Overview
overview
10Static
static
100A6172B017F62EAA.exe
windows7-x64
100A6172B017F62EAA.exe
windows10-2004-x64
102891E1D4BAC70EBA.exe
windows7-x64
102891E1D4BAC70EBA.exe
windows10-2004-x64
103472CB2D1AB89AAB.exe
windows7-x64
103472CB2D1AB89AAB.exe
windows10-2004-x64
10613788884CE0093F.exe
windows7-x64
10613788884CE0093F.exe
windows10-2004-x64
107189AED8B8AE6568.exe
windows7-x64
107189AED8B8AE6568.exe
windows10-2004-x64
10CC3B1F89FAA517E4.exe
windows7-x64
10CC3B1F89FAA517E4.exe
windows10-2004-x64
10F5657AC3DC58DC8C.exe
windows7-x64
10F5657AC3DC58DC8C.exe
windows10-2004-x64
10Behavioral task
behavioral1
Sample
0A6172B017F62EAA.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0A6172B017F62EAA.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
2891E1D4BAC70EBA.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
2891E1D4BAC70EBA.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
3472CB2D1AB89AAB.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
3472CB2D1AB89AAB.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
613788884CE0093F.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
613788884CE0093F.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
7189AED8B8AE6568.exe
Resource
win7-20241023-en
Behavioral task
behavioral10
Sample
7189AED8B8AE6568.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
CC3B1F89FAA517E4.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
CC3B1F89FAA517E4.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
F5657AC3DC58DC8C.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
F5657AC3DC58DC8C.exe
Resource
win10v2004-20241007-en
General
-
Target
0461e6e8f234e00307331dae19d3512950bbf3cdf7a1ec32802dff62cc14c90c.zip
-
Size
562KB
-
MD5
be8d17952bcdf0bac1696e7f9d4fc337
-
SHA1
902f122bf960a82331505e82c143af91424db1fd
-
SHA256
0461e6e8f234e00307331dae19d3512950bbf3cdf7a1ec32802dff62cc14c90c
-
SHA512
79aea791aa8a43ae88bbb27501f09f16b6f63165481b4faa7357a3f037b59a012ec0444954df41f39eadcc02a1d77d34d17eafaad46b55b023e52f61e0950e84
-
SSDEEP
12288:7Mgw/UcFZJP2zC7ttD0ZgDn/rvPxemsMgw/UUZJP2z/jrEL0cAB3:7M2cF2zQpCgnc/M2U2znELHAB3
Malware Config
Signatures
-
Detect Neshta payload 1 IoCs
resource yara_rule static1/unpack001/F5657AC3DC58DC8C.exe family_neshta -
Neshta family
-
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource unpack001/0A6172B017F62EAA.exe unpack001/2891E1D4BAC70EBA.exe unpack001/3472CB2D1AB89AAB.exe unpack001/613788884CE0093F.exe unpack001/7189AED8B8AE6568.exe unpack001/CC3B1F89FAA517E4.exe unpack001/F5657AC3DC58DC8C.exe
Files
-
0461e6e8f234e00307331dae19d3512950bbf3cdf7a1ec32802dff62cc14c90c.zip.zip
-
0A6172B017F62EAA.exe.exe windows:6 windows x86 arch:x86
5faa97909af8129b66dff3dd95bb8fb1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeCriticalSection
SetFilePointer
CreateFileW
lstrcatW
CloseHandle
GetLocalTime
DeleteCriticalSection
SetPriorityClass
GetCurrentProcess
Wow64DisableWow64FsRedirection
TerminateProcess
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenProcess
Wow64RevertWow64FsRedirection
GetLastError
GetProcAddress
ExitProcess
GetModuleHandleW
ReadFile
GetLogicalDrives
FindFirstFileW
GetFileSizeEx
FindNextFileW
WaitForMultipleObjects
SetThreadPriority
LeaveCriticalSection
lstrlenA
FindClose
PostQueuedCompletionStatus
SetFileAttributesW
Sleep
GetCurrentThread
GetSystemInfo
LoadLibraryW
CreateThread
SetFilePointerEx
LocalFree
MoveFileExW
GetCurrentProcessId
CreateIoCompletionPort
GetDriveTypeW
SetConsoleCtrlHandler
GetConsoleWindow
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
GetModuleFileNameW
WriteFile
EnterCriticalSection
lstrcmpiW
lstrcpyW
lstrlenW
GetCommandLineW
GetQueuedCompletionStatus
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
GetModuleHandleExW
GetCommandLineA
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
user32
wsprintfW
wsprintfA
ShowWindow
advapi32
AdjustTokenPrivileges
OpenProcessToken
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
LookupPrivilegeValueW
shell32
CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteW
rstrtmgr
RmRegisterResources
RmGetList
RmStartSession
RmEndSession
shlwapi
wvnsprintfW
PathFindExtensionW
PathRemoveFileSpecW
