JaffaCakes118_58c50cebcd8465aff4672fdf8beae81678bd16409addfaa8135506ca90967822

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_58c50cebcd8465aff4672fdf8beae81678bd16409addfaa8135506ca90967822
Size

3.2MB
MD5

0e159d601ad7a0f141cf0f5e373cadc8
SHA1

073b5a691a9823bd82b0bdc8398319528f2e42fb
SHA256

58c50cebcd8465aff4672fdf8beae81678bd16409addfaa8135506ca90967822
SHA512

b9653c2ab9b655707335bb4ec7b76f0dff4385839fade9e2b0c78eb5c2a086fa25aaf0ee41754d42c2cdfe9afc8a26b0b6099f54e1ec9afb05bae166fad09907
SSDEEP

98304:f2mUjqT3Xm10pwOmqEBPJpjqTxqPtqTQp6Hss:fXBTmZv3BPCTcPETQ6

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/2b10ad4890c4d6e2861533cc7260a9fdc7871ea2	upx
static1/unpack001/c4bd712a7f7185a2224806b85f3c6ac48de067e38d554608b3ee92422d902b28	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/09472e7d9209b7cfc3bbc2e815a2aa843133395b
unpack001/2b10ad4890c4d6e2861533cc7260a9fdc7871ea2
unpack002/out.upx
unpack001/352b1f3533ded8c575246d4466f68c49
unpack001/45295780f2ba837be42ccf50710bd2b5
unpack001/60c16e45c5cbe88a38911f1e3176d90444e4884261d8481d4d719acec1bc5025
unpack001/75a3cf8ced873ee7bc415e27e108496b
unpack001/7dee29fbeb5af549cb8a68dc47adf9721eb2b726
unpack001/9b40b0d3b228d9e958c8d45fb8cec64c6851d113
unpack001/aaec6ae400b38b95ae414481d8d45f0281cf26f59f8592567dfe2223f66024ad
unpack001/ac94165d63c75f4adf1728aa2ecb776ac7c1c18e
unpack001/b513cfbd101e728ec41c9d6f6515278434820466bfe8e4bc1849f2418d3f86da
unpack001/c4bd712a7f7185a2224806b85f3c6ac48de067e38d554608b3ee92422d902b28
unpack003/out.upx
unpack001/e430730620feec3673b9c38d87482c9294421b19
unpack001/ea67e662ba55629b40d0eddbaaafc824e5809f31c9e35222104637a67615c51d
unpack001/f2e040d2c5fea1fb5e9797f7deff0a63
unpack001/f937b1b7b3593a38702f870077658a891974edda

Files

JaffaCakes118_58c50cebcd8465aff4672fdf8beae81678bd16409addfaa8135506ca90967822
.zip
09472e7d9209b7cfc3bbc2e815a2aa843133395b
.exe windows:5 windows x86 arch:x86

2ce62b0c0226079a88a01c701dbee7b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetCurrentThread
SetLastError
Sleep
CloseHandle
LoadLibraryA
WinExec
GetProcAddress
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

advapi32

CloseServiceHandle

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1dd4a0983a6884dddc3edf27eb5fdfc87664ed63
.exe windows:5 windows x86 arch:x86

dda5d831c197f5dbe3e053a5775ec949

Code Sign

6b:00:00:03:f4:e3:a6:7a:23:48:55:0c:33:00:00:00:00:03:f4
Certificate

Issuer

CN=Microsoft RSA TLS CA 01,O=Microsoft Corporation,C=US

Not Before

28-08-2020 22:17

Not After

28-08-2021 22:17

Subject

CN=www.microsoft.com,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0
Signer

