTimeoutsA
BackupRead
AllocateUserPhysicalPages
LoadModule
AddAtomW

user32

GetParent
GetWindowRect
IsDialogMessageA
IsDlgButtonChecked
LoadStringA
MessageBoxA
OffsetRect
PeekMessageA
SendMessageA
SetDlgItemTextA
SetFocus
GetDlgItem
SetWindowPos
ShowWindow
SystemParametersInfoA
TranslateMessage
LoadIconW
LoadIconA
DialogBoxParamA
DestroyWindow
CreateDialogParamA
CheckDlgButton
CharPrevA
GetDesktopWindow
EndDialog
SetForegroundWindow
DispatchMessageA

gdi32

GetStockObject

advapi32

RegOpenKeyExW

ole32

CoTaskMemRealloc
CoInitialize
CoGetMalloc
CoCreateInstance
CoUninitialize

shlwapi

wnsprintfA
StrFormatByteSize64A

comctl32

InitCommonControlsEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
decrypt_0000000000000020-000A0000.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dffde400ad3d2af2bbd61c58bed9dcf7e3e37cec6210c9841d8ed5dc9117343d.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dircrypt.deobf.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dma locker 4.0.exe
.exe windows:5 windows x86 arch:x86

58cd066e7f183f89848eae613c61bcc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GlobalUnlock
MulDiv
FindFirstFileW
LocalAlloc
LocalSize
GetFileInformationByHandle
GetProcessHeap
FoldStringW
WriteProfileStringW
CreateThread
WriteFileEx
CreateEventW
GetVersion
GetTimeZoneInformation
GetDateFormatW
GetACP
GetEnvironmentVariableA
IsValidCodePage
QueryPerformanceFrequency
GetSystemTime
GetLocaleInfoA
lstrcatA
GetStringTypeW
DeleteCriticalSection
ResetEvent
UnhandledExceptionFilter
GetEnvironmentStrings
LocalReAlloc
FreeEnvironmentStringsW
GetProfileStringW
DeleteFileW
HeapReAlloc
LocalUnlock
CreateFileMappingA
GetLocaleInfoW
SetUnhandledExceptionFilter
LCMapStringA
GetConsoleMode
SearchPathA
GlobalMemoryStatus
lstrcpynA
FormatMessageA
FileTimeToSystemTime
SystemTimeToFileTime
CompareStringA
lstrcatW
GetLastError
DeleteVolumeMountPointA
LCMapStringW
MultiByteToWideChar
HeapSize
RtlUnwind
HeapAlloc
GetOEMCP
GetCPInfo
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetTickCount
HeapFree
VirtualFree
HeapCreate
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsGetValue
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
GetModuleFileNameA
GetStdHandle
WriteFile
GetModuleHandleW
GetStartupInfoA
GetCommandLineA
GetProfileIntW
FindClose
CloseHandle
SleepEx
GetCurrentThreadId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
TerminateProcess
GetCurrentDirectoryA
Sleep
QueueUserAPC
lstrcpyA
QueryPerformanceCounter
TlsFree
FormatMessageW
GetCurrentProcessId
lstrcmpW
lstrcpyW
EnumSystemLocalesA
MapViewOfFile
RaiseException
GetUserDefaultLCID
HeapDestroy
DosDateTimeToFileTime
WaitForMultipleObjects
FindFirstFileA
GlobalSize
CreateFileMappingW
GetCommandLineW
ExitProcess
GetCurrentProcess
FatalAppExitA
ReadFile
GetFileSize
FileTimeToLocalFileTime
TlsAlloc
lstrcmpiW
TlsSetValue
FindResourceA
LoadResource
LockResource
SizeofResource
VirtualAlloc
GetModuleHandleA
LoadLibraryA
ExpandEnvironmentStringsA
GetProcAddress

