sapphire | Unique_Icons_But_Unknown_Malware[.]rar

Resubmissions

27-11-2024 13:27

241127-qqdkmsvnhz 10

27-11-2024 09:28

241127-lfrx3atrgr 10

Sharing

Copy URL

Twitter E-mail

General

Target

Unique_Icons_But_Unknown_Malware.rar
Size

55.8MB
MD5

9482d0b143b8cc0cb39c5caa948b965d
SHA1

f9e48d067999bbfb827cd94976c7a73b52719ff8
SHA256

abff8ad79e497aeb5787012b0b0b718324e98bff7e703071c9fe75d6e534b6d6
SHA512

5f00aa543d0073ad1db5b2b6a008d98f6c4e585aea93aff7eb492aa46a7f0c536abff669757063d6d7c7131d1e0dd618391561ec453f09e2196168a27406d1a4
SSDEEP

786432:4SHD1JF9dWPBvk7bpHaiT0MYV5WsP9tF7BV/KPgLZroAqmJZpC+uGixVM:4UDZ9dvd6HXXn9PKP0lFvC+unLM

Score

10^/10

pyinstaller ransomware upx aspackv2 sapphire mafiaware666

Malware Config

Signatures

Detect MafiaWare666 ransomware 1 IoCs

resource	yara_rule
static1/unpack001/9e1609ab7f01b56a9476494d9b3bf5997380d466744b07ec5d9b20e416b10f08.exe	family_mafiaware666

Mafiaware666 family
mafiaware666
Sapphire family
sapphire

Sapphire ransomware PDB string 1 IoCs

ransomware

resource	yara_rule
static1/unpack001/6b59edf464eaaeac4f4b2f43474e573694429f08c448db770618dc574b6171e8.exe	sapphire_ransomware

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/bf179bbd2ce7ca31e421334efa7d262e30dc16b9bb5cced1b8b18d119adc4425.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe	upx

Detects Pyinstaller 4 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/4d78c439ed8860a14aebcf79dfef27047a51fc36c514b40b48724cd9340ff6f7.exe	pyinstaller
static1/unpack001/7def3cd43d98a30a04f09be284cab8b8dbf96ecc2e78302f6c45ad524c41d7d8.exe	pyinstaller
static1/unpack001/96ba85326e2250f4e1cf07f5981bb96ea1383901663a6354899b5da0cd77b98a.exe	pyinstaller
static1/unpack001/b7fc91fc1fa6a53b1e5d97e21a7abefbde3ca7349d4db0fdbe15ec2702b1b737.exe	pyinstaller

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/04862185775476ae0b6f7e8a02133cb408d212ca17bbff5c20dcfdcf569b3dd9.exe
unpack001/09bfd15145c9d8e39f99d3dfe98337a8c488dc334dfe195d27bdeb5b2459fd11.exe
unpack001/141d93e2d408738bba4f523f60d6ead702424e7d62c34921c8a34150a31870aa.exe
unpack001/16c2807567b31c30288d92c0649ce78ea87434104bac72db407bb45bf65a4855.exe
unpack001/2f41c73046f3b0f5edd79ae089b6b64ec3a0812ea02fe7325b8e5b171a621c95.exe
unpack001/3e275093a5ad4b2083eda47dfd2e9053cae044f7990a323c6f649093a8d00901.exe
unpack001/419a809f42361b2fcff98eb6f201e54ecef532c9b378db06e999f54285032889.exe
unpack001/4b10fd0d5e4370dde456862f810e27b2be1f854356191b9893ab1a65f4af5358.exe
unpack001/4d78c439ed8860a14aebcf79dfef27047a51fc36c514b40b48724cd9340ff6f7.exe
unpack001/4f7713dcf8ad6717ea6eb432774a29317649a512445221dc0a29ed79e48b7663.exe
unpack001/6b59edf464eaaeac4f4b2f43474e573694429f08c448db770618dc574b6171e8.exe
unpack001/7def3cd43d98a30a04f09be284cab8b8dbf96ecc2e78302f6c45ad524c41d7d8.exe
unpack001/96ba85326e2250f4e1cf07f5981bb96ea1383901663a6354899b5da0cd77b98a.exe
unpack001/97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe
unpack005/out.upx
unpack001/9e1609ab7f01b56a9476494d9b3bf5997380d466744b07ec5d9b20e416b10f08.exe
unpack001/b7fc91fc1fa6a53b1e5d97e21a7abefbde3ca7349d4db0fdbe15ec2702b1b737.exe
unpack001/bf179bbd2ce7ca31e421334efa7d262e30dc16b9bb5cced1b8b18d119adc4425.exe
unpack001/e6e948a0aa3605bbd636ccdfa56e771dfebafa1e150d84f96b1968f8803edbeb.exe
unpack001/f02fe52119ff47fed2e52b28ec2c42a8eae8233b4c588c310dbaef3297b5d768.exe
unpack007/$PLUGINSDIR/nsExec.dll
unpack007/$PLUGINSDIR/nsProcess.dll
unpack007/secrehosted.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/f02fe52119ff47fed2e52b28ec2c42a8eae8233b4c588c310dbaef3297b5d768.exe	nsis_installer_1
static1/unpack001/f02fe52119ff47fed2e52b28ec2c42a8eae8233b4c588c310dbaef3297b5d768.exe	nsis_installer_2

Files

Unique_Icons_But_Unknown_Malware.rar
.rar
04862185775476ae0b6f7e8a02133cb408d212ca17bbff5c20dcfdcf569b3dd9.exe
.exe windows:6 windows x64 arch:x64

fafa4a28b560c39ab0fffc511680e6be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win64_nondevelopment_mono\WindowsPlayer_x64_Master_mono.pdb

Imports

unityplayer

UnityMain

kernel32

HeapAlloc
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetACP
HeapFree
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
09bfd15145c9d8e39f99d3dfe98337a8c488dc334dfe195d27bdeb5b2459fd11.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\1314\Downloads\Maya3.3\Maya3.3\Maya3.0\Zm\obj\Release\Fuck学习强国.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 720KB - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
141d93e2d408738bba4f523f60d6ead702424e7d62c34921c8a34150a31870aa.exe
.exe windows:5 windows x86 arch:x86

