d8f3fedde975e393530b694eee1ef9c981b48bc46b4e24749c20189a6fa58e79

Sharing

Copy URL

Twitter E-mail

General

Target

d8f3fedde975e393530b694eee1ef9c981b48bc46b4e24749c20189a6fa58e79
Size

1.9MB
MD5

a2551d50157208ea0b81399b8b44d46e
SHA1

1f8b218fee39e7fb61be18325279fead0699d2f7
SHA256

d8f3fedde975e393530b694eee1ef9c981b48bc46b4e24749c20189a6fa58e79
SHA512

3657a1dde617a65f3a25a1b363512b33aa4c3fb953cdbe93a29bfa9155fb9d8ac64f717a608b7883e8e5f6aeb78740ba8b934defc5561acc89d51265c3e71a20
SSDEEP

49152:5r+vSO4oI3CFrbm439351XisadRziGVIopG0msh5DvLq:5II30b5jpiHT7Vcsh5Dv2

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/202102121641_48eacf290c0ed6287672551fcf426053f754c126c01fe6a01009c0ba599d3b8f.bin
unpack001/202102121641_4b32c3c2d28237ba331ae94e7fe4dfb566a0902d59eb84aa793b3adf0a5f378c.bin
unpack001/202102121641_7ae7db00b573a89b9c435a5147a265dd939d99552b92b5dd9baa9a16f95ae9d5.bin
unpack001/202102121641_8600b6aff4ee95d4f78e5dc77f66af3c07241db926b053144943361bc64c37f7.bin
unpack001/202102121641_ae55975bd40147ab3b9a02f1e2e0279f714bce9845d26ace252cd590a42d733d.bin
unpack001/202102121641_c642dca14e48cae8391d5f100304b399b70a9c3967d7b7d3949ead3b96ba1a63.bin
unpack001/202102121641_cc849b895a0c8237f81ca3fe6395929713fb7b3f0a7744d3ddc3cb08f9f4351d.bin
unpack001/202102121641_f1b9d5520ba13179e19b336e542d18b0bd9f39a2b41d88a739625c8480422b73.bin

Files

d8f3fedde975e393530b694eee1ef9c981b48bc46b4e24749c20189a6fa58e79
.zip
202102121641_48eacf290c0ed6287672551fcf426053f754c126c01fe6a01009c0ba599d3b8f.bin
.dll regsvr32 windows:5 windows x86 arch:x86

ad7c879ee6648e49aa7a1f65db32681d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
memcpy

kernel32

FindClose
CloseHandle
Sleep
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapFree
HeapSize
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
ExitProcess
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WriteConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
HeapReAlloc

user32

SetTimer
DispatchMessageA
GetMessageA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 221KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
202102121641_4b32c3c2d28237ba331ae94e7fe4dfb566a0902d59eb84aa793b3adf0a5f378c.bin
.dll windows:5 windows x86 arch:x86

87646875dcc80e1c8a00a85efe58ac43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
memcpy

kernel32

FindClose
CloseHandle
Sleep
GetTickCount
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapFree
HeapSize
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
ExitProcess
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WriteConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
HeapReAlloc

user32

SetTimer
GetMessageA
DispatchMessageA

Exports

Exports

DllRegisterServer1

Sections

.text
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
202102121641_7ae7db00b573a89b9c435a5147a265dd939d99552b92b5dd9baa9a16f95ae9d5.bin
.dll regsvr32 windows:5 windows x86 arch:x86

7db610b9f30e5230faec709d0d62a983

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
memcpy

kernel32

TlsAlloc
WriteConsoleW
Sleep
HeapAlloc
HeapFree
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
SetFilePointerEx
CloseHandle
GetConsoleMode
ExitProcess
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateFileW
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetStringTypeW
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP

user32

GetMessageA
SetTimer
DispatchMessageA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
202102121641_8600b6aff4ee95d4f78e5dc77f66af3c07241db926b053144943361bc64c37f7.bin
.dll windows:4 windows x86 arch:x86

8975c0970ebc2a2322d187ca6621edde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Growsay\therewind\hopeRose\Else.pdb

Imports

kernel32

GetCurrentThread
DuplicateHandle
PeekNamedPipe
GetExitCodeProcess
GetEnvironmentVariableA
ResetEvent
DeleteFileA
OpenMutexA
CreateMutexA
MoveFileExA
GetCurrentProcessId
GetFileTime
GetModuleFileNameA
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationA
Sleep
GetSystemDirectoryA
VirtualProtect
GetTempPathA
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
RaiseException
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

winspool.drv

GetPrinterA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetPrinterDataA

Exports

Exports

Saidrich

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
202102121641_ae55975bd40147ab3b9a02f1e2e0279f714bce9845d26ace252cd590a42d733d.bin
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.code
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdatat
Size: 7KB - Virtual size: 32.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NewIT
Size: 512B - Virtual size: 285B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
202102121641_c642dca14e48cae8391d5f100304b399b70a9c3967d7b7d3949ead3b96ba1a63.bin
.dll regsvr32 windows:4 windows x86 arch:x86