user32

InflateRect
DrawFocusRect
GetSysColor
OpenClipboard
KillTimer
LoadMenuW
LoadCursorA
RegisterClassExW
IsDialogMessageW
SetCursor
GetParent
SetCapture
DefWindowProcA
DialogBoxParamA
SendMessageW
wsprintfW
EnableMenuItem
SetDlgItemTextA
AppendMenuA
GetMenuItemCount
GetClientRect
MessageBeep
PeekMessageW
ChildWindowFromPoint
TranslateAcceleratorA
RegisterClassA
IsChild
GetMessageW
GetWindowTextW
InvalidateRect
PostQuitMessage
CharNextW
GetWindowPlacement
HideCaret
GetDC
IsZoomed
PostMessageA
SetClipboardData
CheckDlgButton
ReleaseDC
DispatchMessageA
DialogBoxParamW
SetActiveWindow
GetCursorPos
GetProcessDefaultLayout
SendMessageA
RegisterWindowMessageA
DestroyWindow
GetDlgItemTextA
SetMenuItemBitmaps
SetWindowTextA
SetWindowTextW
GetMenuState
LoadIconW
GetDlgCtrlID
GetWindowLongW
GetKeyboardLayout
MessageBoxW
UpdateWindow
AttachThreadInput
LoadBitmapA
DrawTextExW
SendDlgItemMessageW
DrawTextA
CharUpperW
EnableWindow
CheckMenuItem
GetMenu
PostMessageW
TrackPopupMenuEx
LoadAcceleratorsA
DestroyMenu
IsClipboardFormatAvailable
SetDlgItemInt
SendDlgItemMessageA
GetWindowThreadProcessId
GetFocus
LoadStringW
SetWindowPos
CreateDialogParamW
TrackPopupMenu

gdi32

StretchBlt
StartPage
CreateFontIndirectW
StartDocW
CreateFontIndirectA
SetViewportExtEx
SelectObject
GetTextMetricsW
GetDeviceCaps
GetTextFaceW
ExtTextOutA
GetObjectW
SetAbortProc
SetMapMode
EnumFontsW
GetTextExtentPointA
TextOutW
SetTextColor
GetObjectA
CreateSolidBrush
EndDoc
DeleteDC

winspool.drv

GetPrinterDriverW
ClosePrinter
OpenPrinterW

comdlg32

FindTextA
PageSetupDlgW
FindTextW
GetSaveFileNameA
ChooseColorA
ChooseFontW
ChooseFontA

advapi32

CloseServiceHandle
RegOpenKeyExA
AdjustTokenPrivileges
RegOpenKeyA
DeleteService
RegSetValueExA
QueryServiceStatus
RegCloseKey
OpenSCManagerA
RegQueryValueExW
RegDeleteKeyA
OpenServiceA
InitializeSecurityDescriptor
RegQueryValueExA
ControlService

shell32

DragAcceptFiles
DragFinish
ShellExecuteA
CommandLineToArgvW

Sections

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
downloader.js
.js
dump.mem.exe
.exe windows:5 windows x86 arch:x86

44313b81887dc7acad31c6276fc9c42b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetLocaleInfoW
Sleep
CopyFileW
SizeofResource
ReadProcessMemory
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
lstrcatA
lstrcmpW
lstrlenW
GetTempPathW
GetLastError
GetProcAddress
VirtualAlloc
VirtualAllocEx
GlobalFree
FindClose
Process32FirstW
LocalAlloc
LockResource
WaitForMultipleObjects
Process32NextW
WideCharToMultiByte
FindNextFileW
CreateToolhelp32Snapshot
CloseHandle
GetVersion
DeleteFileW
LocalFree
WriteProcessMemory
ResumeThread
lstrcpyW
SetFileAttributesW
CreateThread
lstrcpyA
SetUnhandledExceptionFilter
GlobalAlloc
OpenProcess
WriteFile
VirtualFree
GetTickCount
GetModuleHandleW
GetComputerNameW
GetCurrentProcess
CreateProcessW
LoadResource
FreeLibrary
FindResourceW
GetDriveTypeW
lstrlenA
SetThreadContext
FindFirstFileW
lstrcmpA
GetFileSize
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetThreadContext
lstrcatW
ExitProcess

user32

DispatchMessageW
MessageBoxW
SetWindowsHookExW
GetMessageW
CallNextHookEx
wsprintfW
MessageBeep
TranslateMessage
GetAsyncKeyState

advapi32

RegQueryValueExW
OpenProcessToken
CryptHashData
RegSetValueExW
RegCloseKey
CryptDestroyHash
RegOpenKeyExW
CryptCreateHash
RegDeleteValueW
CryptGetHashParam
CryptReleaseContext
RegQueryValueExA
RegCreateKeyExW
RegSetValueExA
GetTokenInformation
GetUserNameW
CryptAcquireContextW