2bb37eed0d9f70910d890802982d6521

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
FindFirstFileExA
FindClose
CloseHandle
HeapReAlloc
GetTimeZoneInformation
GetFileType
HeapFree
HeapAlloc
IsValidCodePage
GetUserDefaultLCID
IsValidLocale
GetACP
GetModuleFileNameA
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
RaiseException
RtlUnwind
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
SetFilePointerEx
WriteConsoleW
CreateFileW
WaitForSingleObject
lstrlenA
VirtualAlloc
GetProcessWorkingSetSize
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLocaleName
TerminateProcess
GetCurrentProcess
CreateEventA
GetConsoleWindow
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
MultiByteToWideChar
OpenEventA
SetLastError
OutputDebugStringW
DebugBreak
MulDiv
OpenJobObjectA
WideCharToMultiByte
EnumSystemLanguageGroupsA
CreateThread
lstrcpyA
GetCurrentThreadId
FormatMessageW
LocalFree
GetStartupInfoW
GetLastError
TerminateThread
GlobalAlloc

user32

SetScrollPos
OpenDesktopW
GetWindowTextLengthA
RegisterClassExA
UpdateWindow
SetForegroundWindow
DrawIconEx
IsIconic
ReleaseDC
GetCursorPos
DialogBoxIndirectParamW
GetScrollInfo
SetScrollInfo
GetUpdateRect
CheckDlgButton
InvalidateRect
SetWindowContextHelpId
EndPaint
PtInRect
GetMessageA
GetMessagePos
GetWindowRect
LoadCursorA
InflateRect
GetDC
InsertMenuA
LoadStringA
PostMessageA
FillRect
EndDialog
GetSystemMetrics
CreatePopupMenu
DrawIcon
TrackPopupMenu
LoadStringW
wsprintfA
GetClassLongA
OffsetRect
SetTimer
DrawTextA
SetWindowLongA
CopyRect
GetWindowTextA
ChangeDisplaySettingsA
CreateAcceleratorTableA
MapWindowPoints
GetWindowLongA
LoadBitmapA
MessageBoxA
GetSysColor
EnumDisplaySettingsA
GetForegroundWindow
MoveWindow
IsDlgButtonChecked
DefWindowProcA
DestroyMenu
CreateWindowExA
SetFocus
TranslateMessage
BeginPaint
SendMessageA
SetCursor
CreateDialogParamA
SetClassLongA
LoadIconA
SystemParametersInfoA
TrackPopupMenuEx
CheckMenuItem
GetClientRect
GetDlgItem
AppendMenuW
SetRect
ShowWindow
SendMessageW
DefWindowProcW
RegisterClassW
UnregisterClassW
CreateWindowExW
SetWindowPos
GetWindowPlacement
SetWindowPlacement
EnableWindow
SetMenu
AdjustWindowRectEx
GetWindowLongW
SetWindowLongW
MonitorFromWindow
GetMonitorInfoW
LoadCursorW
LoadIconW
SystemParametersInfoW
GetMessageW
DispatchMessageW
PeekMessageW
PostMessageW
PostQuitMessage
GetActiveWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsDialogMessageW
ReleaseCapture
CharNextW
DestroyWindow
SetParent
SetWindowTextW
GetWindowTextW
GetClassNameW
GetAncestor
CreateMenu
GetMenuItemInfoW
SetMenuItemInfoW
KillTimer
ValidateRect
IsChild
GetMessageTime
GetDoubleClickTime
GetKeyState
SetCapture

gdi32

BitBlt
SaveDC
CreateFontA
SelectObject
CreateDIBSection
GetTextExtentPoint32A
SetBrushOrgEx
CreatePatternBrush
CreateCompatibleBitmap
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
CreateCompatibleDC
CreateDCW
GetStockObject
GetDeviceCaps
GetPixel
DeleteDC
SetTextColor
SetBkMode
LineTo
CreatePen
SelectClipRgn
ExcludeClipRect
MoveToEx
RestoreDC
DeleteObject
CreateSolidBrush

advapi32

RegOpenKeyExA
RegCloseKey
ImpersonateLoggedOnUser

shell32

SHBrowseForFolderA

ole32

StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoMarshalInterface
CoInitialize

oleaut32

LoadTypeLi

odbc32

ord41

opengl32

glTexGeni
glClear
glEnable
glVertex3f
glEnd
glTexCoord2f
glLoadIdentity
glTexParameteri
glHint
glDepthFunc
glShadeModel
glClearDepth
glRotatef
glVertex2f
glTexImage2D
glTranslatef
glClearColor
glBegin

comctl32

ord410
_TrackMouseEvent
ord411
CreatePropertySheetPageA
InitCommonControlsEx
DestroyPropertySheetPage
ord413
ord412

gdiplus

GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdiplusShutdown
GdipSaveImageToFile
GdipFree
GdiplusStartup
GdipDisposeImage