b1499cb142564fa400e4b0c23ddfe209

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
lstrlenA
lstrcatA
GetCurrentThread
GetConsoleCP
GetACP
lstrcmpA
GetCurrentProcess
GetProcessId
SetLastError
GetCurrentThreadId
GetLastError
GetVersion
GetTickCount

user32

GetGUIThreadInfo
CheckRadioButton
GetCursorInfo
GetKeyboardType
GetAsyncKeyState
ReleaseDC
CheckMenuRadioItem
GetWindowDC
CheckMenuItem
SetCursor
ShowCursor
GetWindowThreadProcessId
SetFocus
GetCursorPos
ShowWindow
GetActiveWindow
SetWindowPos
ReleaseCapture
GetCapture
CheckDlgButton
GetCaretBlinkTime

oleacc

DllRegisterServer

gdi32

DdEntry1

oleaut32

VariantCopyInd

Exports

Exports

DllRegisterServer

Sections

.code
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 64.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
202102121641_cc849b895a0c8237f81ca3fe6395929713fb7b3f0a7744d3ddc3cb08f9f4351d.bin
.dll windows:4 windows x86 arch:x86

a6d55890f5859d9f8802dc75c82d2c1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\housebar\Crosstown\WifeTalk\windowact\raceBank\Hunt.pdb

Imports

kernel32

GetProcAddress
GetSystemDirectoryA
VirtualProtect
GetCurrentDirectoryA
FindFirstChangeNotificationA
GetTempPathA
LoadLibraryA
HeapSize
RtlUnwind
FreeLibrary
GetTickCount
Sleep
EnterCriticalSection
GetEnvironmentVariableA
InitializeCriticalSection
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLocaleInfoA
WriteFile
VirtualAlloc
HeapReAlloc

user32

ExitWindowsEx
EndDeferWindowPos
SetParent
InflateRect
IntersectRect

gdi32

GetTextExtentPoint32A
SetPixel
StretchBlt
CreateCompatibleBitmap
PatBlt

Exports

Exports

@DllRegisterServer@0
@Lake@0

Sections

.text
Size: 528KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
202102121641_f1b9d5520ba13179e19b336e542d18b0bd9f39a2b41d88a739625c8480422b73.bin
.dll windows:5 windows x86 arch:x86

89cc9d6792f17d6eec1bfb53516f1f37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

__std_type_info_destroy_list
memset
memcpy

kernel32

WriteConsoleW
SetFilePointerEx
Sleep
GetProcAddress
LoadLibraryA
GetLastError
HeapFree
GetModuleHandleW
HeapAlloc
GetProcessHeap
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
CreateFileW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
HeapReAlloc
RtlUnwind
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
DisableThreadLibraryCalls
InitializeSListHead
CloseHandle
GetConsoleMode
GetModuleFileNameA
FindClose
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP

user32

SetTimer
DispatchMessageA
GetMessageA

Exports

Exports

DllRegisterServer1

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 221KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7c879ee6648e49aa7a1f65db32681d

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

kernel32

user32

Exports

Exports

Sections

.text Size: 179KB - Virtual size: 179KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 221KB - Virtual size: 223KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 3KB

87646875dcc80e1c8a00a85efe58ac43

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

kernel32

user32

Exports

Exports

Sections

.text Size: 361KB - Virtual size: 360KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 220KB - Virtual size: 222KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 3KB

7db610b9f30e5230faec709d0d62a983

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

kernel32

user32

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.data Size: 203KB - Virtual size: 203KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 18KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

8975c0970ebc2a2322d187ca6621edde

Headers

File Characteristics

PDB Paths

Imports

kernel32

winspool.drv

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 8KB - Virtual size: 47KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.code Size: 67KB - Virtual size: 66KB

.rdatat Size: 7KB - Virtual size: 32.0MB

.rsrc Size: 17KB - Virtual size: 17KB

.NewIT Size: 512B - Virtual size: 285B

b1499cb142564fa400e4b0c23ddfe209

Headers

File Characteristics

Imports

.text
Size: 179KB - Virtual size: 179KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 221KB - Virtual size: 223KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 361KB - Virtual size: 360KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 220KB - Virtual size: 222KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 58KB - Virtual size: 57KB

.data
Size: 203KB - Virtual size: 203KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 8KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB

.code
Size: 67KB - Virtual size: 66KB

.rdatat
Size: 7KB - Virtual size: 32.0MB

.rsrc
Size: 17KB - Virtual size: 17KB

.NewIT
Size: 512B - Virtual size: 285B

.code
Size: 327KB - Virtual size: 326KB

.data
Size: 512B - Virtual size: 80B

.rdata
Size: 20KB - Virtual size: 64.0MB

.rsrc
Size: 33KB - Virtual size: 33KB

.text
Size: 528KB - Virtual size: 524KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 35KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 221KB - Virtual size: 223KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 3KB