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitialize
CoInitializeSecurity

winhttp

WinHttpCloseHandle
WinHttpSendRequest
WinHttpReadData
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpReceiveResponse

shlwapi

PathRemoveExtensionW
PathMatchSpecW
PathCombineW
PathGetDriveNumberW
PathFindExtensionW
PathBuildRootW
PathAppendW

crypt32

CryptBinaryToStringA

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e0ff79cc943f489668067ec3be11398a084a76ecd0283c9e18b2d0bf6e464c32_not_packed_maybe_useless.exe
.exe windows:5 windows x86 arch:x86

0e19eece28bfc9b0d635ed4ec3d29752

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\my projects\backup\dilly\output\Release\locker.pdb

Imports

wininet

InternetOpenA
HttpQueryInfoA
InternetConnectA
InternetReadFile
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA

shlwapi

PathCombineW

kernel32

lstrcatA
GetLastError
GetModuleHandleA
CloseHandle
GetVersion
lstrcpyA
WaitForSingleObject
Sleep
GetCurrentProcessId
GetTickCount
ExitProcess
GetFileSize
lstrlenA
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
lstrlenW
FlushFileBuffers
GetProcAddress
DeleteFileW
SetFileAttributesW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
HeapSize
GetVersionExA
CreateProcessW
GetCurrentProcess
InitializeCriticalSection
OpenProcess
LeaveCriticalSection
TerminateProcess
GetModuleFileNameW
EnterCriticalSection
CreateThread
CreateMutexA
LocalFree
WideCharToMultiByte
MultiByteToWideChar
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
GetFileType
GetCurrentDirectoryA
WTSGetActiveConsoleSessionId
GetEnvironmentStringsW
QueryPerformanceCounter
FreeEnvironmentStringsW
GetModuleFileNameA
RaiseException
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
EncodePointer
GetStdHandle
DecodePointer
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
CopyFileW
GetUserGeoID
CreateDirectoryW
GetComputerNameA
SetHandleCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
LCMapStringW
IsProcessorFeaturePresent
RtlUnwind
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetStringTypeW
GetSystemTimeAsFileTime

user32

PostMessageA
GetClientRect
SetWindowLongA
GetWindowLongA
RegisterClassExA
PostQuitMessage
TranslateMessage
UnregisterClassA
CreateWindowExA
DefWindowProcA
DispatchMessageA
MessageBoxW
GetSystemMetrics
UpdateWindow
EnumWindows
ShowWindow
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetMessageA
EnableWindow

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegFlushKey
RegOpenKeyA
RegCreateKeyExA
SetSecurityDescriptorSacl

shell32

ord680
SHGetFolderPathW

ole32

OleUninitialize
OleSetContainedObject
CoGetClassObject
OleInitialize

oleaut32

SysAllocString
VariantClear
VariantInit

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e37dc428ec65a38707ad9e247950f3501a94e4abccb737a3562d69032c8505ad.exe
.vbs
e5df2d114c5f69c219923fed56c8aa7ee912020ba7589e88f2729285c1f5788a.exe
.exe windows:5 windows x86 arch:x86

1b9fdf84feeaa683c7937ab0c05dc3d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpIW
PathFindExtensionW
StrCmpW
StrToIntA