Actual PE Digest

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetTempFileNameW
GlobalMemoryStatus
WriteConsoleOutputCharacterW
lstrlenA
EnumDateFormatsExW
GetModuleHandleExA
SetEndOfFile
FindResourceExW
SystemTimeToTzSpecificLocalTime
HeapAlloc
SetWaitableTimer
ScrollConsoleScreenBufferW
GlobalLock
ConnectNamedPipe
GetConsoleAliasesA
GetCompressedFileSizeW
GlobalFindAtomA
LoadLibraryW
SizeofResource
GetSystemTimeAdjustment
InterlockedPopEntrySList
GetExitCodeProcess
GetModuleFileNameW
GetTimeZoneInformation
RaiseException
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
HeapUnlock
GetConsoleDisplayMode
GlobalFree
OpenWaitableTimerA
GetAtomNameA
LocalAlloc
AddVectoredExceptionHandler
AddAtomW
GetCommMask
GetCurrentConsoleFont
GetSystemInfo
lstrcatW
CompareStringA
DeleteTimerQueueTimer
GetCurrentProcessId
SetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetLastError
SetConsoleCtrlHandler
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
ReadFile
CreateFileA
CloseHandle
CompareStringW
SetEnvironmentVariableA

Exports

Exports

Fobos
Left
OneMore
People
Superman

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yaxo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2b10ad4890c4d6e2861533cc7260a9fdc7871ea2
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 144KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
352b1f3533ded8c575246d4466f68c49
.exe windows:5 windows x86 arch:x86

dda5d831c197f5dbe3e053a5775ec949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetTempFileNameW
GlobalMemoryStatus
WriteConsoleOutputCharacterW
lstrlenA
EnumDateFormatsExW
GetModuleHandleExA
SetEndOfFile
FindResourceExW
SystemTimeToTzSpecificLocalTime
HeapAlloc
SetWaitableTimer
ScrollConsoleScreenBufferW
GlobalLock
ConnectNamedPipe
GetConsoleAliasesA
GetCompressedFileSizeW
GlobalFindAtomA
LoadLibraryW
SizeofResource
GetSystemTimeAdjustment
InterlockedPopEntrySList
GetExitCodeProcess
GetModuleFileNameW
GetTimeZoneInformation
RaiseException
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
HeapUnlock
GetConsoleDisplayMode
GlobalFree
OpenWaitableTimerA
GetAtomNameA
LocalAlloc
AddVectoredExceptionHandler
AddAtomW
GetCommMask
GetCurrentConsoleFont
GetSystemInfo
lstrcatW
CompareStringA
DeleteTimerQueueTimer
GetCurrentProcessId
SetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetLastError
SetConsoleCtrlHandler
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
ReadFile
CreateFileA
CloseHandle
CompareStringW
SetEnvironmentVariableA

Exports

Exports

Fobos
Left
OneMore
People
Superman

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yaxo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
45295780f2ba837be42ccf50710bd2b5
.exe windows:5 windows x86 arch:x86

cbfa324cd4feacb8ad7b2aeb97b2deec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualFree
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
SetEndOfFile
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4d74af75deddc969fef5fd89e65fa251
.exe windows:5 windows x86 arch:x86

dda5d831c197f5dbe3e053a5775ec949

Code Sign

6b:00:00:03:f4:e3:a6:7a:23:48:55:0c:33:00:00:00:00:03:f4
Certificate

Issuer

CN=Microsoft RSA TLS CA 01,O=Microsoft Corporation,C=US

Not Before

28-08-2020 22:17

Not After

28-08-2021 22:17

Subject

CN=www.microsoft.com,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0
Signer

Actual PE Digest

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetTempFileNameW
GlobalMemoryStatus
WriteConsoleOutputCharacterW
lstrlenA
EnumDateFormatsExW
GetModuleHandleExA
SetEndOfFile
FindResourceExW
SystemTimeToTzSpecificLocalTime
HeapAlloc
SetWaitableTimer
ScrollConsoleScreenBufferW
GlobalLock
ConnectNamedPipe
GetConsoleAliasesA
GetCompressedFileSizeW
GlobalFindAtomA
LoadLibraryW
SizeofResource
GetSystemTimeAdjustment
InterlockedPopEntrySList
GetExitCodeProcess
GetModuleFileNameW
GetTimeZoneInformation
RaiseException
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
HeapUnlock
GetConsoleDisplayMode
GlobalFree
OpenWaitableTimerA
GetAtomNameA
LocalAlloc
AddVectoredExceptionHandler
AddAtomW
GetCommMask
GetCurrentConsoleFont
GetSystemInfo
lstrcatW
CompareStringA
DeleteTimerQueueTimer
GetCurrentProcessId
SetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetLastError
SetConsoleCtrlHandler
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
ReadFile
CreateFileA
CloseHandle
CompareStringW
SetEnvironmentVariableA

