Ransomware-master[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Ransomware-master.zip
Size

12.9MB
MD5

255ffabf0788a28c52889e9f9675c9dc
SHA1

4c61f9e16df1705db48ee91ec1a2ab3d84e2f107
SHA256

3e2ba9a25e9891c6dcb75ad73c1262d523e09f0eb3d095ede9ea9d11f42ebc28
SHA512

ccfbf169a47f7bcb653fa04b0b0b10762a594a703eae14f56bb6e0bb2e3ab0b7ee4b3a2c14ade7ee6509fcabfed1a5a4da2e7bf035295e797eba8140079eef3d
SSDEEP

393216:CMa/Yi2nfFSrjISVemu/GyBSFb+JYSWTmZ:CMaUnnlmk+bDSWs

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/cerber.exe
unpack003/cryptowall.bin
unpack004/jigsaw
unpack005/Locky
unpack006/131.exe
unpack007/Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .com_
unpack008/svchost.exe

Files

Ransomware-master.zip
.zip
Ransomware-master/LICENSE
Ransomware-master/README.md
Ransomware-master/Ransomware
Ransomware-master/etc/Ransomware.Cerber.zip
.zip

Password: infected
cerber.exe
.exe windows:5 windows x86 arch:x86

9d6ed8d049bc10bc45b1995cb6f7f4b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeFormatW
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationW
GetWindowsDirectoryW
Heap32ListFirst
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsSystemResumeAutomatic
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MoveFileExA
MoveFileExW
MoveFileW
MultiByteToWideChar
GetEnvironmentVariableW
QueryPerformanceCounter
QueueUserAPC
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
RemoveDirectoryW
ScrollConsoleScreenBufferW
SearchPathW
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetLocalTime
SetSystemTime
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeLabelA
SleepEx
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TransmitCommChar
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualFreeEx
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
WritePrivateProfileSectionA
_hwrite
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenW
GetEnvironmentStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetConsoleTitleW
GetConsoleScreenBufferInfo
GetConsoleOutputCP
GetConsoleMode
GetCompressedFileSizeW
GetCommandLineW
GetCPInfo
GetBinaryTypeW
GetBinaryType
FreeLibrary
FormatMessageW
FlushFileBuffers
FlushConsoleInputBuffer
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
EraseTape
EnterCriticalSection
DuplicateHandle
DeleteFileW
DeleteFileA
CreateThread
CreateProcessW
CreateFileW
CreateFileA
CreateDirectoryW
CopyFileW
CopyFileA
ConvertDefaultLocale
CompareFileTime
CloseHandle
OpenProcess
AddAtomW

user32

DefWindowProcW
DrawFocusRect
CreateWindowStationA
CreateMenu
FillRect
FindWindowW
GetMenuCheckMarkDimensions
GetProcessWindowStation
GetSysColorBrush
GetThreadDesktop
GetUpdateRgn
GetUserObjectInformationW
InflateRect
InsertMenuItemW
IsIconic
LockWindowUpdate
MessageBeep
MessageBoxW
MonitorFromWindow
OffsetRect
PostMessageW
RealGetWindowClass
SendMessageW
SetUserObjectInformationW
ShowWindow
ToUnicode
WinHelpA
LoadCursorW
GetKBCodePage
DefMDIChildProcW
CloseWindowStation

gdi32

StartPage
SetMiterLimit
SetMapperFlags
SetBitmapBits
PtVisible
OffsetClipRgn
GetViewportOrgEx
GetTextFaceW
AddFontMemResourceEx
AnimatePalette
Arc
BRUSHOBJ_pvAllocRbrush
ColorMatchToTarget
CopyEnhMetaFileA
CreatePatternBrush
DescribePixelFormat
EngFreeModule
EngTextOut
EnumFontsW
FillRgn
GdiGetPageCount
GetGlyphOutlineW
GetMiterLimit
GetOutlineTextMetricsA