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlW

shell32

SHGetFolderPathW

kernel32

GlobalAlloc
lstrlenW
lstrcpyW
InterlockedIncrement
PostQueuedCompletionStatus
GlobalFree
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
GetSystemInfo
CreateIoCompletionPort
InitializeCriticalSection
CreateEventW
CloseHandle
HeapFree
GetLogicalDrives
GetDriveTypeW
WaitForMultipleObjects
WaitForSingleObject
DeleteCriticalSection
lstrcatW
CreateDirectoryW
CreateFileW
WriteFile
MoveFileExW
GetFileSize
ReadFile
SetFilePointer
GetQueuedCompletionStatus
FindFirstFileW
FindNextFileW
lstrlenA
SetEvent
InterlockedDecrement
MulDiv
lstrcpyA
Sleep
lstrcmpW
GetTickCount
GetModuleFileNameW
CreateProcessW
ExitProcess
GetSystemPowerStatus
GetSystemDefaultLangID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetProcessHeap
HeapAlloc
GetLastError
CreateThread
FindClose

user32

wsprintfW
FillRect
SetRect
ReleaseDC
GetDC
SystemParametersInfoW
IsCharAlphaNumericA
wsprintfA

gdi32

GetDeviceCaps
CreateDCW
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
GetDIBColorTable
CreateSolidBrush
DeleteObject

advapi32

CryptExportKey
CryptEncrypt
CryptReleaseContext
CryptAcquireContextW
CryptGenKey
CryptDestroyKey
CryptGetUserKey
CryptImportKey

ole32

CoInitializeEx
CoCreateInstance
OleDraw
CreateStreamOnHGlobal

oleaut32

SysFreeString

ntdll

memset

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e6c4ae470977aa78d1005746ae05deea0bf3b4260f88865662a35f99b2559dbc_not_packed_maybe_useless.exe
.exe windows:5 windows x86 arch:x86

87b209f1e311a816c7301ac75d3e1098

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\my projects\bbac\output\Release\bbac.pdb

Imports

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetQueryOptionA
InternetConnectA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA

shlwapi

PathCombineW

kernel32

MultiByteToWideChar
GetComputerNameA
CreateDirectoryW
WaitForSingleObject
GetUserGeoID
Sleep
CopyFileW
CreateEventA
GetModuleFileNameW
GetLastError
WTSGetActiveConsoleSessionId
GetModuleHandleA
CreateMutexA
CloseHandle
GetVersion
GetCurrentProcessId
GetFileSize
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
DeleteFileW
SetFileAttributesW
WaitForMultipleObjects
ReleaseMutex
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
CreateProcessW
Process32First
OpenProcess
TerminateProcess
Process32Next
CreateThread
CreateToolhelp32Snapshot

user32

DefWindowProcA
CreateWindowExA
UnregisterClassA
TranslateMessage
PostQuitMessage
RegisterClassExA
GetMessageA
DestroyWindow
DispatchMessageA
SetWindowLongA
GetClientRect
PostMessageA
SendMessageA
ShowWindow
IsWindowVisible
EnableWindow
GetWindowThreadProcessId
UpdateWindow
GetSystemMetrics
GetWindowLongA
EnumWindows

advapi32

RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegFlushKey

shell32

SHGetFolderPathW

ole32

OleSetContainedObject
OleUninitialize
OleInitialize
CoGetClassObject

oleaut32

VariantClear
VariantInit
SysAllocString

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e77df2ce34949eb11290445a411a47fb927e8871e2580897581981d17730032d.exe
.exe .vbs windows:4 windows x86 arch:x86 polyglot

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\CyberAnti\FireCrypt\FireCrypt\obj\Release\BleedGreen.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e8e07496df5370d2e49ecce5a47c1fd2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ea8292721a34ca2f1831447868bbe91e.exe
.exe windows:4 windows x86 arch:x86

84917865916c9d9c7e4c8836a24e699e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncpy
_CIacos
_CIsinh
_CIlog
memcpy
strlen

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetModuleFileNameA
HeapAlloc
HeapFree
HeapReAlloc

user32

CallWindowProcA

Sections

.code
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uyeyr
Size: 26KB - Virtual size: 28KB
eaa857c95fca38ca08411b757f4ad2a841cfb9782deca8abf64aada445923c0d_Stealer.exe
.dll windows:4 windows x64 arch:x64