Exports

Exports

Fobos
Left
OneMore
People
Superman

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yaxo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
60c16e45c5cbe88a38911f1e3176d90444e4884261d8481d4d719acec1bc5025
.exe windows:5 windows x86 arch:x86

cbfa324cd4feacb8ad7b2aeb97b2deec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualFree
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
SetEndOfFile
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
75a3cf8ced873ee7bc415e27e108496b
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7dee29fbeb5af549cb8a68dc47adf9721eb2b726
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8879a8d1508c3297200c608f3a93da5387521767c050f17aed78dde8a0cbfe12
.exe windows:5 windows x86 arch:x86

dda5d831c197f5dbe3e053a5775ec949

Code Sign

6b:00:00:03:f4:e3:a6:7a:23:48:55:0c:33:00:00:00:00:03:f4
Certificate

Issuer

CN=Microsoft RSA TLS CA 01,O=Microsoft Corporation,C=US

Not Before

28-08-2020 22:17

Not After

28-08-2021 22:17

Subject

CN=www.microsoft.com,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0
Signer

Actual PE Digest

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetTempFileNameW
GlobalMemoryStatus
WriteConsoleOutputCharacterW
lstrlenA
EnumDateFormatsExW
GetModuleHandleExA
SetEndOfFile
FindResourceExW
SystemTimeToTzSpecificLocalTime
HeapAlloc
SetWaitableTimer
ScrollConsoleScreenBufferW
GlobalLock
ConnectNamedPipe
GetConsoleAliasesA
GetCompressedFileSizeW
GlobalFindAtomA
LoadLibraryW
SizeofResource
GetSystemTimeAdjustment
InterlockedPopEntrySList
GetExitCodeProcess
GetModuleFileNameW
GetTimeZoneInformation
RaiseException
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
HeapUnlock
GetConsoleDisplayMode
GlobalFree
OpenWaitableTimerA
GetAtomNameA
LocalAlloc
AddVectoredExceptionHandler
AddAtomW
GetCommMask
GetCurrentConsoleFont
GetSystemInfo
lstrcatW
CompareStringA
DeleteTimerQueueTimer
GetCurrentProcessId
SetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetLastError
SetConsoleCtrlHandler
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
ReadFile
CreateFileA
CloseHandle
CompareStringW
SetEnvironmentVariableA

Exports

Exports

Fobos
Left
OneMore
People
Superman

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yaxo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9b40b0d3b228d9e958c8d45fb8cec64c6851d113
.exe windows:5 windows x86 arch:x86

dda5d831c197f5dbe3e053a5775ec949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetTempFileNameW
GlobalMemoryStatus
WriteConsoleOutputCharacterW
lstrlenA
EnumDateFormatsExW
GetModuleHandleExA
SetEndOfFile
FindResourceExW
SystemTimeToTzSpecificLocalTime
HeapAlloc
SetWaitableTimer
ScrollConsoleScreenBufferW
GlobalLock
ConnectNamedPipe
GetConsoleAliasesA
GetCompressedFileSizeW
GlobalFindAtomA
LoadLibraryW
SizeofResource
GetSystemTimeAdjustment
InterlockedPopEntrySList
GetExitCodeProcess
GetModuleFileNameW
GetTimeZoneInformation
RaiseException
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
HeapUnlock
GetConsoleDisplayMode
GlobalFree
OpenWaitableTimerA
GetAtomNameA
LocalAlloc
AddVectoredExceptionHandler
AddAtomW
GetCommMask
GetCurrentConsoleFont
GetSystemInfo
lstrcatW
CompareStringA
DeleteTimerQueueTimer
GetCurrentProcessId
SetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetLastError
SetConsoleCtrlHandler
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
ReadFile
CreateFileA
CloseHandle
CompareStringW
SetEnvironmentVariableA