advapi32

RegOpenKeyW
SaferRecordEventLogEntry
SaferIdentifyLevel
SaferComputeTokenFromLevel
SaferCloseLevel
RevertToSelf
RegSetValueW
RegSetValueExW
RegQueryValueW
RegQueryValueExW
CreateProcessAsUserW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
ImpersonateLoggedOnUser
GetSecurityDescriptorOwner
GetFileSecurityW
FreeSid

shell32

ShellExecuteExW
ShellExecuteA
ShellAboutA
SHIsFileAvailableOffline
SHGetSettings
CheckEscapesW
DragQueryFile
DragQueryFileAorW
ExtractIconExW
SHAppBarMessage
SHBrowseForFolderA
SHChangeNotify
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHFileOperationA
SHGetDataFromIDListA
SHGetDiskFreeSpaceA
SHGetMalloc
WOWShellExecute

shlwapi

StrCmpNW
StrStrIA
StrStrIW
StrCmpNA
StrChrIA

comctl32

ImageList_Create

msvcrt

_XcptFilter
__getmainargs
__initenv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_adjust_fdiv
_c_exit
_cexit
_close
_controlfp
_dup
_dup2
_errno
_except_handler3
_exit
_get_osfhandle
_getch
_initterm
_iob
_open_osfhandle
_pclose
_pipe
_seh_longjmp_unwind
_setjmp3
_setmode
_snwprintf
_tell
_ultoa
_vsnwprintf
_wcsicmp
_wcslwr
_wcsnicmp
_wcsupr
_wpopen
_wtol
calloc
exit
fflush
fgets
fprintf
free
iswalpha
iswdigit
iswspace
iswxdigit
longjmp
malloc
memmove
printf
qsort
rand
realloc
setlocale
srand
swprintf
swscanf
time
towlower
towupper
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy
wcsrchr
wcsspn
wcsstr
wcstol
wcstoul

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ransomware-master/etc/Ransomware.Cryptowall.zip
.zip

Password: infected
cryptowall.bin
.exe windows:5 windows x86 arch:x86

edbc0337cc897a187d263d79c09c15c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnableMenuItem
GetDlgItem
SendDlgItemMessageA
AppendMenuA
GetWindowLongA
wvsprintfA
SetWindowPos
FindWindowA
RedrawWindow
GetWindowTextA
EnableWindow
GetSystemMetrics
IsWindow
CheckRadioButton
UnregisterClassA
SetCursor
GetSysColorBrush
DialogBoxParamA
DestroyAcceleratorTable
DispatchMessageA
TranslateMessage
LoadIconA
EmptyClipboard
SetClipboardData
SetFocus
CharUpperA
OpenClipboard
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RemoveMenu
InvalidateRect
ChildWindowFromPoint
PostMessageA
DestroyCursor
CreateDialogParamA
GetWindowRect
IsMenu
GetSubMenu
SetDlgItemInt
GetWindowPlacement
CharLowerBuffA
LoadCursorA
CheckMenuRadioItem
GetSysColor
KillTimer
DestroyIcon
DestroyWindow
PostQuitMessage
GetClientRect
MoveWindow
GetSystemMenu
SetTimer
SetWindowPlacement
InsertMenuItemA
GetMenu
CheckMenuItem
SetMenuItemInfoA
SetActiveWindow
DefDlgProcA
RegisterClassA
EndDialog
SetDlgItemTextA
EnumClipboardFormats
GetClipboardData
CloseClipboard
GetClassInfoA
CallWindowProcA
SetWindowLongA
IsDlgButtonChecked
SetWindowTextA
CheckDlgButton
GetActiveWindow
MessageBoxA
wsprintfA
GetDlgItemTextA
SendMessageA
GetCursorPos
TrackPopupMenu
ClientToScreen
DestroyMenu
CreatePopupMenu