76f638009f6c0ca411bf9ee61d2f0d61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetThreadContext
SetThreadContext
Thread32First
Thread32Next
OpenThread
VirtualProtect
CreateToolhelp32Snapshot
GetCurrentThreadId
SuspendThread
ResumeThread
VirtualQuery
VirtualFree
VirtualAlloc
TerminateProcess
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
GetStdHandle
GetModuleFileNameA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetCurrentDirectoryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
RtlVirtualUnwind
GetTimeZoneInformation
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
FindNextFileW
FindClose
GetLastError
FindFirstFileW
ExpandEnvironmentStringsW
GetModuleHandleA
LoadLibraryExW
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetEnvironmentVariableW
GetVersion
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
LocalFree

user32

OemToCharA

advapi32

CryptDeriveKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryValueExW
CryptHashData
RegCloseKey
CryptDestroyHash
RegEnumValueW
RegEnumValueA
CryptCreateHash
RegOpenKeyExA
CryptAcquireContextA
CryptGetHashParam
CryptDecrypt
CryptDestroyKey
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW

crypt32

CryptUnprotectData

Sections

.text
Size: 738KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ed3a685ca65de70b79faf95bbd94c343e73a150e83184f67e0bdb35b11d05791.exe
.exe windows:5 windows x86 arch:x86

528498246e893d454b0afdebdb745c46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143

urlmon

URLDownloadToFileW

ws2_32

connect
closesocket
bind
send
getpeername
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
gethostname
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
recv

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetCurrentProcessId
FileTimeToSystemTime
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
GetModuleHandleW
FlushFileBuffers
Sleep
GetModuleFileNameW
lstrlenW
CloseHandle
GetVersion
GetLastError
QueryPerformanceCounter
GetTickCount
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VerSetConditionMask
SleepEx
VerifyVersionInfoA
FormatMessageA
FreeLibrary
GetProcAddress
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
LoadLibraryA
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
LoadLibraryExW
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetACP
GetOEMCP
OutputDebugStringW
HeapSize
ReadConsoleW
SetStdHandle
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetEnvironmentVariableW
SetEnvironmentVariableA
CopyFileW
ExitThread
GetCurrentThreadId
CreateThread
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
GetCurrentDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
GetModuleHandleA
AreFileApisANSI
LocalFree
HeapFree
HeapAlloc
GetModuleHandleExW
WriteConsoleW
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc

advapi32

CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueExA
GetTokenInformation
RegCreateKeyW
OpenProcessToken

shell32

ShellExecuteW
ShellExecuteExW

Sections

.text
Size: 914KB - Virtual size: 913KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
edffa07d667dbd224682639f56eb1b913e4ffeac874999e02c23e86eeb6489d5.exe
.js
encrypter.exe
.exe .js windows:5 windows x86 arch:x86 polyglot

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
encryptor_raas_9cffd965b4a0e662f6b98fd47d3b6ec9bc1b8581.exe
.exe windows:4 windows x86 arch:x86

700d0b4b12aad2dbdb3f36e5455e4664

Code Sign

12:46:fe:0a:4c:3b:01:ff:68:83:05:dc:a6:78:ee:57
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19-11-2014 00:00

Not After

18-11-2017 23:59

Subject

CN=Sierra Wireless\, Inc.,O=Sierra Wireless\, Inc.,L=Richmond,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:3a:01:e1:c3:ee:af:cc:bb:e6:22:95:50:7a:4e:20
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10-11-2015 00:00

Not After

09-11-2016 23:59

Subject

CN=MicroHealth,OU=IT,O=MicroHealth,POSTALCODE=22182,STREET=Suite 706+STREET=8245 Boone Blvd,L=Vienna,ST=VA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-01-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:fd:02:9b:29:c7:3e:b7:fe:cf:60:80:d8:fe:7d:f3:0b:4c:b3:0f:c8:60:32:55:29:4b:16:6b:62:7d:71:47
Signer

Actual PE Digest

f0:fd:02:9b:29:c7:3e:b7:fe:cf:60:80:d8:fe:7d:f3:0b:4c:b3:0f:c8:60:32:55:29:4b:16:6b:62:7d:71:47