Exports

Exports

Fobos
Left
OneMore
People
Superman

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yaxo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aaec6ae400b38b95ae414481d8d45f0281cf26f59f8592567dfe2223f66024ad
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aaf3abc4054f800aaa429c4f2e4b20af
.exe windows:5 windows x86 arch:x86

dda5d831c197f5dbe3e053a5775ec949

Code Sign

6b:00:00:03:f4:e3:a6:7a:23:48:55:0c:33:00:00:00:00:03:f4
Certificate

Issuer

CN=Microsoft RSA TLS CA 01,O=Microsoft Corporation,C=US

Not Before

28-08-2020 22:17

Not After

28-08-2021 22:17

Subject

CN=www.microsoft.com,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0
Signer

Actual PE Digest

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetTempFileNameW
GlobalMemoryStatus
WriteConsoleOutputCharacterW
lstrlenA
EnumDateFormatsExW
GetModuleHandleExA
SetEndOfFile
FindResourceExW
SystemTimeToTzSpecificLocalTime
HeapAlloc
SetWaitableTimer
ScrollConsoleScreenBufferW
GlobalLock
ConnectNamedPipe
GetConsoleAliasesA
GetCompressedFileSizeW
GlobalFindAtomA
LoadLibraryW
SizeofResource
GetSystemTimeAdjustment
InterlockedPopEntrySList
GetExitCodeProcess
GetModuleFileNameW
GetTimeZoneInformation
RaiseException
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
HeapUnlock
GetConsoleDisplayMode
GlobalFree
OpenWaitableTimerA
GetAtomNameA
LocalAlloc
AddVectoredExceptionHandler
AddAtomW
GetCommMask
GetCurrentConsoleFont
GetSystemInfo
lstrcatW
CompareStringA
DeleteTimerQueueTimer
GetCurrentProcessId
SetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetLastError
SetConsoleCtrlHandler
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
ReadFile
CreateFileA
CloseHandle
CompareStringW
SetEnvironmentVariableA

Exports

Exports

Fobos
Left
OneMore
People
Superman

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yaxo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ac94165d63c75f4adf1728aa2ecb776ac7c1c18e
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b513cfbd101e728ec41c9d6f6515278434820466bfe8e4bc1849f2418d3f86da
.exe windows:5 windows x86 arch:x86

dda5d831c197f5dbe3e053a5775ec949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetTempFileNameW
GlobalMemoryStatus
WriteConsoleOutputCharacterW
lstrlenA
EnumDateFormatsExW
GetModuleHandleExA
SetEndOfFile
FindResourceExW
SystemTimeToTzSpecificLocalTime
HeapAlloc
SetWaitableTimer
ScrollConsoleScreenBufferW
GlobalLock
ConnectNamedPipe
GetConsoleAliasesA
GetCompressedFileSizeW
GlobalFindAtomA
LoadLibraryW
SizeofResource
GetSystemTimeAdjustment
InterlockedPopEntrySList
GetExitCodeProcess
GetModuleFileNameW
GetTimeZoneInformation
RaiseException
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
HeapUnlock
GetConsoleDisplayMode
GlobalFree
OpenWaitableTimerA
GetAtomNameA
LocalAlloc
AddVectoredExceptionHandler
AddAtomW
GetCommMask
GetCurrentConsoleFont
GetSystemInfo
lstrcatW
CompareStringA
DeleteTimerQueueTimer
GetCurrentProcessId
SetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetLastError
SetConsoleCtrlHandler
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
ReadFile
CreateFileA
CloseHandle
CompareStringW
SetEnvironmentVariableA

Exports

Exports

Fobos
Left
OneMore
People
Superman

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yaxo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c4bd712a7f7185a2224806b85f3c6ac48de067e38d554608b3ee92422d902b28
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 144KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
de2b5aa6de6f7ff053308084217f7a9b977489027fb103729d6a7d94298c6a6b
.exe windows:5 windows x86 arch:x86

dda5d831c197f5dbe3e053a5775ec949

Code Sign

6b:00:00:03:f4:e3:a6:7a:23:48:55:0c:33:00:00:00:00:03:f4
Certificate

Issuer

CN=Microsoft RSA TLS CA 01,O=Microsoft Corporation,C=US

Not Before

28-08-2020 22:17

Not After

28-08-2021 22:17

Subject

CN=www.microsoft.com,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0
Signer

Actual PE Digest

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetTempFileNameW
GlobalMemoryStatus
WriteConsoleOutputCharacterW
lstrlenA
EnumDateFormatsExW
GetModuleHandleExA
SetEndOfFile
FindResourceExW
SystemTimeToTzSpecificLocalTime
HeapAlloc
SetWaitableTimer
ScrollConsoleScreenBufferW
GlobalLock
ConnectNamedPipe
GetConsoleAliasesA
GetCompressedFileSizeW
GlobalFindAtomA
LoadLibraryW
SizeofResource
GetSystemTimeAdjustment
InterlockedPopEntrySList
GetExitCodeProcess
GetModuleFileNameW
GetTimeZoneInformation
RaiseException
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
HeapUnlock
GetConsoleDisplayMode
GlobalFree
OpenWaitableTimerA
GetAtomNameA
LocalAlloc
AddVectoredExceptionHandler
AddAtomW
GetCommMask
GetCurrentConsoleFont
GetSystemInfo
lstrcatW
CompareStringA
DeleteTimerQueueTimer
GetCurrentProcessId
SetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetLastError
SetConsoleCtrlHandler
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
ReadFile
CreateFileA
CloseHandle
CompareStringW
SetEnvironmentVariableA

Exports

Exports

Fobos
Left
OneMore
People
Superman

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yaxo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e430730620feec3673b9c38d87482c9294421b19
.exe windows:5 windows x86 arch:x86

dda5d831c197f5dbe3e053a5775ec949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetTempFileNameW
GlobalMemoryStatus
WriteConsoleOutputCharacterW
lstrlenA
EnumDateFormatsExW
GetModuleHandleExA
SetEndOfFile
FindResourceExW
SystemTimeToTzSpecificLocalTime
HeapAlloc
SetWaitableTimer
ScrollConsoleScreenBufferW
GlobalLock
ConnectNamedPipe
GetConsoleAliasesA
GetCompressedFileSizeW
GlobalFindAtomA
LoadLibraryW
SizeofResource
GetSystemTimeAdjustment
InterlockedPopEntrySList
GetExitCodeProcess
GetModuleFileNameW
GetTimeZoneInformation
RaiseException
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
HeapUnlock
GetConsoleDisplayMode
GlobalFree
OpenWaitableTimerA
GetAtomNameA
LocalAlloc
AddVectoredExceptionHandler
AddAtomW
GetCommMask
GetCurrentConsoleFont
GetSystemInfo
lstrcatW
CompareStringA
DeleteTimerQueueTimer
GetCurrentProcessId
SetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetLastError
SetConsoleCtrlHandler
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
ReadFile
CreateFileA
CloseHandle
CompareStringW
SetEnvironmentVariableA

Exports

Exports

Fobos
Left
OneMore
People
Superman

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yaxo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ea67e662ba55629b40d0eddbaaafc824e5809f31c9e35222104637a67615c51d
.exe windows:5 windows x86 arch:x86

dda5d831c197f5dbe3e053a5775ec949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetTempFileNameW
GlobalMemoryStatus
WriteConsoleOutputCharacterW
lstrlenA
EnumDateFormatsExW
GetModuleHandleExA
SetEndOfFile
FindResourceExW
SystemTimeToTzSpecificLocalTime
HeapAlloc
SetWaitableTimer
ScrollConsoleScreenBufferW
GlobalLock
ConnectNamedPipe
GetConsoleAliasesA
GetCompressedFileSizeW
GlobalFindAtomA
LoadLibraryW
SizeofResource
GetSystemTimeAdjustment
InterlockedPopEntrySList
GetExitCodeProcess
GetModuleFileNameW
GetTimeZoneInformation
RaiseException
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
HeapUnlock
GetConsoleDisplayMode
GlobalFree
OpenWaitableTimerA
GetAtomNameA
LocalAlloc
AddVectoredExceptionHandler
AddAtomW
GetCommMask
GetCurrentConsoleFont
GetSystemInfo
lstrcatW
CompareStringA
DeleteTimerQueueTimer
GetCurrentProcessId
SetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetLastError
SetConsoleCtrlHandler
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
ReadFile
CreateFileA
CloseHandle
CompareStringW
SetEnvironmentVariableA

Exports

Exports

Fobos
Left
OneMore
People
Superman

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yaxo
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f2e040d2c5fea1fb5e9797f7deff0a63
.exe windows:4 windows x86 arch:x86

6c4229fe1c64359b40e0787e3ac8373a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord567
ord825
ord818
ord4275
ord1233
ord5261
ord755
ord470
ord1842
ord4242
ord2582
ord4402
ord3370
ord3640
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord656
ord810
ord641
ord693
ord807
ord796
ord674
ord326
ord554
ord529
ord366
ord5785
ord640
ord1640
ord323
ord800
ord540
ord858
ord923
ord926
ord3573
ord556
ord3626
ord3663
ord809
ord2414
ord4710
ord3571
ord686
ord6215
ord1768
ord2086
ord1168
ord3996
ord2100
ord1641
ord1146
ord2096
ord384
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord4499
ord5252
ord5981
ord4427
ord3402
ord3610
ord3398
ord3733
ord3136
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord6117
ord324
ord4234
ord5949
ord2089
ord2123
ord2379
ord3092
ord6199
ord4000
ord6453
ord6197
ord4284
ord3619
ord537
ord2860
ord860
ord6615
ord2408
ord816
ord5789
ord562
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3706
ord2754
ord5781
ord5782
ord5875
ord2859
ord1088
ord2431
ord2864
ord2801
ord2740
ord2122
ord5053
ord2567
ord4133
ord4297
ord5788
ord472
ord2753
ord283
ord2393
ord703
ord603
ord6401
ord2454
ord3318
ord273
ord403
ord404
ord3520
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord2862
ord6696
ord6888
ord6007
ord3998
ord6675
ord3286
ord6905
ord3742
ord4299
ord6377
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord1949
ord4274
ord823
ord1576

msvcrt

__CxxFrameHandler
_mbscmp
malloc
_ftol
free
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_setmbcp

kernel32

VirtualAlloc
GetModuleHandleA
GetStartupInfoA
LoadLibraryW
GetProcAddress

user32

FillRect
DestroyIcon
DrawStateA
TabbedTextOutA
DrawTextA
GrayStringA
GetWindowRect
GetSubMenu
LoadMenuA
ClientToScreen
GetParent
LoadCursorA
OffsetRect
SystemParametersInfoA
SetCursor
GetCursorPos
KillTimer
SetTimer
ReleaseCapture
SetFocus
ScreenToClient
SetCapture
PtInRect
GetDlgCtrlID
MoveWindow
InflateRect
BeginPaint
GetClientRect
EndPaint
ShowWindow
InvalidateRect
GetSysColor
SendMessageA
UpdateWindow
IsWindowVisible
LoadBitmapA
MessageBoxA
EnableMenuItem
EnableWindow

gdi32

GetObjectA
CreateCompatibleDC
GetStockObject
CreateFontIndirectA
GetTextExtentPoint32A
SetRectRgn
CreateRectRgn
CreateCompatibleBitmap
CreatePatternBrush
CreateBitmap
PtVisible
RectVisible
SetBrushOrgEx
TextOutA
ExtTextOutA
Escape
BitBlt

comctl32

ImageList_GetIcon
ImageList_Draw
ImageList_GetIconSize
ImageList_AddMasked

msimg32

TransparentBlt
GradientFill

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f937b1b7b3593a38702f870077658a891974edda
.exe windows:5 windows x86 arch:x86

cbfa324cd4feacb8ad7b2aeb97b2deec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualFree
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
SetEndOfFile
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ce62b0c0226079a88a01c701dbee7b9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 18KB - Virtual size: 47KB

.gfids Size: 512B - Virtual size: 172B

dda5d831c197f5dbe3e053a5775ec949

Code Sign

6b:00:00:03:f4:e3:a6:7a:23:48:55:0c:33:00:00:00:00:03:f4Certificate

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 214KB - Virtual size: 214KB

.data Size: 6KB - Virtual size: 38.6MB

.yaxo Size: 1024B - Virtual size: 4KB

.new Size: 13KB - Virtual size: 12KB

.rsrc Size: 37KB - Virtual size: 36KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.0MB

UPX1 Size: 144KB - Virtual size: 148KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 157KB - Virtual size: 157KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 10KB - Virtual size: 4.0MB

.rsrc Size: 25KB - Virtual size: 25KB

dda5d831c197f5dbe3e053a5775ec949

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 214KB - Virtual size: 214KB

.data Size: 6KB - Virtual size: 38.6MB

.yaxo Size: 1024B - Virtual size: 4KB

.new Size: 13KB - Virtual size: 12KB

.rsrc Size: 37KB - Virtual size: 36KB

cbfa324cd4feacb8ad7b2aeb97b2deec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 16KB - Virtual size: 47KB

.gfids Size: 512B - Virtual size: 172B

dda5d831c197f5dbe3e053a5775ec949

Code Sign

6b:00:00:03:f4:e3:a6:7a:23:48:55:0c:33:00:00:00:00:03:f4Certificate

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0Signer

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 18KB - Virtual size: 47KB

.gfids
Size: 512B - Virtual size: 172B

6b:00:00:03:f4:e3:a6:7a:23:48:55:0c:33:00:00:00:00:03:f4
Certificate

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0
Signer

.text
Size: 214KB - Virtual size: 214KB

.data
Size: 6KB - Virtual size: 38.6MB

.yaxo
Size: 1024B - Virtual size: 4KB

.new
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 37KB - Virtual size: 36KB

UPX0
Size: - Virtual size: 4.0MB

UPX1
Size: 144KB - Virtual size: 148KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 157KB - Virtual size: 157KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 10KB - Virtual size: 4.0MB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 214KB - Virtual size: 214KB

.data
Size: 6KB - Virtual size: 38.6MB

.yaxo
Size: 1024B - Virtual size: 4KB

.new
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 37KB - Virtual size: 36KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 16KB - Virtual size: 47KB

.gfids
Size: 512B - Virtual size: 172B

6b:00:00:03:f4:e3:a6:7a:23:48:55:0c:33:00:00:00:00:03:f4
Certificate

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0
Signer

.text
Size: 214KB - Virtual size: 214KB

.data
Size: 6KB - Virtual size: 38.6MB

.yaxo
Size: 1024B - Virtual size: 4KB

.new
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 37KB - Virtual size: 36KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 16KB - Virtual size: 47KB

.gfids
Size: 512B - Virtual size: 172B

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 22KB - Virtual size: 50KB

.gfids
Size: 512B - Virtual size: 172B

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 21KB - Virtual size: 50KB

.gfids
Size: 512B - Virtual size: 172B

6b:00:00:03:f4:e3:a6:7a:23:48:55:0c:33:00:00:00:00:03:f4
Certificate

d6:f4:e7:0d:0c:55:02:3c:65:31:3a:fb:1c:14:ae:90:72:6b:2c:e0
Signer

.text
Size: 214KB - Virtual size: 214KB

.data
Size: 6KB - Virtual size: 38.6MB

.yaxo
Size: 1024B - Virtual size: 4KB

.new
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 37KB - Virtual size: 36KB