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegSetValueA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
GetUserNameA

dbghelp

ImageNtHeader
ImageRvaToSection
ImageRvaToVa

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Remove
CreateToolbarEx
ImageList_SetBkColor
ImageList_Create

kernel32

IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapFree
VirtualFree
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EnterCriticalSection
HeapSize
LeaveCriticalSection
DeleteCriticalSection
GetLocaleInfoA
WriteFile
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
ExitProcess
GetProcAddress
Sleep
GetModuleHandleW
GlobalCompact
SetProcessWorkingSetSize
EncodePointer
OpenProcess
GlobalUnWire
GetStdHandle
IsWow64Process
GetProcessHandleCount
GetProcessHeap
FlushFileBuffers
PulseEvent
GetVersion
RtlUnwind
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCommandLineA
GetProcessId
LockResource
GlobalDeleteAtom
LCMapStringA
LCMapStringW
GetModuleFileNameA
SetProcessPriorityBoost
GlobalUnfix
RequestWakeupLatency
IsProcessInJob
GetThreadTimes
GetProcessTimes
PeekNamedPipe

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 51.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ransomware-master/etc/Ransomware.Jigsaw.zip
.zip

Password: infected
jigsaw
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

!mmUPp
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Ransomware-master/etc/Ransomware.Locky.zip
.zip

Password: infected
Locky
.exe windows:4 windows x86 arch:x86

0fcea3af550ad0a893e93808dccf17f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSecurityDescriptorDacl
RegisterEventSourceA
RegQueryInfoKeyA
GetSidSubAuthorityCount
RegSetValueExA
RegDeleteKeyA
GetKernelObjectSecurity
RegCloseKey
RegQueryValueA
RegLoadKeyA
GetSidSubAuthority
RegConnectRegistryA
LookupPrivilegeValueA
InitiateSystemShutdownA
CreateProcessAsUserA
GetSidIdentifierAuthority
OpenThreadToken
LsaQueryInformationPolicy
RegQueryValueW
EncryptFileW
RegSetValueW
MakeAbsoluteSD
RegOpenKeyExA
RegCreateKeyExW
AddAce
SetNamedSecurityInfoW
OpenEventLogW
GetUserNameW
SetSecurityDescriptorSacl
MakeSelfRelativeSD
RegFlushKey
InitializeSecurityDescriptor
InitializeAcl
SetEntriesInAclA
GetSidLengthRequired
RegSetValueA
SetEntriesInAclW
GetAclInformation

user32

DrawIconEx
IsDialogMessageA
OffsetRect
PostThreadMessageW
DialogBoxParamA
GetLastActivePopup
GetGUIThreadInfo
DrawStateA
IsWindow
OpenClipboard
InSendMessage
FindWindowW
IsMenu
EnumDisplaySettingsA
DrawAnimatedRects
FrameRect
SetMenuDefaultItem
GrayStringW
CreateDialogIndirectParamW
ClientToScreen
GetParent
TranslateMDISysAccel
CreateDesktopW
ShowCaret
GetProcessWindowStation
TrackPopupMenu
IntersectRect
DialogBoxIndirectParamA
DefWindowProcA
ReuseDDElParam
NotifyWinEvent
SetClipboardData
CloseClipboard
DdeDisconnect
GetClassNameA
GetCaretPos
CharLowerW
GetWindowModuleFileNameA
IsWindowVisible
wvsprintfA
ModifyMenuA
SendDlgItemMessageW
SetCaretBlinkTime
LoadMenuW
GetMenuState
DrawTextExA
ChangeDisplaySettingsW
CreateWindowExW
GetCapture
CreatePopupMenu
SetMenu
CharUpperBuffW
DrawStateW
LoadImageA
GetScrollPos
GetDlgItem
GetClipboardFormatNameW
ValidateRgn
GetWindowThreadProcessId
GetClassInfoExW
DdeAccessData
ShowWindow
GetKeyboardLayout
GetClassInfoW
SetCaretPos
LoadCursorA
FillRect
LoadMenuA
mouse_event
ModifyMenuW
InvalidateRgn
GetMenuItemID
IsIconic
OemToCharA
LoadCursorFromFileW
RegisterWindowMessageA
DispatchMessageW
GetCursorPos
CharPrevA
GetWindowWord

imm32

ImmGetProperty
ImmGetCandidateListCountA
ImmGetCompositionStringA
ImmSetConversionStatus
ImmSetOpenStatus
ImmCreateContext
ImmGetOpenStatus
ImmNotifyIME
ImmInstallIMEA
ImmGetContext
ImmDestroyContext
ImmSimulateHotKey
ImmConfigureIMEA
ImmAssociateContext

rasapi32

RasDialA
RasGetProjectionInfoA

kernel32

WriteFileGather
PulseEvent
GetLongPathNameA

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ransomware-master/etc/Ransomware.Mamba.zip
.zip