urlmon

CreateAsyncBindCtx

pdh

PdhCollectQueryData

msvfw32

DrawDibOpen

activeds

ord8
ord7

d2d1

ord1
ord4
ord3
ord2
ord5

dwrite

DWriteCreateFactory

Exports

Exports

uiAllocControl
uiAreaBeginUserWindowMove
uiAreaBeginUserWindowResize
uiAreaQueueRedrawAll
uiAreaScrollTo
uiAreaSetSize
uiAttributeColor
uiAttributeFamily
uiAttributeFeatures
uiAttributeGetType
uiAttributeItalic
uiAttributeSize
uiAttributeStretch
uiAttributeUnderline
uiAttributeUnderlineColor
uiAttributeWeight
uiAttributedStringAppendUnattributed
uiAttributedStringByteIndexToGrapheme
uiAttributedStringDelete
uiAttributedStringForEachAttribute
uiAttributedStringGraphemeToByteIndex
uiAttributedStringInsertAtUnattributed
uiAttributedStringLen
uiAttributedStringNumGraphemes
uiAttributedStringSetAttribute
uiAttributedStringString
uiBoxAppend
uiBoxDelete
uiBoxPadded
uiBoxSetPadded
uiComboboxAppend
uiComboboxOnSelected
uiComboboxSelected
uiComboboxSetSelected
uiControlDestroy
uiControlDisable
uiControlEnable
uiControlEnabled
uiControlEnabledToUser
uiControlHandle
uiControlHide
uiControlParent
uiControlSetParent
uiControlShow
uiControlToplevel
uiControlVerifySetParent
uiControlVisible
uiDrawClip
uiDrawFill
uiDrawFreePath
uiDrawFreeTextLayout
uiDrawMatrixInvert
uiDrawMatrixInvertible
uiDrawMatrixMultiply
uiDrawMatrixRotate
uiDrawMatrixScale
uiDrawMatrixSetIdentity
uiDrawMatrixSkew
uiDrawMatrixTransformPoint
uiDrawMatrixTransformSize
uiDrawMatrixTranslate
uiDrawNewPath
uiDrawNewTextLayout
uiDrawPathAddRectangle
uiDrawPathArcTo
uiDrawPathBezierTo
uiDrawPathCloseFigure
uiDrawPathEnd
uiDrawPathLineTo
uiDrawPathNewFigure
uiDrawPathNewFigureWithArc
uiDrawRestore
uiDrawSave
uiDrawStroke
uiDrawText
uiDrawTextLayoutExtents
uiDrawTransform
uiFontButtonFont
uiFontButtonOnChanged
uiFormAppend
uiFormDelete
uiFormPadded
uiFormSetPadded
uiFreeAttribute
uiFreeAttributedString
uiFreeControl
uiFreeFontButtonFont
uiFreeImage
uiFreeInitError
uiFreeOpenTypeFeatures
uiFreeText
uiImageAppend
uiInit
uiMain
uiMainStep
uiMainSteps
uiMenuAppendAboutItem
uiMenuAppendCheckItem
uiMenuAppendItem
uiMenuAppendPreferencesItem
uiMenuAppendQuitItem
uiMenuAppendSeparator
uiMenuItemChecked
uiMenuItemDisable
uiMenuItemEnable
uiMenuItemOnClicked
uiMenuItemSetChecked
uiNewArea
uiNewAttributedString
uiNewBackgroundAttribute
uiNewColorAttribute
uiNewCombobox
uiNewFamilyAttribute
uiNewFeaturesAttribute
uiNewFontButton
uiNewForm
uiNewHorizontalBox
uiNewImage
uiNewItalicAttribute
uiNewMenu
uiNewOpenTypeFeatures
uiNewScrollingArea
uiNewSizeAttribute
uiNewStretchAttribute
uiNewUnderlineAttribute
uiNewUnderlineColorAttribute
uiNewVerticalBox
uiNewWeightAttribute
uiNewWindow
uiOnShouldQuit
uiOpenTypeFeaturesAdd
uiOpenTypeFeaturesClone
uiOpenTypeFeaturesForEach
uiOpenTypeFeaturesGet
uiOpenTypeFeaturesRemove
uiQueueMain
uiQuit
uiTimer
uiUninit
uiUserBugCannotSetParentOnToplevel
uiWindowBorderless
uiWindowContentSize
uiWindowFullscreen
uiWindowMargined
uiWindowOnClosing
uiWindowOnContentSizeChanged
uiWindowSetBorderless
uiWindowSetChild
uiWindowSetContentSize
uiWindowSetFullscreen
uiWindowSetMargined
uiWindowSetTitle
uiWindowTitle
uiWindowsAllocControl
uiWindowsControlAssignControlIDZOrder
uiWindowsControlAssignSoleControlIDZOrder
uiWindowsControlChildVisibilityChanged
uiWindowsControlContinueMinimumSizeChanged
uiWindowsControlLayoutRect
uiWindowsControlMinimumSize
uiWindowsControlMinimumSizeChanged
uiWindowsControlNotifyVisibilityChanged
uiWindowsControlSetParentHWND
uiWindowsControlSyncEnableState
uiWindowsControlTooSmall
uiWindowsEnsureAssignControlIDZOrder
uiWindowsEnsureCreateControlHWND
uiWindowsEnsureDestroyWindow
uiWindowsEnsureGetClientRect
uiWindowsEnsureGetWindowRect
uiWindowsEnsureMoveWindowDuringResize
uiWindowsEnsureSetParentHWND
uiWindowsGetSizing
uiWindowsMakeContainer
uiWindowsRegisterReceiveWM_WININICHANGE
uiWindowsRegisterWM_COMMANDHandler
uiWindowsRegisterWM_HSCROLLHandler
uiWindowsRegisterWM_NOTIFYHandler
uiWindowsSetWindowText
uiWindowsShouldStopSyncEnableState
uiWindowsSizingDlgUnitsToPixels
uiWindowsSizingStandardPadding
uiWindowsUnregisterReceiveWM_WININICHANGE
uiWindowsUnregisterWM_COMMANDHandler
uiWindowsUnregisterWM_HSCROLLHandler
uiWindowsUnregisterWM_NOTIFYHandler
uiWindowsWindowText
uiWindowsWindowTextWidth

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
16c2807567b31c30288d92c0649ce78ea87434104bac72db407bb45bf65a4855.exe
.exe windows:4 windows x86 arch:x86

12558c4dd0ec18ba63d0e699cc441f33

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord586
MethCallEngine
ord516
ord519
ord666
ord669
ord591
ord592
ord596
ord598
ord520
EVENT_SINK_AddRef
ord564
ord673
ord674
ord569
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord100
ord616

Sections

.text
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2f41c73046f3b0f5edd79ae089b6b64ec3a0812ea02fe7325b8e5b171a621c95.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3e275093a5ad4b2083eda47dfd2e9053cae044f7990a323c6f649093a8d00901.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
419a809f42361b2fcff98eb6f201e54ecef532c9b378db06e999f54285032889.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Murder Miners Source\VoxelTest\VoxelTest\obj\x86\Release\Murder Miners.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4b10fd0d5e4370dde456862f810e27b2be1f854356191b9893ab1a65f4af5358.exe
.exe windows:4 windows x86 arch:x86