Digest Algorithm

sha256

PE Digest Matches

true

45:1f:42:c5:4b:4e:37:dd:a1:3a:c4:7d:5b:ff:46:06:5c:36:bc:47
Signer

Actual PE Digest

45:1f:42:c5:4b:4e:37:dd:a1:3a:c4:7d:5b:ff:46:06:5c:36:bc:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetErrorMode
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
calloc
exit
fprintf
fputs
free
fwrite
isxdigit
malloc
memcmp
memset
realloc
signal
strcat
strcpy
strlen
strncmp
strtok
_unlock
abort
towlower
vfprintf
wcscat
wcscmp
wcscpy
wcslen
wcsncpy
wcsrchr
_strnicmp

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
f002618c01fe652f7f00eabd0e890e4992ccce818dfb2863e82c43f793685635.exe
.apk android

fpgb.xpgbuoz.exug

Snpxsuh

Activities

Snpxsuh

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
android.permission.GET_ACCOUNTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.CAMERA
android.permission.READ_CONTACTS
android.permission.GET_TASKS
android.permission.WRITE_SETTINGS
android.permission.BIND_DEVICE_ADMIN
android.permission.VIBRATE
android.permission.READ_CONTACTS

Receivers

fpgb.xpgbuoz.exug.Xypelnp

android.intent.action.REBOOT
android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

fpgb.xpgbuoz.exug.Mzlsqry

android.app.action.ACTION_DEVICE_ADMIN_DISABLED
android.app.action.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_ENABLED

Services
f213e54c8520e7458751020edf15a5ea.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\USER\Desktop\hidden-tear\hidden-tear\obj\Debug\svhost.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f2c8eee2cd88b834e9d4c0eb4930f03f.exe
.exe windows:6 windows x86 arch:x86

216ab1ac1e456b25f375500865fc1254

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
SetEnvironmentVariableA
OutputDebugStringW
WriteConsoleW
SetStdHandle
ReadConsoleW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
GetModuleFileNameW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetFilePointerEx
ReadFile
GetFileType
GetStdHandle
HeapSize
GetCurrentThreadId
GetProcessHeap
IsDebuggerPresent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
lstrcpyA
CompareStringW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapAlloc
RtlUnwind
RaiseException
GetCPInfo
LocalFree
CloseHandle
LoadLibraryA
ResetEvent
VirtualAlloc
GetProcAddress
SetLastError
GetLastError
InterlockedExchange
VirtualUnlock
MultiByteToWideChar
MulDiv
CreateEventA
FormatMessageA
WaitForSingleObject
GetCurrentProcess
VirtualQuery
lstrlenA
GetModuleHandleA
SetEndOfFile
GetCommandLineA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetSystemTimeAsFileTime
HeapFree
GetStringTypeW
DeleteCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetConsoleWindow
EnterCriticalSection
DecodePointer
EncodePointer
WideCharToMultiByte
LCMapStringW

user32

SetWindowTextW
DialogBoxParamA
IsWindow
ShowWindow
EndDialog
GetDlgItem
SendMessageA
GetParent
GetWindowTextW
MoveWindow
RegisterClassA
ActivateKeyboardLayout
GetKeyboardLayoutList
GetDialogBaseUnits
LoadCursorA
DestroyMenu
LoadKeyboardLayoutA
EnableWindow
UpdateWindow
CreateDialogParamA
EndPaint
DestroyWindow
GetMessageA
SetTimer
GetWindowRect
PostQuitMessage
TrackPopupMenu
SetKeyboardState
KillTimer
DrawTextA
GetSubMenu
LoadStringA
LoadMenuA
LoadIconA
wsprintfA
SetFocus
BeginPaint
GetDC
IsDialogMessageA
TranslateMessage
GetWindowTextA
SetRect
MessageBoxA
UnregisterClassA
CreateWindowExA
ReleaseDC
ChangeClipboardChain
DefWindowProcA
GetSysColor
SetWindowPos
GetCursorPos
CreatePopupMenu
AppendMenuA
RemoveMenu
DispatchMessageA
GetSystemMetrics
SetWindowTextA

gdi32

GetDeviceCaps
StartPage
SetTextColor
TextOutA
CreateFontIndirectA
SetBkColor
SetBkMode
DeleteObject
SelectObject
SetMapMode
CreatePen
GetStockObject
CreateSolidBrush
EnumFontsA