Password: infected
131.exe
.exe windows:5 windows x86 arch:x86

dd8fd079a980cb9227eb869f7da9b258

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

shlwapi

PathFileExistsW
PathFileExistsA

kernel32

Sleep
SizeofResource
GetConsoleWindow
GetVersionExW
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
GetLastError
GetProcAddress
GetSystemDirectoryW
CreateEventW
GetModuleFileNameA
GetModuleHandleA
CloseHandle
CreateThread
CreateProcessA
GetExitCodeProcess
WriteConsoleW
WriteFile
GetModuleHandleW
SetEvent
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
LoadResource
FindResourceW
GetNativeSystemInfo
GetCommandLineW
GetFileAttributesExW
SetEnvironmentVariableA
LockResource
GetModuleHandleExW
SetStdHandle
ReadConsoleW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetStringTypeW
HeapFree
HeapAlloc
ExitProcess
SetEndOfFile
AreFileApisANSI
GetCommandLineA
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ReadFile
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
HeapReAlloc
OutputDebugStringW

user32

ExitWindowsEx
ShowWindow

advapi32

RegisterServiceCtrlHandlerW
RevertToSelf
SetServiceStatus
ImpersonateLoggedOnUser
ChangeServiceConfig2W
LookupPrivilegeValueW
CreateProcessAsUserW
LogonUserW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CreateServiceW
AdjustTokenPrivileges

shell32

ShellExecuteW
ShellExecuteA

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ransomware-master/etc/Ransomware.Matsnu.zip
.zip

Password: infected
Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .com_
.exe windows:5 windows x86 arch:x86

bd52eaa585e8f1c2fba85e8df7a2e191

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeDisplayNameW

gdi32

AbortPath
AbortDoc

dbghelp

SymLoadModule64
FindFileInSearchPath
SymGetLineFromAddr64
SymGetSymFromAddr64

clusapi

FailClusterResource
GetClusterFromNetwork
ClusterRegEnumKey
ClusterGroupGetEnumCount
RestoreClusterDatabase
GetClusterNodeId
ClusterRegDeleteValue
CloseClusterResource
ClusterOpenEnum

kernel32

HeapSize
GetLastError
MoveFileA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
HeapFree
GetFileAttributesA
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
ExitProcess
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
WriteConsoleW
MultiByteToWideChar
SetFilePointer
LoadLibraryW
IsProcessorFeaturePresent
HeapAlloc
HeapReAlloc
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
LCMapStringW
GetStringTypeW
CreateFileW

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ransomware-master/etc/Ransomware.Petrwrap.zip
.zip

Password: infected
027cc450ef5f8c5f653329641ec1fed9.exe
.dll windows:5 windows x86 arch:x86

52dd60b5f3c9e2f17c2e303e8c8d4eab

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5
Signer

Actual PE Digest

3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ConnectNamedPipe
GetModuleHandleW
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
GetTempPathW
GetProcAddress
DeleteFileW
FreeLibrary
GlobalAlloc
LoadLibraryW
GetComputerNameExW
GlobalFree
ExitProcess
GetVersionExW
GetModuleFileNameW
DisableThreadLibraryCalls
ResumeThread
GetEnvironmentVariableW
GetFileSize
SetFilePointer
SetLastError
LoadResource
GetCurrentThread
OpenProcess
GetSystemDirectoryW
SizeofResource
GetLocalTime
Process32FirstW
LockResource
Process32NextW
GetModuleHandleA
lstrcatW
CreateToolhelp32Snapshot
GetCurrentProcess
VirtualFree
VirtualAlloc
LoadLibraryA
VirtualProtect
WideCharToMultiByte
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessW
PeekNamedPipe
GetTempFileNameW
InterlockedExchange
LeaveCriticalSection
MultiByteToWideChar
CreateFileA
GetTickCount
CreateThread
LocalFree
FindNextFileW
CreateFileMappingW
LocalAlloc
FindClose
GetFileSizeEx
CreateFileW
Sleep
FlushViewOfFile
GetLogicalDrives
WaitForSingleObject
GetDriveTypeW
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
CloseHandle
DeviceIoControl
GetLastError
GetSystemDirectoryA
ReadFile
WriteFile
GetProcessHeap
InitializeCriticalSection
HeapReAlloc
GetWindowsDirectoryW
EnterCriticalSection
HeapFree
SetFilePointerEx
HeapAlloc
FindResourceW