fd3d928673975de5eabf64abf0fb4590

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
SHDeleteKeyA

kernel32

FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetErrorMode
GetTickCount
RtlUnwind
HeapFree
HeapAlloc
FindNextFileA
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RaiseException
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitThread
CreateThread
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
GetCurrentDirectoryA
GetStdHandle
SetHandleCount
GetFileType
GetACP
Sleep
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
DeleteFileA
MoveFileA
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
InterlockedDecrement
GetModuleFileNameW
SuspendThread
ResumeThread
SetThreadPriority
GlobalFree
GlobalAlloc
FreeResource
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalLock
GlobalUnlock
GetCurrentProcessId
GlobalGetAtomNameA
GlobalAddAtomA
lstrcpynA
SetLastError
GetModuleHandleA
FormatMessageA
LocalFree
GetCurrentThreadId
GetModuleFileNameA
MulDiv
SetEvent
WaitForSingleObject
LoadLibraryW
GetVersionExA
GetStringTypeExA
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
MultiByteToWideChar
InterlockedExchange
LoadLibraryA
FreeLibrary
GetProcAddress
PulseEvent
GetDriveTypeA
FindFirstChangeNotificationA
FindCloseChangeNotification
FindNextChangeNotification
SetFilePointer
ReadFile
CreateFileA
GetFileSize
CreateEventA
OpenEventA
WaitForMultipleObjects
CloseHandle
GetLastError
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource

user32

PostQuitMessage
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
UnregisterClassA
DestroyIcon
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
SetParent
DeleteMenu
IsRectEmpty
GetMenuItemInfoA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
ValidateRect
WindowFromPoint
SetRect
EndPaint
BeginPaint
GetWindowDC
GetMenuStringA
AppendMenuA
InsertMenuA
MoveWindow
IsDialogMessageA
GetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
CheckMenuItem
SendDlgItemMessageA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetClassInfoExA
RegisterClassA
DeferWindowPos
GetScrollInfo
SetScrollInfo
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
UnpackDDElParam
ReuseDDElParam
DestroyMenu
GetClassNameA
WinHelpA
SetFocus
GetWindowThreadProcessId
IsWindowEnabled
EqualRect
GetDlgItem
GetKeyState
GetDlgCtrlID
LoadIconA
PeekMessageA
GetCapture
LoadAcceleratorsA
SetActiveWindow
IsWindowVisible
InsertMenuItemA
CreatePopupMenu
GetClassInfoA
IntersectRect
CopyRect
GetLastActivePopup
SetMenu
GetDesktopWindow
GetParent
SendMessageA
PtInRect
SetRectEmpty
InflateRect
OffsetRect
GetWindow
AdjustWindowRectEx
SetWindowPos
TranslateAcceleratorA
TranslateMDISysAccel
GetActiveWindow
DrawMenuBar
CreateWindowExA
GetMenuItemCount
GetMenuItemID
DefMDIChildProcA
DefFrameProcA
GetFocus
DrawEdge
FrameRect
FillRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
SetScrollPos
KillTimer
ScreenToClient
BringWindowToTop
LoadMenuA
GetSubMenu
IsIconic
DrawFrameControl
GetWindowRect
GetClientRect
ClientToScreen
ReleaseDC
InvalidateRect
GetDCEx
LockWindowUpdate
RedrawWindow
SetCapture
GetSystemMetrics
GetSysColor
EnableWindow
GetCursorPos
IsWindow
SetCursor
LoadCursorA
ReleaseCapture
MessageBoxA
SetWindowTextA
EnableMenuItem
GetMenu
GetSystemMenu
SetForegroundWindow
SetWindowLongA
GetWindowLongA
LoadBitmapA
UpdateWindow
SetTimer
CharUpperA
ShowWindow
LoadStringA
PostMessageA
MessageBeep
GetDC

gdi32

CreatePen
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
CreateFontA
StretchDIBits
GetTextColor
GetRgnBox
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
SetViewportOrgEx
ScaleViewportExtEx
SetViewportExtEx
PatBlt
GetCharWidthA
CreateSolidBrush
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
DeleteObject
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateRectRgn
CreateFontIndirectA
GetTextExtentPoint32A
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetCurrentObject
GetBkColor
CreateCompatibleBitmap
GetDeviceCaps
BitBlt
CreateCompatibleDC
GetObjectA
SelectObject
OffsetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
GetFileSecurityA

shell32

ExtractIconA
SHGetFileInfoA
DragQueryFileA
DragFinish
DragAcceptFiles
Shell_NotifyIconA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SysAllocString
OleCreateFontIndirect
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4d78c439ed8860a14aebcf79dfef27047a51fc36c514b40b48724cd9340ff6f7.exe
.exe windows:5 windows x64 arch:x64

e1e8417f4591da7741a300229f9e8e8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
SetDllDirectoryW
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
CreateDirectoryW
FormatMessageW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetLastError
SetEndOfFile
HeapReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW
GetTimeZoneInformation
HeapSize
RaiseException

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

ws2_32

ntohl

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NitroGenerator.pyc
4f7713dcf8ad6717ea6eb432774a29317649a512445221dc0a29ed79e48b7663.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

W��ҿ"O8��~�;�qt��A��R�ފ�x��g��"�_)>Tr�GbI��b ��i��5�S|[��B�A�"p��St��1m52pu~]+��?�� Q��L�N��-M��e4��Q�~�c��L�Z�B��Ż��l�qF=jZC��u��K�,P�H�ܫ��Qm��8��$#��PI�(b|��`M��V.úQ!�\K��i��<Oyv`Z�j$�S��]��ܛ�f�{SI,��>r`��N��g�N��Y��P��j��ՕOn�y�v��|l`X�.��*,�J�Y�{h�DX��O�.�z��Y�#�:�srQrn}.B�ag< ��Z46ɳ V¦s�x��5�o��tis�HAfC��7�De��1�@��M��F��4l!��L�� ~$�+iz�I��֣�X�i�^�f��;�e��TO��0d��KP|y�[��m�a/q|i��ػ�DQ.�OsJ��2q��8:�O�� n�o�OƆx,��Qd�NӀӐ��d��h~�u>�Nb��cPk�c�ju �V��Y�;��%\4r4�V�f�%$K��Qk��3�:�ړ�%��v��4�*��-+�ݘw��6@��'9�U��Y��Q��{A�bd��&�E��ق��g�� g�Y��+U��V��(��)�]c��= ��и ��u*��R^Ĳ�-��Y��i�,q��c�d>*qm=� ��הo�\D��Q��kq灚�94Sr|��$D��%��/��F��+��M�>첻�WŲ�]S˂��q$��(��¢�[��*�>�[�)�8� ȿ�5)p&�9pF3�Π�,E�iRhY��Uǹ�*Z�0�C�<ԤQ<"<g�v�QN!��H�2^O�փ�Nt��}`U�0!��]�畉�'��,��*+�nJ�u0�#��h��ׄ4��? ۮT۹��c��1��s+��q~,�}f��y��6��$Lr��3��f�gP3J�#��2�d�GY��!A+-�Ո��A�K ��?-�E�9��Y�z��l��ھ��^^4�C��Ry�6�L&SR��|D�i��X��E�"�(��Gï��&6��"��Qtv�"zJ�Z�o�xE�hp�QXV�h0�͜eg�08u�M�'Ub&�l9f�LR�j#��L8��dM�m]��-��Ei�α��S�:O� �v��K�!��H��b��CL&Z�3��C�E v#�8��Ƙ��k�h��4�3ԧ�c�D5'.��\:\`6�(o��Y��f��p��VɅ�t��SZ�V��5��^%1O?�0Jx-q�As�`"�@ Ԭb�+y�!x�-�Zq��:D��2nR�I��ub�.��(��!z?�Cl�3g��jD(�ui�&p��ҿyqe��B��=I��X׆o@�V""b��ỏx�*��n,ј��G^L�pf};V7��ᆿ]iekt1;&�k��a$�'�R��/��_y8��N��>SL�M>�+]��XA��Yy�6�EX�`�h��ZQ��9��𝕬[U��;4Z�,�ftαmmoi��c��#��~��˜�AP��:��\�e�fJ��_�F:-x��Ic��`��a��äzj�I�ҳ��y�$��xef~�1��7�=E��γ��a�4V�v�N�g��|��L>#�.o��9?�E+N��H�*�|��Oh��D*w�ۦPb�|�,{��R�Y`_KB��n�d��f�1�n��N�� A��+��4\�D`_^3%�7+�siW(�-8��E��τ⁏=��u=ϹT� �}g;z-�2c8��6�#��q��iö�$<��gN�ɼ-�4Q��?A��K�C�G�/�B��,2�?^Һ��eKr��9��ir��-J[y:�V�]�1)�4��|��a�ɚ�G��fˎ.��9�6��I�5�xO�o��xY;��0lpV�mQ�'B4�N�CYX��;��.Xk�h0�Ь�{T�� e2�^��ء)>�C�.��ڶqAY7�S� ��ݷ|�8��R5ʶ+g�_F�g�YG��ᇭ�,*�p|��j�'�7䎍�֖�͙��{�&T�1�zr��P��o��`=��D�H�c�ht� �=̯��B�pq�<��1?f��i�d�/~!�>��>��y��{�$��e�#�n*�{�x�0e��K� "��fS��E�j��b,B��z�v��)��e��:)Y��ߓ*�q�yC��5��v ��]� 7�6!f?y��3��d W�\��3��.�4�4B��Ԫ�S��Q3��d��޴j?Pr��[n��ۜ��QC��*�*�a�֗GY/�P��59�Ǚ��ٶ�q~�d�= ��00�wD 5(�oƎ:�'��-X� oU�I:k��x�Lu��D#��3�*��;x��±� �>�eER趪��3Yi1y`P��R!7�sj�>k�j��N�R[��n�0�<��WO��d&�˦�4�}�,��*��oV:��jJ�r�e��c�d%&�=��L�C��+E��1[swa܍��\/��gR��K桰�;\�g%_8��k�� =�b;��H�}+�׊��I� �${��|R��F��^�jq�rK�jW�NrP�z��pg�I��&�8딑d��hb ��䪬VU&�'NQ��rrP��u,)z�e��(�-]1�_U!��?��<�,�"nC�Ƽ�D�%��T�gz � {�pߩ�3z��O�IVx�6�:��*�H�2��(xISޟ�qI��5^7��y^�4��K�ۜ��\GK��T�"Y^��F��)�=�̻�w]^�zg�6[_��ۧ�e�v��zKmf�N�? �=��䞔rꑬ+��2��2�%��>'6�� W�)��+c Be�n6�&�@TG�YS��Ȓ<�]��w�6ak��Z�V,��4>��M�R1t��юfn�f0N�00tM_T��߹�c+UM�o әWW��>=��3�� Er&��F1�K\(�>�¶ nd�l�d�p=�[��@�)B�)"Of�f=S@�Ȯ��t��j2�P$h��Oe��ՕF�&�n<u�a�\��wdL�`�Kr�}��s ��7�.Ns�ң�[5��j��)��MH�䣹X��(^��ZZ�ܣ=��v�eqfR�2��B3�:s3��w�$B��uc=�ɥ#PZi�[֝in��Njx*�BOK0-[�χ4��F%�Z��F��`^#PƖi��Gv+ ��1�f��Q: 1��A)��>��y��s�OMj�8J/��tW��2P�ǴL��'ݪOÎ�ϧ8��r�w -n �*`��'5 �q��9��N�� N�S�1C��+�j�Dq)C8x{�*�Ӧ��z��GS�P�:=}�˨��Q箖>��

Sections

Size: 138KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 34KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 238KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 189KB - Virtual size: 19.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.glad
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
597deecbe673c67d998825bdf4ddeca83f6fbb3bdccec91dabf4f9052713ac4d.exe
.exe windows:5 windows x86 arch:x86

f1632ad073d9d68162159e63f63f8870

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e0:79:1e:36:fe:f9:8f:6c:e2:3b:89:64:ff:65:3e:71
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-08-2018 00:00

Not After

08-05-2019 23:59

Subject

CN=HAYCAV LIMITED,O=HAYCAV LIMITED,POSTALCODE=EC1V 2PH,STREET=210 City Road,L=LONDON,ST=LONDON,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:79:1e:36:fe:f9:8f:6c:e2:3b:89:64:ff:65:3e:71
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-08-2018 00:00

Not After

08-05-2019 23:59

Subject

CN=HAYCAV LIMITED,O=HAYCAV LIMITED,POSTALCODE=EC1V 2PH,STREET=210 City Road,L=LONDON,ST=LONDON,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:c6:2c:a9:98:df:7c:5c:35:d7:17:3a:fe:c4:16:a8:4c:a1:c3:23:8f:5b:43:dd:82:78:fb:43:bb:1a:0e:1d
Signer

Actual PE Digest

a9:c6:2c:a9:98:df:7c:5c:35:d7:17:3a:fe:c4:16:a8:4c:a1:c3:23:8f:5b:43:dd:82:78:fb:43:bb:1a:0e:1d

Digest Algorithm

sha256

PE Digest Matches

true

90:12:56:43:51:ed:c7:10:04:d7:f2:4c:1e:70:d8:55:78:c8:07:e9
Signer

Actual PE Digest

90:12:56:43:51:ed:c7:10:04:d7:f2:4c:1e:70:d8:55:78:c8:07:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Admit\Release\unbreakable.pdb

Imports

kernel32

GetFullPathNameA
FormatMessageW
FormatMessageA
LocalFree
GetTempPathW
LockFileEx
LoadLibraryW
DeleteFileW
GetFileAttributesW
DeleteFileA
GetFileAttributesA
LockFile
UnlockFile
GetFileSize
SetEndOfFile
ReadFile
AreFileApisANSI
GetVersionExA
InitializeCriticalSection
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedExchange
FreeLibrary
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetFullPathNameW
GetUserDefaultLCID
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetModuleFileNameW
GetTempPathA
GetTempFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetConsoleTitleA
GetCurrentProcessId
GetTickCount
SetConsoleTitleA
Sleep
VirtualAlloc
GetModuleHandleA
GetProcAddress
lstrlenA
GlobalAlloc
GetModuleFileNameA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
CreateEventA
WaitForSingleObject
HeapCreate
DeleteCriticalSection
GetLastError
CreateFileA
GetSystemTime
GetFileTime
CloseHandle
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
WriteFile
ExitProcess
VirtualQuery
CreateFileW
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
HeapFree
HeapAlloc
GetStartupInfoW
RtlUnwind
RaiseException
GetLocaleInfoA
FileTimeToSystemTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

EndPaint
SetFocus
GetDlgItem
DialogBoxParamA
GetDialogBaseUnits
DialogBoxIndirectParamA
EnumWindowStationsW
DrawFrameControl
InflateRect
GetSystemMetrics
DefMDIChildProcA
CopyRect
SetWindowLongA
KillTimer
GetCursorInfo
ReleaseDC
GetClientRect
GetDC
FindWindowA
BeginPaint
SetCursor
GetSubMenu
DefWindowProcA
SendMessageA
wsprintfA
EndDialog
SetLayeredWindowAttributes
UpdateWindow
ShowWindow
CreateWindowExW
GetCursorPos
LoadCursorA
GetDesktopWindow
DestroyWindow
IsWindow
GetWindow
GetWindowLongA
DrawTextA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
RegisterClassExW
PostQuitMessage
GetUpdateRect
GetParent

gdi32

ExcludeClipRect
CreateSolidBrush
CreatePen
SelectObject
Rectangle
LineTo
SetDCPenColor
Ellipse
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
GetTextExtentPoint32A
CreateEllipticRgn
DeleteObject
CreateRectRgn
SetViewportOrgEx
SelectClipRgn
MoveToEx

shell32

SHGetDesktopFolder

ole32

RevokeDragDrop
CoLockObjectExternal

oleaut32

OleLoadPicture
SystemTimeToVariantTime

wininet

FtpSetCurrentDirectoryA

ws2_32

WSAStartup

winmm

timeGetTime

crypt32

CryptFormatObject

shlwapi

StrChrA
PathFileExistsW

comctl32

ord412
ord413

activeds

ord9

pdh

PdhBrowseCountersA

gdiplus

GdipDisposeImage
GdipGetImageWidth
GdipCreateLineBrushI
GdipCreateFromHDC
GdipFillRectangleI
GdipDrawImageRectI
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromFile
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDeleteBrush
GdipGetImagePixelFormat
GdipGetImageHeight

opengl32

glViewport
glOrtho
glLoadIdentity
glMatrixMode

glu32

gluLookAt

uxtheme

CloseThemeData
OpenThemeData

wsnmp32

ord601
ord201

ntdsapi

DsAddSidHistoryA
DsGetRdnW
DsGetDomainControllerInfoA

dwmapi

DwmEnableBlurBehindWindow

Exports

Exports

Type

Sections

.text
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6b59edf464eaaeac4f4b2f43474e573694429f08c448db770618dc574b6171e8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Sapphire-Ransomware-master\Sapphire Ransomware\obj\Debug\GachaLife_Update.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7def3cd43d98a30a04f09be284cab8b8dbf96ecc2e78302f6c45ad524c41d7d8.exe
.exe windows:5 windows x64 arch:x64

e1e8417f4591da7741a300229f9e8e8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
SetDllDirectoryW
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
CreateDirectoryW
FormatMessageW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetLastError
SetEndOfFile
HeapReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW
GetTimeZoneInformation
HeapSize
RaiseException

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

ws2_32

ntohl

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscordNitroGenerator.pyc
96ba85326e2250f4e1cf07f5981bb96ea1383901663a6354899b5da0cd77b98a.exe
.exe windows:5 windows x64 arch:x64

e1e8417f4591da7741a300229f9e8e8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
SetDllDirectoryW
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
CreateDirectoryW
FormatMessageW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetLastError
SetEndOfFile
HeapReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW
GetTimeZoneInformation
HeapSize
RaiseException

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

ws2_32

ntohl

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NitroGenerator.pyc
97f1b6afb24cda22203275fc34bd07ba51170729edba8ee67bdb66a529574a2e.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 520KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9906747639b782d738555a2522acd4a09ca8a3356f7848a4e68f284d888d891e.exe
.exe windows:10 windows x64 arch:x64

d8510bdedf9dc05b902a211ff01636cf

Code Sign

33:00:00:02:9e:05:ca:b1:2e:ac:93:cf:b6:00:00:00:00:02:9e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-09-2020 19:16

Not After

23-09-2021 19:16

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:e3:b9:69:93:da:a1:1a:6d:b9:14:14:30:85:ce:19:12:b9:cf:35:2c:da:ff:dd:fe:03:a8:ba:bd:5d:b9:4c
Signer

Actual PE Digest

73:e3:b9:69:93:da:a1:1a:6d:b9:14:14:30:85:ce:19:12:b9:cf:35:2c:da:ff:dd:fe:03:a8:ba:bd:5d:b9:4c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MpCmdRun.pdb

Imports

kernel32

DebugBreak
Sleep
CloseHandle
SetErrorMode
FormatMessageW
GetSystemTimeAsFileTime
GetLastError
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LocalFree
GetTickCount
SetLastError
GetCurrentThreadId
GetCommandLineW
GetCurrentProcess
GetExitCodeProcess
DeleteFileW
CreateDirectoryW
GetLocalTime
CopyFileW
CreatePipe
SetHandleInformation
CreateProcessW
WaitForSingleObject
FindFirstFileW
GetSystemTime
FindNextFileW
FindClose
FreeLibrary
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
LoadLibraryExW
GetStdHandle
GetConsoleMode
SetConsoleMode
GetDateFormatW
GetTimeFormatW
CompareFileTime
TerminateProcess
GetProcAddress
GetSystemDefaultUILanguage
MultiByteToWideChar
lstrlenA
GetSystemInfo
LoadLibraryExA
VirtualProtect
GetSystemFirmwareTable
SetFilePointerEx
LoadLibraryW
WriteFile
CreateTimerQueueTimer
GetFileSizeEx
ReadFile
VirtualQuery
HeapSetInformation
GetNativeSystemInfo
GetSystemDirectoryW
GetTempPathW
GetModuleFileNameW
QueryPerformanceFrequency
MoveFileExW
SetFileInformationByHandle
GetProcessHeap
AcquireSRWLockShared
HeapAlloc
ReleaseSRWLockShared
SetThreadpoolTimer
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
HeapFree
GetVersionExW
FileTimeToDosDateTime
WideCharToMultiByte
GetFileInformationByHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetFileAttributesW
SetFileAttributesW
CreateFileW
GetFinalPathNameByHandleW
DeviceIoControl
DeleteTimerQueueTimer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
RaiseException
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
InitializeCriticalSectionEx
GetSystemPowerStatus
GetComputerNameExW
GetLocaleInfoW
ConvertDefaultLocale

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf
_set_fmode
__p__commode
_lseek
_write
_wtempnam
__acrt_iob_func
_read
_wsopen_dispatch
_wfopen
fclose
getchar
fgetws
__stdio_common_vswscanf
__stdio_common_vfwprintf
__stdio_common_vswprintf
__stdio_common_vfprintf
feof
_close
__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

_wcsnicmp
_wcsicmp
iswprint
iswspace
wcscmp
isprint
towlower
_wcsupr_s
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstol
_wtoi
_itoa_s
wcstoul

api-ms-win-crt-runtime-l1-1-0

abort
__doserrno
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
_initialize_onexit_table
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_register_onexit_function
_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
_exit
_crt_atexit
__p___argc

setupapi

SetupDiGetClassRegistryPropertyW

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptHashData

mpclient

MpConfigIteratorOpen
MpConfigIteratorEnum
MpConfigIteratorClose
MpNetworkCapture
MpConfigDelValue
MpQuarantineRequest
MpDynamicSignatureEnumerate
MpManagerStatusQueryEx
MpUpdateStart
MpSampleQuery
MpSampleSubmit
MpDynamicSignatureOpen
MpConveySampleSubmissionResult
MpGetSampleChunk
MpAddDynamicSignatureFile
MpUpdateStartEx
MpCleanStart
MpCleanOpen
MpQueryEngineConfigDword
MpManagerVersionQuery
MpScanStartEx
MpScanControl
MpScanResult
MpThreatEnumerate
MpThreatOpen
MpConfigUninitialize
MpConfigGetValueAlloc
MpUpdatePlatform
MpWDEnable
MpManagerEnable
MpConfigInitialize
MpAllocMemory
MpClientUtilExportFunctions
MpFreeMemory
MpConfigClose
MpConfigSetValue
MpConfigGetValue
MpConfigOpen
MpGetTPStateInfo
MpManagerStatusQuery
MpManagerOpen
MpHandleClose
MpGetTaskSchedulerStrings
MpRemoveDynamicSignatureFile
MpUtilsExportFunctions

ntdll

RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlLengthSid
RtlCompareMemory

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_callnewh
_set_new_mode
_calloc_base
_free_base
free

api-ms-win-crt-filesystem-l1-1-0

_wremove

api-ms-win-crt-math-l1-1-0

ceilf

Sections

.text
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9e1609ab7f01b56a9476494d9b3bf5997380d466744b07ec5d9b20e416b10f08.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\bokai\Downloads\EncrypterPOC-main\EncrypterPOC-main\WindowsFormsApp1\obj\Release\WindowsFormsApp1.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b7fc91fc1fa6a53b1e5d97e21a7abefbde3ca7349d4db0fdbe15ec2702b1b737.exe
.exe windows:5 windows x64 arch:x64

08c12a4e8a6a5e4388e0bc669ebc661c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

MessageBoxW
MessageBoxA

kernel32

HeapReAlloc
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
SetEndOfFile
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
CreateDirectoryW
FormatMessageW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
GetDriveTypeW
HeapSize
GetTimeZoneInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
RaiseException
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

ws2_32

ntohl

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DC_Grabber.pyc
bf179bbd2ce7ca31e421334efa7d262e30dc16b9bb5cced1b8b18d119adc4425.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.3MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 130KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 96KB - Virtual size: 66.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TFPT
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cfc68c40f4631954894898633fd0c5a06c5ce5837eba7d4b56fc3514c01e124f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

01:e2:0d:5b:e0:b5:19:0b:1d:bf:de:9b:ef:38:0d:9a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2021 00:00

Not After

07-05-2024 23:59

Subject

SERIALNUMBER=5128862,CN=Discord Inc.,OU=Select or enter,O=Discord Inc.,L=San Francisco,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:5b:68:fd:02:07:ad:e4:d8:d3:6b:22:ad:d7:e0:04:04:74:a6:a8
Signer

Actual PE Digest

72:5b:68:fd:02:07:ad:e4:d8:d3:6b:22:ad:d7:e0:04:04:74:a6:a8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e6e948a0aa3605bbd636ccdfa56e771dfebafa1e150d84f96b1968f8803edbeb.exe
.exe windows:6 windows x64 arch:x64

8ef0868017063524296ec8b3461ee456

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\codecrack\github\einweggerat\out_x64\einweggerat.pdb

Imports

dinput8

DirectInput8Create

shlwapi

PathStripPathW
PathRemoveExtensionW
PathAppendW
StrStrIA
PathFindExtensionW

kernel32

LeaveCriticalSection
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
GetSystemTime
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
LoadLibraryA
LocalAlloc
LocalFree
lstrcmpW
lstrcmpiW
lstrcpynW
lstrlenW
SetDllDirectoryW
VerifyVersionInfoW
CompareStringW
AllocConsole
AttachConsole
InitializeCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
CreateEventW
CreateThread
SetThreadPriority
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileSizeEx
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetLastError
GetUserDefaultLCID
IsValidLocale
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
GetFileType
WriteFile
GetStdHandle
GetModuleHandleExW
VirtualQuery
VirtualProtect
GetSystemInfo
ReadFile
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
GetCPInfo
GetLocaleInfoW
LCMapStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
CloseHandle
FindNextFileW
FindFirstFileW
FindClose
CreateFileA
CreateDirectoryW
GetCommandLineA
VerSetConditionMask
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
WideCharToMultiByte
MultiByteToWideChar
lstrcatW
lstrcpyW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionEx
RtlUnwind
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
RaiseException
DecodePointer
LoadLibraryW
GetProcAddress
FreeLibrary
SetStdHandle
FlushFileBuffers
CreateFileW
SetEndOfFile
WriteConsoleW
EnumSystemLocalesW

user32

MapWindowPoints
ScreenToClient
GetCursorPos
SetCursor
GetSysColor
PtInRect
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
GetSysColorBrush
DrawFocusRect
FillRect
FrameRect
SetRectEmpty
MessageBeep
OffsetRect
SetParent
UnregisterClassW
GetClassNameW
GetWindow
CheckMenuRadioItem
LoadCursorW
LoadIconW
DestroyIcon
LoadImageW
DrawIconEx
IsDialogMessageW
SystemParametersInfoW
MessageBoxW
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
MoveWindow
BeginPaint
ValidateRect
InvalidateRect
EndPaint
GetWindowLongW
ReleaseDC
GetDC
UpdateWindow
DrawTextW
SetMenuDefaultItem
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenuEx
RemoveMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
SetMenu
LoadMenuW
GetSystemMetrics
TranslateAcceleratorW
LoadAcceleratorsW
IsWindowEnabled
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetKeyNameTextW
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextW
GetDlgCtrlID
GetNextDlgTabItem
GetDlgItem
EndDialog
DialogBoxParamW
CreateDialogParamW
SetWindowPos
ShowWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
PostMessageW
SendMessageW
GetMessagePos
PeekMessageW
DispatchMessageW
TranslateMessage
DrawFrameControl
TrackMouseEvent
wsprintfW
wsprintfA
LoadStringW
LoadStringA
EnumDisplaySettingsW
SetWindowTextW

gdi32

ChoosePixelFormat
ExtTextOutW
MoveToEx
GetObjectW
GetTextMetricsW
SetTextColor
SetBkMode
SetBkColor
SelectObject
LineTo
GetStockObject
FillRgn
DeleteObject
CreateSolidBrush
CreateRectRgnIndirect
CreatePen
CombineRgn
SetPixelFormat
SwapBuffers
CreateFontIndirectW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryValueExW
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW

shell32

CommandLineToArgvW
ShellExecuteW
DragAcceptFiles
DragFinish
DragQueryFileW

ole32

CoSetProxyBlanket
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantInit
VarUI4FromStr
VariantChangeType
VariantCopy
VariantClear

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

opengl32

wglDeleteContext
wglGetProcAddress
wglMakeCurrent
wglCreateContext

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

Sections

.text
Size: 518KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f02fe52119ff47fed2e52b28ec2c42a8eae8233b4c588c310dbaef3297b5d768.exe
.exe windows:4 windows x86 arch:x86

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
GetFileAttributesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
GetFullPathNameA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GlobalUnlock
GetDiskFreeSpaceA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

46f8b6973f33717335c0f6d8087de67b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
lstrcpynA
ReadFile
PeekNamedPipe
GetTickCount
lstrcpyA
CreateProcessA
GetStartupInfoA
GetProcAddress
GetVersion
DeleteFileA
lstrcmpiA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
CreatePipe
GlobalLock
lstrcatA

user32

SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
parameters.ini
secrehosted.exe
.exe windows:5 windows x86 arch:x86

57e874dfa8e7eebdf2ca356d9c305d3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wininet

InternetCloseHandle

winspool.drv

DocumentPropertiesW

comctl32

ImageList_GetImageInfo

shell32

Shell_NotifyIconW

user32

CopyImage
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

version

GetFileVersionInfoSizeW

oleaut32

SafeArrayPutElement

advapi32

CloseServiceHandle

netapi32

NetWkstaGetInfo

msvcrt

isupper

winhttp

WinHttpGetIEProxyConfigForCurrentUser

kernel32

GetVersion
GetVersionExW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shfolder

SHGetFolderPathW

wsock32

gethostbyaddr

ole32

IsEqualGUID

gdi32

Pie

wtsapi32

WTSSendMessageW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 108KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 96B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

fafa4a28b560c39ab0fffc511680e6be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

unityplayer

kernel32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 160B

.rsrc Size: 552KB - Virtual size: 552KB

.reloc Size: 2KB - Virtual size: 1KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 720KB - Virtual size: 720KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 512B - Virtual size: 12B

2bb37eed0d9f70910d890802982d6521

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

odbc32

opengl32

comctl32

gdiplus

urlmon

pdh

msvfw32

activeds

d2d1

dwrite

Exports

Exports

Sections

.text Size: 274KB - Virtual size: 273KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 273KB - Virtual size: 272KB

.reloc Size: 16KB - Virtual size: 16KB

12558c4dd0ec18ba63d0e699cc441f33

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 536KB - Virtual size: 532KB

.data Size: - Virtual size: 4KB

.rsrc Size: 28KB - Virtual size: 24KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 552KB - Virtual size: 552KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 720KB - Virtual size: 720KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 274KB - Virtual size: 273KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 273KB - Virtual size: 272KB

.reloc
Size: 16KB - Virtual size: 16KB

.text
Size: 536KB - Virtual size: 532KB

.data
Size: - Virtual size: 4KB

.rsrc
Size: 28KB - Virtual size: 24KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 266KB - Virtual size: 265KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 422KB - Virtual size: 421KB

.rsrc
Size: 160KB - Virtual size: 160KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 148KB - Virtual size: 145KB

.text
Size: 131KB - Virtual size: 131KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 3KB - Virtual size: 44KB

.pdata
Size: 7KB - Virtual size: 7KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 2KB - Virtual size: 1KB