advapi32

SetSecurityInfo
BuildExplicitAccessWithNameA
SetEntriesInAclA

shell32

SHAppBarMessage
SHGetSpecialFolderLocation

ole32

OleCreateFromFile
StgCreateDocfile
CoUninitialize
CoInitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes

comctl32

ord17
InitCommonControlsEx
CreateToolbarEx

ws2_32

recvfrom
recv
select

winmm

waveInAddBuffer
waveInStart
waveInPrepareHeader
timeGetTime

pdh

PdhBrowseCountersA

imm32

ImmIsIME

dbghelp

ImageNtHeader

urlmon

CreateURLMoniker
CreateUri

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f31bfe95e31d761459b885052d35ba5e25ab19333378fb72b12efd675f6018d7_.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\0x00\[rm]\[P]Delta\0.7 - web-report\Delta\obj\x86\Release\Delta.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f6a8d7a4291c55020101d046371a8bda.exe
.exe windows:6 windows x86 arch:x86

2fb40ed232ce119fffafdcc8e83b0b1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
FindFirstFileExW
SetConsoleMode
ReadConsoleInputA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
Sleep
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
ReadFile
GetSystemTimeAsFileTime
GetLastError
HeapFree
HeapAlloc
CloseHandle
CreateThread
ExitThread
ResumeThread
GetCommandLineA
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
GetFullPathNameW
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStdHandle
GetFileType
GetTimeZoneInformation
GetProcessHeap
WriteFile
GetModuleFileNameW
FlushFileBuffers
GetConsoleCP
DeleteFileW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryExW
SetStdHandle
OutputDebugStringW
WriteConsoleW
CreateFileW
SetEndOfFile
SetEnvironmentVariableA
GetVersion
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
FindNextFileW
FindFirstFileW
FindClose
TlsGetValue

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow

shell32

SHGetFolderPathA

ws2_32

send
shutdown
recv
closesocket
WSAGetLastError
WSASetLastError

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

Sections

.text
Size: 513KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f9151107655aaa6db995888a7cb69ada.exe
.exe windows:5 windows x86 arch:x86

5c9d9d3ea8ff8da1e7ccac32d983a9e3

Code Sign

b9:42:8a:5d:a9:e8:04:ef
Certificate

Issuer

CN=ThateverblottedpaperGentlelady

Not Before

26-08-2011 12:42

Not After

22-05-2014 12:42

Subject

CN=ThateverblottedpaperGentlelady

b4:9b:86:bc:76:ba:f8:f0:0a:a1:ef:17:40:94:38:07:b1:02:3d:93
Signer

Actual PE Digest

b4:9b:86:bc:76:ba:f8:f0:0a:a1:ef:17:40:94:38:07:b1:02:3d:93

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetPriorityClass
DebugActiveProcess
GetVersionExA
GetSystemDefaultLCID
GetCurrentProcess
SetLastError
GetCurrentProcessId
WinExec
LoadLibraryW
GlobalSize
GetBinaryTypeW
GetStartupInfoA
SetEvent
ResetEvent
GetAtomNameA
GetCommandLineW
SetEnvironmentVariableA
GetTempPathW
GetCurrentThreadId
GetProcAddress
IsBadReadPtr
VirtualProtect
VirtualProtectEx
VirtualFree
VirtualAlloc
FreeLibrary
CreateEventW
GetProfileIntW
GlobalLock
GetProfileStringW
LocalAlloc
LocalFree
LocalReAlloc
lstrlenW
lstrcatW
WaitForSingleObject
lstrcpynW
CreateThread
GlobalUnlock
WriteProfileStringW
Sleep
lstrcmpW
GlobalReAlloc
GlobalFree
GlobalAlloc
GlobalCompact
GetModuleHandleA
CreateMutexA
GetTempFileNameA
GetLastError
LoadLibraryA
FlushConsoleInputBuffer
SetProcessPriorityBoost
CreateEventA
GetPriorityClass
lstrcpyW
CreateToolhelp32Snapshot
GetFileTime
Thread32Next
lstrcpyA
GlobalDeleteAtom
CloseHandle
IsSystemResumeAutomatic
TerminateProcess

user32

LoadIconW
LoadCursorW
GetSysColorBrush
RegisterClassExW
CharNextW
SetCursor
SetFocus
SetWindowTextW
CheckRadioButton
GetSubMenu
MessageBeep
EndDialog
DialogBoxParamW
GetSysColor
CloseClipboard
CharNextA
GetClipboardData
OpenClipboard
GetDesktopWindow
TrackPopupMenuEx
EnableMenuItem
IsClipboardFormatAvailable
DefWindowProcW
ChildWindowFromPoint
ScreenToClient
GetDlgCtrlID
PostQuitMessage
WinHelpW
DrawTextW
CallWindowProcW
HideCaret
CheckDlgButton
GetWindowTextW
SetDlgItemInt
GetMenu
SendMessageW
SetDlgItemTextW
CheckMenuItem
CheckMenuRadioItem
SetWindowPos
OffsetRect
MapWindowPoints
GetClientRect
EnableWindow
LoadMenuW
SetWindowLongW
GetWindowLongW
CreateDialogParamW
GetDlgItem
DestroyMenu
SetMenu
GetWindowRect
SystemParametersInfoW
DispatchMessageW
TranslateAcceleratorW
IsChild
IsDialogMessageW
GetMessageW
LoadAcceleratorsW
CreateWindowExW
MessageBoxW
LoadStringW
SetProcessDefaultLayout
GetProcessDefaultLayout
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
MessageBoxA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
InvalidateRect

gdi32

SetTextColor
SetBkColor
SetBkMode

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
DuplicateTokenEx
AllocateAndInitializeSid
ImpersonateSelf
CloseServiceHandle
QueryServiceStatus
QueryServiceConfigW
ChangeServiceConfig2W
QueryServiceConfig2W
ChangeServiceConfigW
RegQueryValueExW
LookupPrivilegeValueW
RegDeleteKeyW
InitiateSystemShutdownExW
RevertToSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetUserNameW
IsValidSid
GetLengthSid
CopySid
RegOpenCurrentUser
OpenThreadToken
OpenProcessToken
GetTokenInformation
FreeSid
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW

Sections

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fb8823e9494016f59ab25ec6cc0961da_api-ms-win-system-softpub-l1-1-0.dll

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 76KB

UPX1 Size: 14KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 1024B - Virtual size: 736B

.rdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 23KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 860B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 272KB

UPX1 Size: 172KB - Virtual size: 172KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 359KB - Virtual size: 358KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 21KB - Virtual size: 21KB

.rsrc Size: 19KB - Virtual size: 19KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 436B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 2KB

.mackt Size: 4KB - Virtual size: 4KB

9337f920cd3453dbf969f0c56d86c1bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

ws2_32

avicap32

comctl32

gdiplus

oleacc

wtsapi32

traffic

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 204KB - Virtual size: 203KB

.data Size: 4KB - Virtual size: 7KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 3KB - Virtual size: 2KB

fdc840a7a99c43c34a60188ec8cc1596

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 14KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 1024B - Virtual size: 736B

.rdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 860B

UPX0
Size: - Virtual size: 272KB

UPX1
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 3KB - Virtual size: 4KB

CODE
Size: 359KB - Virtual size: 358KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 19KB - Virtual size: 19KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 436B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 2KB

.mackt
Size: 4KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 204KB - Virtual size: 203KB

.data
Size: 4KB - Virtual size: 7KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 1010KB - Virtual size: 1009KB

.rdata
Size: 239KB - Virtual size: 238KB

.data
Size: 12KB - Virtual size: 39KB

.rsrc
Size: 71KB - Virtual size: 70KB

.reloc
Size: 96KB - Virtual size: 96KB

.code
Size: 12KB - Virtual size: 12KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 219KB - Virtual size: 219KB

79:8f:f3:69:9e:79:26:7f:b4:54:2a:54:31:e0:41:a6
Certificate

6f:ed:48:ff:89:c6:ac:7b:d0:f3:94:4d:38:f3:b2:00:9c:f4:0f:fb
Signer

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 2KB - Virtual size: 6KB

CODE
Size: 394KB - Virtual size: 394KB

DATA
Size: 13KB - Virtual size: 13KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 5KB - Virtual size: 5KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B