user32

ExitWindowsEx
wsprintfA
wsprintfW

advapi32

CryptGenRandom
CryptAcquireContextA
CryptExportKey
CryptAcquireContextW
CreateProcessAsUserW
InitiateSystemShutdownExW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetThreadToken
CredEnumerateW
CredFree
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyKey
CryptGenKey
CryptEncrypt
CryptImportKey
CryptSetKeyParam
CryptReleaseContext

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateGuid
CoTaskMemFree
StringFromCLSID

crypt32

CryptStringToBinaryW
CryptBinaryToStringW
CryptDecodeObjectEx

shlwapi

PathAppendW
StrToIntW
PathFindFileNameW
PathFileExistsW
StrCmpW
StrCmpIW
StrChrW
StrCatW
StrStrW
PathFindExtensionW
PathCombineW
StrStrIW

iphlpapi

GetIpNetTable
GetAdaptersInfo

ws2_32

inet_ntoa
gethostbyname
__WSAFDIsSet
ntohl
ioctlsocket
connect
inet_addr
select
recv
send
htons
closesocket
socket
WSAStartup

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCancelConnection2W
WNetAddConnection2W
WNetCloseEnum

netapi32

NetServerEnum
NetApiBufferFree
NetServerGetInfo

dhcpsapi

DhcpEnumSubnetClients
DhcpRpcFreeMemory
DhcpGetSubnetInfo
DhcpEnumSubnets

msvcrt

malloc
_itoa
free
memset
rand
memcpy

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.bin.gz
.gz
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.bin
.dll windows:5 windows x86 arch:x86

52dd60b5f3c9e2f17c2e303e8c8d4eab

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5
Signer

Actual PE Digest

3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ConnectNamedPipe
GetModuleHandleW
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
GetTempPathW
GetProcAddress
DeleteFileW
FreeLibrary
GlobalAlloc
LoadLibraryW
GetComputerNameExW
GlobalFree
ExitProcess
GetVersionExW
GetModuleFileNameW
DisableThreadLibraryCalls
ResumeThread
GetEnvironmentVariableW
GetFileSize
SetFilePointer
SetLastError
LoadResource
GetCurrentThread
OpenProcess
GetSystemDirectoryW
SizeofResource
GetLocalTime
Process32FirstW
LockResource
Process32NextW
GetModuleHandleA
lstrcatW
CreateToolhelp32Snapshot
GetCurrentProcess
VirtualFree
VirtualAlloc
LoadLibraryA
VirtualProtect
WideCharToMultiByte
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessW
PeekNamedPipe
GetTempFileNameW
InterlockedExchange
LeaveCriticalSection
MultiByteToWideChar
CreateFileA
GetTickCount
CreateThread
LocalFree
FindNextFileW
CreateFileMappingW
LocalAlloc
FindClose
GetFileSizeEx
CreateFileW
Sleep
FlushViewOfFile
GetLogicalDrives
WaitForSingleObject
GetDriveTypeW
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
CloseHandle
DeviceIoControl
GetLastError
GetSystemDirectoryA
ReadFile
WriteFile
GetProcessHeap
InitializeCriticalSection
HeapReAlloc
GetWindowsDirectoryW
EnterCriticalSection
HeapFree
SetFilePointerEx
HeapAlloc
FindResourceW

user32

ExitWindowsEx
wsprintfA
wsprintfW

advapi32

CryptGenRandom
CryptAcquireContextA
CryptExportKey
CryptAcquireContextW
CreateProcessAsUserW
InitiateSystemShutdownExW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetThreadToken
CredEnumerateW
CredFree
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyKey
CryptGenKey
CryptEncrypt
CryptImportKey
CryptSetKeyParam
CryptReleaseContext