Sections
.text Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
2891E1D4BAC70EBA.exe.exe windows:6 windows x86 arch:x86
5faa97909af8129b66dff3dd95bb8fb1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeCriticalSection
SetFilePointer
CreateFileW
lstrcatW
CloseHandle
GetLocalTime
DeleteCriticalSection
SetPriorityClass
GetCurrentProcess
Wow64DisableWow64FsRedirection
TerminateProcess
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenProcess
Wow64RevertWow64FsRedirection
GetLastError
GetProcAddress
ExitProcess
GetModuleHandleW
ReadFile
GetLogicalDrives
FindFirstFileW
GetFileSizeEx
FindNextFileW
WaitForMultipleObjects
SetThreadPriority
LeaveCriticalSection
lstrlenA
FindClose
PostQueuedCompletionStatus
SetFileAttributesW
Sleep
GetCurrentThread
GetSystemInfo
LoadLibraryW
CreateThread
SetFilePointerEx
LocalFree
MoveFileExW
GetCurrentProcessId
CreateIoCompletionPort
GetDriveTypeW
SetConsoleCtrlHandler
GetConsoleWindow
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
GetModuleFileNameW
WriteFile
EnterCriticalSection
lstrcmpiW
lstrcpyW
lstrlenW
GetCommandLineW
GetQueuedCompletionStatus
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
GetModuleHandleExW
GetCommandLineA
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
user32
wsprintfW
wsprintfA
ShowWindow
advapi32
AdjustTokenPrivileges
OpenProcessToken
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
LookupPrivilegeValueW
shell32
CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteW
rstrtmgr
RmRegisterResources
RmGetList
RmStartSession
RmEndSession
shlwapi
wvnsprintfW
PathFindExtensionW
PathRemoveFileSpecW
Sections
.text Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
3472CB2D1AB89AAB.exe.exe windows:6 windows x86 arch:x86
5faa97909af8129b66dff3dd95bb8fb1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeCriticalSection
SetFilePointer
CreateFileW
lstrcatW
CloseHandle
GetLocalTime
DeleteCriticalSection
SetPriorityClass
GetCurrentProcess
Wow64DisableWow64FsRedirection
TerminateProcess
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenProcess
Wow64RevertWow64FsRedirection
GetLastError
GetProcAddress
ExitProcess
GetModuleHandleW
ReadFile
GetLogicalDrives
FindFirstFileW
GetFileSizeEx
FindNextFileW
WaitForMultipleObjects
SetThreadPriority
LeaveCriticalSection
lstrlenA
FindClose
PostQueuedCompletionStatus
SetFileAttributesW
Sleep
GetCurrentThread
GetSystemInfo
LoadLibraryW
CreateThread
SetFilePointerEx
LocalFree
MoveFileExW
GetCurrentProcessId
CreateIoCompletionPort
GetDriveTypeW
SetConsoleCtrlHandler
GetConsoleWindow
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
GetModuleFileNameW
WriteFile
EnterCriticalSection
lstrcmpiW
lstrcpyW
lstrlenW
GetCommandLineW
GetQueuedCompletionStatus
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
GetModuleHandleExW
GetCommandLineA
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
user32
wsprintfW
wsprintfA
ShowWindow
advapi32
AdjustTokenPrivileges
OpenProcessToken
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
LookupPrivilegeValueW
shell32
CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteW
rstrtmgr
RmRegisterResources
RmGetList
RmStartSession
RmEndSession
shlwapi
wvnsprintfW
PathFindExtensionW
PathRemoveFileSpecW
Sections
.text Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
613788884CE0093F.exe.exe windows:6 windows x86 arch:x86
5faa97909af8129b66dff3dd95bb8fb1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeCriticalSection
SetFilePointer
CreateFileW
lstrcatW
CloseHandle
GetLocalTime
DeleteCriticalSection
SetPriorityClass
GetCurrentProcess
Wow64DisableWow64FsRedirection
TerminateProcess
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenProcess
Wow64RevertWow64FsRedirection
GetLastError
GetProcAddress
ExitProcess
GetModuleHandleW
ReadFile
GetLogicalDrives
FindFirstFileW
GetFileSizeEx
FindNextFileW
WaitForMultipleObjects
SetThreadPriority
LeaveCriticalSection
lstrlenA
FindClose
PostQueuedCompletionStatus
SetFileAttributesW
Sleep
GetCurrentThread
GetSystemInfo
LoadLibraryW
CreateThread
SetFilePointerEx
LocalFree
MoveFileExW
GetCurrentProcessId
CreateIoCompletionPort
GetDriveTypeW
SetConsoleCtrlHandler
GetConsoleWindow
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
GetModuleFileNameW
WriteFile
EnterCriticalSection
lstrcmpiW
lstrcpyW
lstrlenW
GetCommandLineW
GetQueuedCompletionStatus
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
GetModuleHandleExW
GetCommandLineA
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
user32
wsprintfW
wsprintfA
ShowWindow
advapi32
AdjustTokenPrivileges
OpenProcessToken
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
LookupPrivilegeValueW
shell32
CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteW
rstrtmgr
RmRegisterResources
RmGetList
RmStartSession
RmEndSession
shlwapi
wvnsprintfW
PathFindExtensionW
PathRemoveFileSpecW
Sections
.text Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
7189AED8B8AE6568.exe.exe windows:6 windows x86 arch:x86
5faa97909af8129b66dff3dd95bb8fb1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeCriticalSection
SetFilePointer
CreateFileW
lstrcatW
CloseHandle
GetLocalTime
DeleteCriticalSection
SetPriorityClass
GetCurrentProcess
Wow64DisableWow64FsRedirection
TerminateProcess
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenProcess
Wow64RevertWow64FsRedirection
GetLastError
GetProcAddress
ExitProcess
GetModuleHandleW
ReadFile
GetLogicalDrives
FindFirstFileW
GetFileSizeEx
FindNextFileW
WaitForMultipleObjects
SetThreadPriority
LeaveCriticalSection
lstrlenA
FindClose
PostQueuedCompletionStatus
SetFileAttributesW
Sleep
GetCurrentThread
GetSystemInfo
LoadLibraryW
CreateThread
SetFilePointerEx
LocalFree
MoveFileExW
GetCurrentProcessId
CreateIoCompletionPort
GetDriveTypeW
SetConsoleCtrlHandler
GetConsoleWindow
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
GetModuleFileNameW
WriteFile
EnterCriticalSection
lstrcmpiW
lstrcpyW
lstrlenW
GetCommandLineW
GetQueuedCompletionStatus
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
GetModuleHandleExW
GetCommandLineA
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
user32
wsprintfW
wsprintfA
ShowWindow
advapi32
AdjustTokenPrivileges
OpenProcessToken
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
LookupPrivilegeValueW
shell32
CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteW
rstrtmgr
RmRegisterResources
RmGetList
RmStartSession
RmEndSession
shlwapi
wvnsprintfW
PathFindExtensionW
PathRemoveFileSpecW
Sections
.text Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
CC3B1F89FAA517E4.exe.exe windows:6 windows x86 arch:x86
5faa97909af8129b66dff3dd95bb8fb1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeCriticalSection
SetFilePointer
CreateFileW
lstrcatW
CloseHandle
GetLocalTime
DeleteCriticalSection
SetPriorityClass
GetCurrentProcess
Wow64DisableWow64FsRedirection
TerminateProcess
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenProcess
Wow64RevertWow64FsRedirection
GetLastError
GetProcAddress
ExitProcess
GetModuleHandleW
ReadFile
GetLogicalDrives
FindFirstFileW
GetFileSizeEx
FindNextFileW
WaitForMultipleObjects
SetThreadPriority
LeaveCriticalSection
lstrlenA
FindClose
PostQueuedCompletionStatus
SetFileAttributesW
Sleep
GetCurrentThread
GetSystemInfo
LoadLibraryW
CreateThread
SetFilePointerEx
LocalFree
MoveFileExW
GetCurrentProcessId
CreateIoCompletionPort
GetDriveTypeW
SetConsoleCtrlHandler
GetConsoleWindow
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
GetModuleFileNameW
WriteFile
EnterCriticalSection
lstrcmpiW
lstrcpyW
lstrlenW
GetCommandLineW
GetQueuedCompletionStatus
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
GetModuleHandleExW
GetCommandLineA
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
user32
wsprintfW
wsprintfA
ShowWindow
advapi32
AdjustTokenPrivileges
OpenProcessToken
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
LookupPrivilegeValueW
shell32
CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteW
rstrtmgr
RmRegisterResources
RmGetList
RmStartSession
RmEndSession
shlwapi
wvnsprintfW
PathFindExtensionW
PathRemoveFileSpecW
Sections
.text Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
F5657AC3DC58DC8C.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 536B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 42KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