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateGuid
CoTaskMemFree
StringFromCLSID

crypt32

CryptStringToBinaryW
CryptBinaryToStringW
CryptDecodeObjectEx

shlwapi

PathAppendW
StrToIntW
PathFindFileNameW
PathFileExistsW
StrCmpW
StrCmpIW
StrChrW
StrCatW
StrStrW
PathFindExtensionW
PathCombineW
StrStrIW

iphlpapi

GetIpNetTable
GetAdaptersInfo

ws2_32

inet_ntoa
gethostbyname
__WSAFDIsSet
ntohl
ioctlsocket
connect
inet_addr
select
recv
send
htons
closesocket
socket
WSAStartup

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCancelConnection2W
WNetAddConnection2W
WNetCloseEnum

netapi32

NetServerEnum
NetApiBufferFree
NetServerGetInfo

dhcpsapi

DhcpEnumSubnetClients
DhcpRpcFreeMemory
DhcpGetSubnetInfo
DhcpEnumSubnets

msvcrt

malloc
_itoa
free
memset
rand
memcpy

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6.bin.gz
.gz
fe2e5d0543b4c8769e401ec216d78a5a3547dfd426fd47e097df04a5f7d6d206_OFkNP1kKL9.bin.gz
.gz
myguy.hta
.js
svchost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ransomware-master/etc/Ransomware.Petya.zip
.zip
Ransomware-master/etc/Ransomware.Radamant.zip
.zip
Ransomware-master/etc/Ransomware.Rex.zip
.zip
Ransomware-master/etc/Ransomware.Satana.zip
.zip
Ransomware-master/etc/Ransomware.TeslaCrypt.zip
.zip
Ransomware-master/etc/Ransomware.Vipasana.zip
.zip
Ransomware-master/etc/Ransomware.WannaCry.zip
.zip
Ransomware-master/etc/Ransomware.Wannacry_Plus.zip
.zip
Ransomware-master/etc/Ransomware.library
Ransomware-master/etc/load.sh
.sh .ps1
Ransomware-master/test.py
Ransomware-master/test2.py
Ransomware-master/warna.py

Sharing

General

Malware Config

Signatures

Files

Password: infected

9d6ed8d049bc10bc45b1995cb6f7f4b6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

msvcrt

Sections

.text Size: 315KB - Virtual size: 315KB

.rdata Size: 234KB - Virtual size: 234KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 49KB - Virtual size: 48KB

Password: infected

edbc0337cc897a187d263d79c09c15c7

Headers

DLL Characteristics

File Characteristics

Imports

user32

comdlg32

advapi32

dbghelp

comctl32

kernel32

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 104KB - Virtual size: 51.8MB

.rsrc Size: 90KB - Virtual size: 90KB

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

!mmUPp Size: 209KB - Virtual size: 208KB

.text Size: 70KB - Virtual size: 70KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

Password: infected

0fcea3af550ad0a893e93808dccf17f4

Headers

File Characteristics

Imports

advapi32

user32

imm32

rasapi32

kernel32

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 3.7MB

.rsrc Size: 104KB - Virtual size: 100KB

Password: infected

dd8fd079a980cb9227eb869f7da9b258

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

.text
Size: 315KB - Virtual size: 315KB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 49KB - Virtual size: 48KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 104KB - Virtual size: 51.8MB

.rsrc
Size: 90KB - Virtual size: 90KB

!mmUPp
Size: 209KB - Virtual size: 208KB

.text
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 3.7MB

.rsrc
Size: 104KB - Virtual size: 100KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 39KB - Virtual size: 39KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 3KB - Virtual size: 3KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5
Signer

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 20KB - Virtual size: 38KB

.rsrc
Size: 242KB - Virtual size: 241KB

.reloc
Size: 3KB - Virtual size: 3KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate