JaffaCakes118_59a777daa0a5b26077c69c7cb26b7f72be6b38604b7caea7c6aef0e89991c748

Resubmissions

25-12-2024 03:42

241225-d9c21axjdn 10

25-12-2024 03:39

241225-d74ryawqfw 10

25-12-2024 03:37

241225-d6fzgswqbw 10

25-12-2024 03:21

241225-dwt4cswpdj 10

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_59a777daa0a5b26077c69c7cb26b7f72be6b38604b7caea7c6aef0e89991c748
Size

7.8MB
MD5

4a9819c2f6c56a1275165c507a00c6e5
SHA1

5f1ef638e5d1d90c77d00f7a2e10757d90667e98
SHA256

59a777daa0a5b26077c69c7cb26b7f72be6b38604b7caea7c6aef0e89991c748
SHA512

e8e0a2eee2e4ad464687717a2aa67b2dcd3708da7307f8ed4382f9a72502ad5c98dc329aa1aa60ca6232bb35e9ba2245ea53de280488fe87829d84b7ca83bf5a
SSDEEP

196608:tk0ZvI6FNtoYRmqKSAEu8Dmf/aUR8BeOmR1RzfYmIxDa6yaDZu:tk2w66YIqTd4sDjE

Score

7^/10

vmprotect upx

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/28e7dc4aebbfea61a2ad942f00ecab3bbb32a636679587a6fbd6c8dd69a0ef33	vmprotect
static1/unpack001/611756d16d2c0e32589b0baa71b86a74ad6b0ce31957b3cb2ca78fee61c34b85	vmprotect
static1/unpack001/a054eb16c2211516e7aef4228590588ab643e9d1706bca37b9ea623e7f4a66c9	vmprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/a054eb16c2211516e7aef4228590588ab643e9d1706bca37b9ea623e7f4a66c9	upx

Unsigned PE 38 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0323b4326bd6674f7d78360bb6544c4b34067066dda31e45edee91dec021e702
unpack001/0898a80dc248a7931f8e2bf76a22a0a8d54b39a815e3fe810a2a190c50017892
unpack001/0aaecf7f77132def96c13d480e32d759839fd65fa76c73e29f0f53c50714c591
unpack001/150e8ef3f1b0d5b5b2af2ffc8d540cb0e36ecdcaf5001bab2f318e36a3c25302
unpack001/23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f
unpack001/28e7dc4aebbfea61a2ad942f00ecab3bbb32a636679587a6fbd6c8dd69a0ef33
unpack001/350b0d6ae25e81c8394b119f4d569c083df8d17e6241d8efed0858cf91c745d7
unpack001/3a6ebac4f83f8b9088c9e00a25d88a56fb7e46b7b8a03158682a5d7d28f0f6ca
unpack001/3fe801df149ffae08275e24be6bce3de67e9d5407c0417542001f726541fbe4f
unpack001/41367ad447e3d86176713af7776c1ab22d5fc7fd0fe9584f14d201b9bf071700
unpack001/48f4749f13582fea3e9bcc6775cce82c3c6391d2d58acd98b99d1e6acc810277
unpack001/499d936c223743c3d2a40c3b7b1f974cedb98951f846b163d0f17d2d38ffc282
unpack001/4b5a6926ab9b487fca2d33ba00b4e25f731bc52a3222a6ef3141b8703c1e2cd1
unpack001/5de3d5a33745739259fc03cb5a7852440c135f960e8516d92181cd16ba76e2ed
unpack001/5e2b2fe65df310fe6c81acb628701c1847e772f7cf49aaa486e298a86ae85620
unpack001/611756d16d2c0e32589b0baa71b86a74ad6b0ce31957b3cb2ca78fee61c34b85
unpack001/6899a9f86eeb99df96e7c4000e19bf0704160ec63dbd41970831163d86a3f8e7
unpack001/6a9de64813c2e3ad3940f2b5018245bed83bb0e24a6e47c8b0a4114be7aef623
unpack001/703ee3222eccd0e355b9ef414be9153fa3a2ad8efb8176fee887d7744a9f632f
unpack001/87d24edd168572f28d262c9edc2b825ea628f86e39c2d1407e9fbc42685119de
unpack001/8fe01ec7a48e40dc8292e1ee22db0e59b549c46cb3163447f920a420bfb91cdd
unpack001/956246824d2fb2f5f4738c450e8d222042b08c3e5c67c3ec755bedf641b7b1c5
unpack001/9732ff1e3224da9be67892d5ec0ede6a06e55427c95d39c3bb06df3be2736824
unpack001/97f96adce3c5f14cc0c061abe98555bc9ac042100af5db0226aa9e10f34430a5
unpack001/98ece6bcafa296326654db862140520afc19cfa0b4a76a5950deedb2618097ab
unpack001/9eb7abf2228ad28d8b7f571e0495d4a35da40607f04355307077975e271553b8
unpack001/a054eb16c2211516e7aef4228590588ab643e9d1706bca37b9ea623e7f4a66c9
unpack001/a08471e6be5499d605379b54dd4215adac579995fcdd0a9802461a22aa8c34d2
unpack001/a81275b069d6f283148074a6a77db3289a2f94bdfa544808633d40280c1f0bd4
unpack001/a8a5621ce56adb13d5fdfee1709cf03ee839f98c1912ac0055329fc90de2c2a2
unpack001/aaec6ae400b38b95ae414481d8d45f0281cf26f59f8592567dfe2223f66024ad
unpack001/b9c0244f10df7e84bb4f048842f5ca14750e40b033ef6491cd097e2755c49407
unpack001/c36d57ead6beb236b8cee01e5ebc93f82f8abb28d1cf140f57c8a537b5024b15
unpack001/c7ae0615e77dcbea4dd57830f2ccf921146f6cfa2bb72bb67bed2ebd9573747c
unpack001/ced25a4addeb68f9992b5764abd0b3f9670683a5a917d3d9bb8101592810d15d
unpack001/d6e2a0ab441832f2fe88c2097797027835014ac2dbd6fda585dbe75baf67e450
unpack001/e803f1a1acf079ff2ca62e02c924840a9334336e762b0992123035427ffbf894
unpack001/fad9578d84201ea276b5d2bfb53379aa8b09b50efb613cb8e00c98bd9855d2fb

Files

JaffaCakes118_59a777daa0a5b26077c69c7cb26b7f72be6b38604b7caea7c6aef0e89991c748
.zip

Password: infected
0323b4326bd6674f7d78360bb6544c4b34067066dda31e45edee91dec021e702
.exe windows:5 windows x86 arch:x86

Password: infected

fcf3fbb8b064430343fc386d46afa4ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\tekucadodarubaya sas82_nenesid la.pdb

Imports

kernel32

GetPrivateProfileSectionNamesW
HeapCompact
lstrlenA
CopyFileExW
GetDriveTypeW
CallNamedPipeA
SetUnhandledExceptionFilter
GetCommState
SetEnvironmentVariableW
GetNamedPipeHandleStateA
GetComputerNameW
CallNamedPipeW
GetProcessPriorityBoost
FindNextVolumeMountPointA
InitializeCriticalSection
_hread
GetPrivateProfileStructW
SetConsoleMode
ReadFile
lstrcatA
GetBinaryTypeW
GetOverlappedResult
GetACP
DeactivateActCtx
FillConsoleOutputCharacterW
GetLastError
GetCurrentDirectoryW
GetProcAddress
VirtualAlloc
BeginUpdateResourceW
CopyFileA
SetStdHandle
LoadLibraryA
LocalAlloc
BuildCommDCBAndTimeoutsW
IsSystemResumeAutomatic
SetConsoleDisplayMode
SetConsoleOutputCP
GetTapeParameters
GetOEMCP
DebugSetProcessKillOnExit
CreateIoCompletionPort
CreateMutexA
EnumDateFormatsW
GetVersionExA
LocalSize
AddConsoleAliasA
CommConfigDialogW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
HeapFree
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetStartupInfoW
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetFileType
GetConsoleCP
GetConsoleMode
HeapCreate
VirtualFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
HeapSize
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
GetLocaleInfoW
CreateFileA
CloseHandle
FlushFileBuffers

user32

GetAncestor

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0898a80dc248a7931f8e2bf76a22a0a8d54b39a815e3fe810a2a190c50017892
.exe windows:5 windows x86 arch:x86

Password: infected

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0aaecf7f77132def96c13d480e32d759839fd65fa76c73e29f0f53c50714c591
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 198KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.measles
Size: 512B - Virtual size: 479B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.balladw
Size: 512B - Virtual size: 481B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gynandr
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.poulter
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.postror
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.quercet
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sumpit
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tymp
Size: 1024B - Virtual size: 586B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.seduct
Size: 1024B - Virtual size: 590B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.swonken
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bocardo
Size: 512B - Virtual size: 363B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.solidar
Size: 1024B - Virtual size: 590B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.whimsic
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.plasmod
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sensele
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.placer
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.astigma
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gnawn
Size: 1024B - Virtual size: 550B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.anemota
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apal
Size: 512B - Virtual size: 465B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.octomer
Size: 1024B - Virtual size: 554B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tabler
Size: 512B - Virtual size: 486B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pennae
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.varanid
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tuition
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ectobat
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.doublin
Size: 512B - Virtual size: 429B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tantali
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.inerrat
Size: 1024B - Virtual size: 528B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wiggler
Size: 512B - Virtual size: 312B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bacteri
Size: 512B - Virtual size: 340B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.outswel
Size: 1024B - Virtual size: 577B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.impenit
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heliome
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ind
Size: 1024B - Virtual size: 626B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.defecto
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.untoggl
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apomict
Size: 1024B - Virtual size: 595B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.schilli
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ashcake
Size: 512B - Virtual size: 460B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.anemobi
Size: 1024B - Virtual size: 619B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.schoolm
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mutage
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.griever
Size: 512B - Virtual size: 369B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kadarit
Size: 512B - Virtual size: 453B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.caratch
Size: 512B - Virtual size: 407B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.thoroug
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.thoroug
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rightfu
Size: 512B - Virtual size: 325B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.coralli
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.greensa
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.scabriu
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.overtak
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sapinda
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.superac
Size: 512B - Virtual size: 30B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.portall
Size: 512B - Virtual size: 248B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.b
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.testor
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.diamagn
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sniping
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.semifab
Size: 512B - Virtual size: 166B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.platyrr
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
150e8ef3f1b0d5b5b2af2ffc8d540cb0e36ecdcaf5001bab2f318e36a3c25302
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ZZZZZAX.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
23e95ba67603234352ff2864dc7fa54742f501e5922f01f8c182dbefc116f97f
.exe windows:5 windows x86 arch:x86

Password: infected

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
28e7dc4aebbfea61a2ad942f00ecab3bbb32a636679587a6fbd6c8dd69a0ef33
.exe windows:5 windows x86 arch:x86

Password: infected

0e8adfb05b7341669e95119824012089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

OpenThreadToken

shell32

ShellExecuteW

Sections

.text
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
350b0d6ae25e81c8394b119f4d569c083df8d17e6241d8efed0858cf91c745d7
.exe windows:6 windows x86 arch:x86

Password: infected

1b5440bc1c3242795924943d26fd4efc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
GetStringTypeW
CloseHandle
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW

user32

MessageBoxA

Sections

.text
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3a6ebac4f83f8b9088c9e00a25d88a56fb7e46b7b8a03158682a5d7d28f0f6ca
.exe windows:5 windows x86 arch:x86

Password: infected

d2fa03954b6bd3bb1c9a62ef266f6726

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vizo semirupobu kepigi.pdb

Imports

kernel32

HeapCompact
SetPriorityClass
lstrlenA
CopyFileExW
GetDriveTypeW
CommConfigDialogA
BuildCommDCBAndTimeoutsA
FreeLibrary
CallNamedPipeA
GetCommState
GetNamedPipeHandleStateA
AddConsoleAliasW
GetComputerNameW
CallNamedPipeW
SetCommState
SetProcessPriorityBoost
InitializeCriticalSection
ActivateActCtx
GlobalAlloc
LoadLibraryW
_hread
GetVersionExW
SetConsoleMode
GetBinaryTypeA
ReadFile
lstrcatA
GetACP
RaiseException
CreateJobObjectA
IsDBCSLeadByteEx
GetCurrentDirectoryW
SetLastError
GetTapeStatus
VirtualAlloc
BeginUpdateResourceW
CopyFileA
GetConsoleDisplayMode
IsSystemResumeAutomatic
SetConsoleOutputCP
AddAtomW
PostQueuedCompletionStatus
GetPrivateProfileStructA
SetEnvironmentVariableA
GetPrivateProfileSectionNamesA
GetOEMCP
EnumDateFormatsA
GetThreadPriority
DebugSetProcessKillOnExit
CreateIoCompletionPort
CreateMutexA
VirtualProtect
LocalSize
CreateFileA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapCreate
VirtualFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
HeapSize
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle

user32

GetAncestor

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3fe801df149ffae08275e24be6bce3de67e9d5407c0417542001f726541fbe4f
.exe windows:6 windows x86 arch:x86

f7119e5dd5eac08ffcd8f4028e1849c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

B:\sdeewwwwww\VC-master\VC-master\eventlog\EventLogMonitor\Release\EventLogMonitor.pdb

Imports

kernel32

GetModuleHandleExA
GetModuleHandleW
FreeConsole
WriteConsoleW
VirtualAlloc
FormatMessageW
LocalFree
LoadLibraryExW
FreeLibrary
CreateThread
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ResetEvent
GetLastError
GetProcAddress
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
HeapReAlloc
CompareStringW
LCMapStringW
GetFileType
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW
HeapSize
CreateFileW
DecodePointer

advapi32

CryptHashData
CryptCreateHash
CryptEncrypt
CryptDeriveKey
CryptAcquireContextW
CryptAcquireContextA
ReadEventLogW
OpenEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
NotifyChangeEventLog
CloseEventLog

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
41367ad447e3d86176713af7776c1ab22d5fc7fd0fe9584f14d201b9bf071700
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 153KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
48f4749f13582fea3e9bcc6775cce82c3c6391d2d58acd98b99d1e6acc810277
.exe windows:6 windows x86 arch:x86

1b5440bc1c3242795924943d26fd4efc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
GetStringTypeW
CloseHandle
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW

user32

MessageBoxA

Sections

.text
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
499d936c223743c3d2a40c3b7b1f974cedb98951f846b163d0f17d2d38ffc282
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4b5a6926ab9b487fca2d33ba00b4e25f731bc52a3222a6ef3141b8703c1e2cd1
.exe windows:5 windows x86 arch:x86

d9afe5e75e314d3837e02621276ac21d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
VirtualAlloc
GetModuleFileNameW
SetFilePointer
SetEndOfFile
FindClose
CreateFileW
GetVersionExW
Sleep
LoadLibraryA
GlobalAlloc
GetCurrentProcess
CloseHandle
GetCurrentDirectoryW
GetProcAddress
SetFilePointerEx
MoveFileExW
GetFileSize
ExitProcess
GetDriveTypeW
ReadConsoleW
WriteConsoleW
FindNextFileW
VirtualFree
GetFileSizeEx
FindFirstFileW
GetLogicalDrives
DeleteFileW
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
GetLastError
FreeLibrary
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetProcessHeap
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
HeapSize

user32

SendMessageW

advapi32

CryptAcquireContextW
CryptDecrypt
RegOpenKeyExA
CryptImportKey
RegDeleteValueA
CryptDestroyKey

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581
.exe windows:5 windows x86 arch:x86

1d0b6b925df56e49ee2768263a3e72dc

Code Sign

06:0d:2b:0f:54:4d:07:30
Certificate

Issuer

CN=TrustAsia Code Signing CA G2,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

01-02-2020 10:37

Not After

01-02-2022 10:37

Subject

CN=亚洲诚信代码签名测试证书,O=亚数信息科技（上海）有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4a:3a:e6:08:b5:37:e8:9d
Certificate

Issuer

CN=TrustAsia SHA2 Code Signing CA G2,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

01-02-2020 10:40

Not After

01-02-2022 10:40

Subject

CN=亚洲诚信代码签名测试证书SHA2,O=亚数信息科技（上海）有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9b:92:b6:f4:1f:ed:9f:7c:14:6c:52:cb:9c:6b:48:c1:47:4a:f6:d6:21:49:a6:97:0f:2c:23:2f:65:d3:fd:89
Signer

Actual PE Digest

9b:92:b6:f4:1f:ed:9f:7c:14:6c:52:cb:9c:6b:48:c1:47:4a:f6:d6:21:49:a6:97:0f:2c:23:2f:65:d3:fd:89

Digest Algorithm

sha256

PE Digest Matches

true

42:9f:62:08:53:50:4b:81:28:c8:69:29:b0:0d:f2:09:a0:79:63:19
Signer

Actual PE Digest

42:9f:62:08:53:50:4b:81:28:c8:69:29:b0:0d:f2:09:a0:79:63:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
GetCurrentThread
LoadLibraryA
GlobalAlloc
DeleteFileW
Process32FirstW
GetModuleHandleA
CloseHandle
HeapAlloc
GetWindowsDirectoryW
GetProcAddress
VirtualAllocEx
LocalFree
GetProcessHeap
FreeLibrary
CreateRemoteThread
VirtualFreeEx
GetVersionExW
CreateFileW
GetModuleFileNameW
GetCurrentProcess
GetCommandLineW
SetLastError
HeapFree
GlobalFree
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
LCMapStringW
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
WriteProcessMemory

advapi32

SystemFunction036
LookupPrivilegeValueW
AdjustTokenPrivileges
ImpersonateSelf
OpenProcessToken
OpenThreadToken
LookupAccountSidW
GetTokenInformation

shell32

CommandLineToArgvW
ShellExecuteW

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5de3d5a33745739259fc03cb5a7852440c135f960e8516d92181cd16ba76e2ed
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5e2b2fe65df310fe6c81acb628701c1847e772f7cf49aaa486e298a86ae85620
.exe windows:5 windows x64 arch:x64

21de032c4f956048aee1e04ac102bfbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Admin\Documents\Visual Studio 2015\Projects From Ryuk\ConsoleApplication54\x64\Release\ConsoleApplication54.pdb

Imports

kernel32

OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
GetCurrentThread
LoadLibraryA
GlobalAlloc
DeleteFileW
Process32FirstW
GetModuleHandleA
CloseHandle
HeapAlloc
GetWindowsDirectoryW
GetProcAddress
VirtualAllocEx
LocalFree
GetProcessHeap
FreeLibrary
CreateRemoteThread
VirtualFreeEx
GetVersionExW
CreateFileW
GetModuleFileNameW
GetCurrentProcess
GetCommandLineW
SetLastError
HeapFree
GlobalFree
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
LCMapStringW
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteProcessMemory

advapi32

SystemFunction036
LookupPrivilegeValueW
AdjustTokenPrivileges
ImpersonateSelf
OpenProcessToken
OpenThreadToken
LookupAccountSidW
GetTokenInformation

shell32

CommandLineToArgvW
ShellExecuteW

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
611756d16d2c0e32589b0baa71b86a74ad6b0ce31957b3cb2ca78fee61c34b85
.exe windows:5 windows x86 arch:x86

feeb01cb8c055d3da1d32f2930a7d605

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
GetLastError
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

LookupPrivilegeValueW

shell32

CommandLineToArgvW

Sections

.text
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
6899a9f86eeb99df96e7c4000e19bf0704160ec63dbd41970831163d86a3f8e7
.exe windows:5 windows x86 arch:x86

d2f9549afe72f3860edd07b05312cdfc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualAlloc
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetTickCount
LoadLibraryA
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
LCMapStringW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW

ws2_32

inet_addr

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
6a9de64813c2e3ad3940f2b5018245bed83bb0e24a6e47c8b0a4114be7aef623
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
703ee3222eccd0e355b9ef414be9153fa3a2ad8efb8176fee887d7744a9f632f
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7faeb64c50cd15d036ca259a047d6c62ed491fff3729433fefba0b02c059d5ed
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08-03-2010 00:00

Not After

08-03-2011 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:ee:cd:39:56:0e:19:56:31:0e:73:c5:bf:1f:0f:cd:1e:b6:24:a3
Signer

Actual PE Digest

37:ee:cd:39:56:0e:19:56:31:0e:73:c5:bf:1f:0f:cd:1e:b6:24:a3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 175KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
87d24edd168572f28d262c9edc2b825ea628f86e39c2d1407e9fbc42685119de
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
89dff51d57c2ce36667add772052bce66827efa8a413b98473e0e72412be042e
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09-04-2010 00:00

Not After

09-04-2011 23:59

Subject

CN=TrustPort,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TrustPort,L=Brno,ST=Morava,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:ea:83:ac:3f:7e:7a:1b:74:5e:f3:7f:44:0a:0a:7a:ba:52:26:fc
Signer

Actual PE Digest

aa:ea:83:ac:3f:7e:7a:1b:74:5e:f3:7f:44:0a:0a:7a:ba:52:26:fc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 165KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8fe01ec7a48e40dc8292e1ee22db0e59b549c46cb3163447f920a420bfb91cdd
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
956246824d2fb2f5f4738c450e8d222042b08c3e5c67c3ec755bedf641b7b1c5
.exe windows:5 windows x86 arch:x86

6894137e46aac925f8aafe8b44459777

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xabobofatijiwab\nano\kuzipubanahapo64-zagubuleye96-kac.pdb

Imports

kernel32

SetPriorityClass
lstrlenA
GetDriveTypeW
CommConfigDialogA
GetCPInfo
FreeLibrary
SystemTimeToTzSpecificLocalTime
GetQueuedCompletionStatus
CreateJobObjectW
SetTapeParameters
GetProcessHeap
SetProcessPriorityBoost
InitializeCriticalSection
TlsSetValue
ActivateActCtx
GlobalAlloc
LoadLibraryW
GetConsoleMode
CopyFileW
GetPrivateProfileStructW
GetConsoleWindow
IsDBCSLeadByte
ReadFile
lstrcatA
GetBinaryTypeW
GetOverlappedResult
RaiseException
SetDefaultCommConfigA
GetConsoleOutputCP
GetCurrentDirectoryW
SetLastError
GetProcAddress
VirtualAlloc
IsValidCodePage
EnterCriticalSection
_hwrite
LoadLibraryA
BuildCommDCBAndTimeoutsW
SetConsoleDisplayMode
BeginUpdateResourceA
PostQueuedCompletionStatus
AddAtomA
SetEnvironmentVariableA
GetOEMCP
EnumDateFormatsA
GetThreadPriority
GetCommTimeouts
CreateMutexA
VirtualProtect
SetThreadAffinityMask
GetVersionExA
LocalSize
CopyFileExA
CreateFileA
GetPrivateProfileSectionNamesW
GetNamedPipeHandleStateW
GetComputerNameA
InterlockedIncrement
InterlockedDecrement
Sleep
DeleteCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapCreate
VirtualFree
TlsGetValue
TlsAlloc
TlsFree
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetConsoleCP
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA
WriteConsoleW
SetStdHandle

user32

GetAncestor

advapi32

SetThreadToken
ImpersonateSelf

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9732ff1e3224da9be67892d5ec0ede6a06e55427c95d39c3bb06df3be2736824
.exe windows:4 windows x86 arch:x86

a1a66d588dcf1394354ebf6ec400c223

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shell32

ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetSpecialFolderPathW

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

user32

GetParent
ScreenToClient
CreateWindowExW
GetDesktopWindow
GetWindowTextLengthW
SetWindowPos
SetTimer
GetMessageW
CopyImage
KillTimer
CharUpperW
SendMessageW
ShowWindow
BringWindowToTop
wsprintfW
MessageBoxW
EndDialog
ReleaseDC
GetWindowDC
GetMenu
GetWindowLongW
GetClassNameA
wsprintfA
DispatchMessageW
SetWindowTextW
GetSysColor
DestroyWindow
MessageBoxA
GetKeyState
IsWindow
GetDlgItem
GetClientRect
GetSystemMetrics
SetWindowLongW
UnhookWindowsHookEx
SetFocus
SystemParametersInfoW
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
EnableMenuItem
GetSystemMenu
CreateWindowExA
wvsprintfW
GetWindowTextW
GetWindowRect

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
VariantClear
SysFreeString
OleLoadPicture
SysAllocString

kernel32

SetFileTime
SetEndOfFile
GetFileInformationByHandle
VirtualFree
GetModuleHandleA
WaitForMultipleObjects
VirtualAlloc
ReadFile
SetFilePointer
GetFileSize
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetEnvironmentVariableW
GetDriveTypeW
CreateFileW
LoadLibraryA
SetThreadLocale
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareFileTime
WideCharToMultiByte
GetTempPathW
GetCurrentDirectoryW
GetEnvironmentVariableW
lstrcmpiW
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
GetModuleHandleW
FindFirstFileW
lstrcmpW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetStdHandle
WriteFile
lstrlenA
CreateDirectoryW
GetFileAttributesW
SetCurrentDirectoryW
GetLocalTime
SystemTimeToFileTime
CreateThread
GetExitCodeThread
Sleep
SetFileAttributesW
GetDiskFreeSpaceExW
SetLastError
GetTickCount
lstrlenW
ExitProcess
lstrcatW
GetProcAddress
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetQueuedCompletionStatus
ResumeThread
SetInformationJobObject
CreateIoCompletionPort
AssignProcessToJobObject
CreateJobObjectW
GetLastError
CreateProcessW
GetStartupInfoW
GetCommandLineW
GetStartupInfoA

msvcrt

_purecall
??2@YAPAXI@Z
_wtol
memset
memmove
memcpy
_wcsnicmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
malloc
realloc
free
wcsstr
_CxxThrowException
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
strncmp
wcsncmp
wcsncpy
strncpy
??3@YAXPAX@Z

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
97f96adce3c5f14cc0c061abe98555bc9ac042100af5db0226aa9e10f34430a5
.exe windows:5 windows x86 arch:x86

dc5733c013378fa418d13773f5bfe6f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
CreateFileW
GetVersionExW
LoadLibraryA
WriteFile
GetWindowsDirectoryW
GetProcAddress
FreeLibrary
GetTickCount
CloseHandle
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
GetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
GetCurrentProcess

shell32

ShellExecuteW

advapi32

SystemFunction036

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
98ece6bcafa296326654db862140520afc19cfa0b4a76a5950deedb2618097ab
.exe windows:5 windows x64 arch:x64

3d84250cdbe08a9921b4fb008881914b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Admin\Documents\Visual Studio 2015\Projects From Ryuk\ConsoleApplication54\x64\Release\ConsoleApplication54.pdb

Imports

kernel32

OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
GetCurrentThread
LoadLibraryA
GlobalAlloc
DeleteFileW
Process32FirstW
GetModuleHandleA
CloseHandle
HeapAlloc
GetWindowsDirectoryW
GetProcAddress
VirtualAllocEx
LocalFree
GetProcessHeap
FreeLibrary
CreateRemoteThread
VirtualFreeEx
GetVersionExW
CreateFileW
GetModuleFileNameW
GetCurrentProcess
GetCommandLineW
SetLastError
HeapFree
GlobalFree
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
LCMapStringW
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteProcessMemory

advapi32

SystemFunction036
LookupPrivilegeValueW
AdjustTokenPrivileges
ImpersonateSelf
OpenProcessToken
OpenThreadToken
LookupAccountSidW
GetTokenInformation

shell32

CommandLineToArgvW
ShellExecuteW
ShellExecuteA

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9eb7abf2228ad28d8b7f571e0495d4a35da40607f04355307077975e271553b8
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a054eb16c2211516e7aef4228590588ab643e9d1706bca37b9ea623e7f4a66c9
.exe windows:5 windows x86 arch:x86

75c58f35a7bd6a3499f0e8ed18c16ffd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

ImpersonateSelf

shell32

ShellExecuteW

Sections

UPX0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a08471e6be5499d605379b54dd4215adac579995fcdd0a9802461a22aa8c34d2
.exe windows:5 windows x86 arch:x86

ff74f6cd56da44a63feba0b828982b8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
CreateFileW
DecodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetStringTypeW
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
RaiseException

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a81275b069d6f283148074a6a77db3289a2f94bdfa544808633d40280c1f0bd4
.exe windows:5 windows x86 arch:x86

32e1afe217fd8ff7786669521165c3f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gifigovewizovije_vorufufineh.pdb

Imports

kernel32

FileTimeToDosDateTime
DosDateTimeToFileTime
SetDefaultCommConfigA
CreateMutexW
lstrlenA
_llseek
SetEndOfFile
WriteTapemark
SetEnvironmentVariableW
CreateJobObjectW
GetNamedPipeHandleStateA
WaitForSingleObject
SetComputerNameW
CallNamedPipeW
SetTapeParameters
GetProcessPriorityBoost
WriteFile
SetCommState
GetPriorityClass
ActivateActCtx
GlobalAlloc
LoadLibraryW
TerminateThread
Sleep
GetPrivateProfileStructW
SetSystemTimeAdjustment
GetConsoleWindow
DeleteVolumeMountPointW
LeaveCriticalSection
WritePrivateProfileStructW
SetSystemPowerState
IsDBCSLeadByte
GetBinaryTypeW
GetOverlappedResult
GetACP
lstrlenW
RaiseException
DeactivateActCtx
InterlockedExchange
GetProcAddress
GetTapeStatus
BeginUpdateResourceW
SetVolumeLabelW
CopyFileA
LoadLibraryA
BuildCommDCBAndTimeoutsW
IsSystemResumeAutomatic
SetConsoleDisplayMode
SetConsoleOutputCP
AddAtomW
SetCurrentDirectoryW
PostQueuedCompletionStatus
GetThreadPriority
GetCommTimeouts
GetCurrentDirectoryA
EnumDateFormatsW
CompareStringA
_lopen
GetVersionExA
LocalSize
CopyFileExA
AreFileApisANSI
lstrcpyA
CloseHandle
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
GetLastError
MoveFileA
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
GetModuleHandleA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA

winhttp

WinHttpCloseHandle

Exports

Exports

_enough@4
_futurama@4
_hiduk@8
_hockey@4
_husaberg@4
_lifan@8

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 39.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rim
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kevebel
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a8a5621ce56adb13d5fdfee1709cf03ee839f98c1912ac0055329fc90de2c2a2
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aaec6ae400b38b95ae414481d8d45f0281cf26f59f8592567dfe2223f66024ad
.exe windows:5 windows x86 arch:x86

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
WriteConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

ws2_32

htons
htonl
bind
inet_addr

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b218ea35335833ba6dab543183314754db42bace4e62cf5950447c743b0ea4f6
.exe windows:5 windows x86 arch:x86

fe2e6a74088fb78e7a42cba0b5ad1259

Code Sign

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:55

Not After

19-01-2027 11:55

Subject

CN=Certum Extended Validation Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:60:c9:24:4e:78:45:86:62:d6:d6:bf:9b:48:e3:0d
Certificate

Issuer

CN=Certum Extended Validation Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11-02-2021 14:22

Not After

11-02-2022 14:22

Subject

SERIALNUMBER=07708361,CN=Application Delivery Solutions Ltd,OU=Tech Department,O=Application Delivery Solutions Ltd,POSTALCODE=E16 3DJ,STREET=11 Cundy Road,L=London,ST=Greater London,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13064c6f6e646f6e,1.3.6.1.4.1.311.60.2.1.2=#130e47726561746572204c6f6e646f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

c0:50:5a:0c:b1:91:e9:eb:72:c3:65:5d:6c:9c:95:fc:a5:3b:50:55:90:b8:b7:a4:a6:a5:d8:d8:9a:e1:39:72
Signer

Actual PE Digest

c0:50:5a:0c:b1:91:e9:eb:72:c3:65:5d:6c:9c:95:fc:a5:3b:50:55:90:b8:b7:a4:a6:a5:d8:d8:9a:e1:39:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameW
CreateTimerQueue
RemoveVectoredExceptionHandler
EnumDateFormatsExW
MoveFileExA
SetEndOfFile
FindResourceExW
LoadResource
SystemTimeToTzSpecificLocalTime
HeapAlloc
MapViewOfFileEx
InterlockedDecrement
GetModuleHandleExW
ReadConsoleOutputA
GetSystemTimes
HeapDestroy
GetExitCodeProcess
Beep
GetTimeZoneInformation
ExitThread
GlobalUnfix
GetLastError
HeapSize
GetAtomNameA
OpenWaitableTimerW
LocalAlloc
SetConsoleCursorInfo
GetModuleHandleA
lstrcatW
EraseTape
VirtualProtect
CompareStringA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetCommandLineW
RaiseException
RtlUnwind
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
HeapValidate
GetSystemInfo
GetCurrentThreadId
GetProcessHeap
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
LoadLibraryExW
OutputDebugStringA
WriteConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapFree
HeapReAlloc
HeapQueryInformation
GetModuleFileNameA
LCMapStringW
GetStringTypeW
SetStdHandle
FlushFileBuffers
ReadFile
ReadConsoleW
CreateFileW
CloseHandle

Exports

Exports

Memories

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 38.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b9c0244f10df7e84bb4f048842f5ca14750e40b033ef6491cd097e2755c49407
.exe windows:5 windows x86 arch:x86

f78c8a1861d2f3048786fe5978fcd092

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
LockResource
CreateToolhelp32Snapshot
LoadResource
FindResourceW
VirtualAlloc
SizeofResource
Process32FirstW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
LCMapStringW
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyA

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c36d57ead6beb236b8cee01e5ebc93f82f8abb28d1cf140f57c8a537b5024b15
.exe windows:6 windows x86 arch:x86

28c663e65c293ef163e83389b9d41d68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileInformationByHandle
GetFullPathNameW
GetFullPathNameA
GetLogicalDriveStringsW
SetFileAttributesW
SetUnhandledExceptionFilter
QueryPerformanceCounter
DeviceIoControl
LeaveCriticalSection
ReleaseMutex
OpenMutexW
GetLocalTime
GetSystemDirectoryW
VirtualAlloc
VirtualProtect
ReadProcessMemory
CreateFileMappingW
FindResourceExW
GetModuleHandleW
LoadResource
FindResourceW
LoadLibraryW
GlobalAlloc
LocalAlloc
MulDiv
lstrlenA
lstrlenW
CreateFileMappingA
GetPrivateProfileIntW
SystemTimeToFileTime
DecodePointer
WriteConsoleW
GetFileAttributesW
ReadConsoleW
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetConsoleCtrlHandler
GetProcessHeap
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
GetFileAttributesA
FindNextChangeNotification
FindFirstFileW
FileTimeToLocalFileTime
CreateFileW
CreateFileA
CompareFileTime
SetCurrentDirectoryW
ExpandEnvironmentStringsW
GetModuleFileNameA
GetModuleHandleA
ExitProcess
CloseHandle
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
OutputDebugStringW
GetCurrentThread
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
GetModuleFileNameW
WriteFile
GetStdHandle
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
GetCurrentProcess
TerminateProcess
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent

user32

GetWindow
GetWindowThreadProcessId
FindWindowW
EqualRect
SetRect
LoadIconW
ScreenToClient
GetCursorPos
MessageBeep
MessageBoxW
AdjustWindowRectEx
GetScrollPos
RedrawWindow
ValidateRect
SetWindowsHookExW
GetDC
SetForegroundWindow
SetActiveWindow
GetMenuItemID
CheckMenuItem
SetMenu
LoadMenuW
GetSystemMetrics
SetCapture
GetAsyncKeyState
GetKeyState
GetDlgCtrlID
GetNextDlgTabItem
RegisterWindowMessageW
SystemParametersInfoW
GetUpdateRgn
LoadBitmapW
GetSysColor

gdi32

Polygon
ExtCreatePen
GetStockObject
GetRgnBox
CreateSolidBrush
CreateRectRgn
CreateICW
CreateFontIndirectW
CreateDIBitmap
CreateDCW

advapi32

RegCloseKey

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
Shell_NotifyIconW

shlwapi

StrStrIA

ntdll

wcschr
memset
memcmp
strrchr
strchr

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c7ae0615e77dcbea4dd57830f2ccf921146f6cfa2bb72bb67bed2ebd9573747c
.exe windows:4 windows x86 arch:x86

38b581e79f09d86e37224ed51ecec4cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ConvertStringSDToSDRootDomainW

user32

GetMenuCheckMarkDimensions

kernel32

GetCommandLineW

Sections

.text
Size: 801KB - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ced25a4addeb68f9992b5764abd0b3f9670683a5a917d3d9bb8101592810d15d
.exe windows:6 windows x64 arch:x64

948c0e9c1f7c3b3fce58610a6494e7cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

\A\_work\326\s\bin\x86ret\Microsoft.VisualStudio.QualityTools.HostAdapters.ASPNETAdapter.pdb

Imports

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

kernel32

PostQueuedCompletionStatus
GetQueuedCompletionStatus
WaitForMultipleObjects
GetComputerNameExA
GetCurrentProcessId
LocalFree
CreateIoCompletionPort
GetLastError
OpenProcess
lstrcmpW
GetLocalTime
LockResource
EnumResourceNamesW
EnumResourceTypesW
CreateThread
SetLastError
CloseHandle
WriteConsoleW
CreateFileW
VirtualProtect
HeapFree
VirtualFree
VirtualAlloc
GetThreadLocale
LoadLibraryA
GetNativeSystemInfo
HeapAlloc
GetProcAddress
GetProcessHeap
FreeLibrary
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapReAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetStringTypeW
SetFilePointerEx
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode

advapi32

CryptDecrypt
CryptGenRandom
LsaLookupPrivilegeName
ConvertSidToStringSidA
LsaNtStatusToWinError
CryptImportKey
CryptDestroyKey
OpenProcessToken
CryptVerifySignatureA
LsaOpenPolicy
CryptEncrypt
CryptGetHashParam
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptExportKey
CryptCreateHash
CryptSignHashA
CryptSetKeyParam
GetTokenInformation
LsaClose
CryptReleaseContext

ole32

CoUninitialize
CoInitializeEx

Exports

Exports

PlatformClientMain

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d6e2a0ab441832f2fe88c2097797027835014ac2dbd6fda585dbe75baf67e450
.exe windows:5 windows x86 arch:x86

c87058f83b3ab425474707bc35dd27b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
LCMapStringW
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
RaiseException

ws2_32

inet_addr

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e803f1a1acf079ff2ca62e02c924840a9334336e762b0992123035427ffbf894
.exe windows:4 windows x86 arch:x86

3730f1e916a2a2a6e8422ec3d378b30b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetApiBufferFree
NetQueryDisplayInformation

kernel32

GetTimeZoneInformation
GetSystemTime
GetLocalTime
FatalAppExitA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetACP
GetStringTypeW
Sleep
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
HeapSize
HeapReAlloc
HeapAlloc
GetProfileStringA
InterlockedExchange
ExitThread
CreateThread
HeapFree
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
CopyFileA
GlobalSize
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
GetShortPathNameA
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
SetLastError
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
MulDiv
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrlenA
GlobalUnlock
LockResource
FindResourceA
LoadResource
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
GlobalAlloc
FormatMessageA
LocalFree
GlobalFree
GetLastError
GetStringTypeA

user32

AppendMenuA
RemoveMenu
PostThreadMessageA
DestroyIcon
IsDialogMessageA
ScrollWindowEx
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RegisterClipboardFormatA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
TranslateAcceleratorA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
OemToCharA
CharToOemA
CopyRect
GetClientRect
GetDC
ReleaseDC
MapDialogRect
SetWindowPos
GetWindow
SetMenu
EndDialog
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadIconA
SendMessageA
EnableWindow
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
CharUpperA
BringWindowToTop
InvalidateRect
UnpackDDElParam
CallWindowProcA
ReuseDDElParam
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
ShowOwnedPopups
DefDlgProcA
IsWindowUnicode
PostMessageA
PostQuitMessage
LoadAcceleratorsA
SetRectEmpty
DestroyMenu
InflateRect
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
GetDialogBaseUnits
LoadStringA
GetSysColorBrush
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
GetMenuStringA
DeleteMenu
InsertMenuA
PtInRect
GetClassNameA
ClientToScreen
WindowFromPoint
GetWindowThreadProcessId
GetDesktopWindow
WaitMessage
ReleaseCapture
SetCapture
LoadCursorA
SetWindowContextHelpId
LoadMenuA
wvsprintfA
ShowWindow
MoveWindow
RegisterWindowMessageA
SetWindowTextA
IsDlgButtonChecked

gdi32

OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
SetWindowOrgEx
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
SetRectRgn
CombineRgn
CopyMetaFileA
CreateDCA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
DeleteObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateRectRgnIndirect
PatBlt
PlayMetaFile
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateBitmap

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
CryptImportKey
CryptAcquireContextW
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegEnumKeyA
CryptEncrypt
RegSetValueA
RegOpenKeyA
RegDeleteKeyA

shell32

SHGetFileInfoA
DragQueryFileA
DragFinish
DragAcceptFiles
ExtractIconA

comctl32

ord13
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Merge
ImageList_Read
ImageList_Write
ord17

oledlg

ord8

ole32

CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
CoFreeUnusedLibraries
ReleaseStgMedium
OleInitialize
CoDisconnectObject
OleRun
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleUninitialize

olepro32

ord253

oleaut32

VariantCopy
VariantClear
SysAllocStringLen
SysFreeString
VariantChangeType
SysReAllocStringLen
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SysAllocStringByteLen
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysStringLen
LoadTypeLi
VariantTimeToSystemTime

Sections

.text
Size: 488KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fad9578d84201ea276b5d2bfb53379aa8b09b50efb613cb8e00c98bd9855d2fb
.exe windows:5 windows x86 arch:x86

4c0f7728488c78fb0187aca4b05ba92c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualAlloc
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetTickCount
LoadLibraryA
CreateFileW
DecodePointer
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
RaiseException

user32

MessageBoxA

ws2_32

inet_addr

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

fcf3fbb8b064430343fc386d46afa4ce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 11KB - Virtual size: 4.0MB

.rsrc Size: 22KB - Virtual size: 22KB

Password: infected

7bd2e5fa6a60233b32aae2586fd8acda

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 22KB - Virtual size: 50KB

.gfids Size: 512B - Virtual size: 172B

Password: infected

Headers

File Characteristics

Sections

.text Size: 198KB - Virtual size: 221KB

.measles Size: 512B - Virtual size: 479B

.balladw Size: 512B - Virtual size: 481B

.gynandr Size: 512B - Virtual size: 24KB

.poulter Size: 512B - Virtual size: 24KB

.postror Size: 512B - Virtual size: 24KB

.quercet Size: 512B - Virtual size: 24KB

.sumpit Size: 1024B - Virtual size: 24KB

.tymp Size: 1024B - Virtual size: 586B

.seduct Size: 1024B - Virtual size: 590B

.swonken Size: 512B - Virtual size: 24KB

.bocardo Size: 512B - Virtual size: 363B

.solidar Size: 1024B - Virtual size: 590B

.whimsic Size: 512B - Virtual size: 24KB

.plasmod Size: 512B - Virtual size: 24KB

.sensele Size: 512B - Virtual size: 24KB

.placer Size: 1024B - Virtual size: 520B

.astigma Size: 1024B - Virtual size: 24KB

.gnawn Size: 1024B - Virtual size: 550B

.anemota Size: 512B - Virtual size: 24KB

.apal Size: 512B - Virtual size: 465B

.octomer Size: 1024B - Virtual size: 554B

.tabler Size: 512B - Virtual size: 486B

.pennae Size: 512B - Virtual size: 24KB

.varanid Size: 512B - Virtual size: 24KB

.tuition Size: 512B - Virtual size: 388B

.ectobat Size: 512B - Virtual size: 386B

.doublin Size: 512B - Virtual size: 429B

.tantali Size: 1024B - Virtual size: 24KB

.inerrat Size: 1024B - Virtual size: 528B

.wiggler Size: 512B - Virtual size: 312B

.bacteri Size: 512B - Virtual size: 340B

.outswel Size: 1024B - Virtual size: 577B

.impenit Size: 1024B - Virtual size: 24KB

.heliome Size: 512B - Virtual size: 24KB

.ind Size: 1024B - Virtual size: 626B

.defecto Size: 512B - Virtual size: 24KB

.untoggl Size: 1024B - Virtual size: 24KB

.apomict Size: 1024B - Virtual size: 595B

.schilli Size: 512B - Virtual size: 24KB

.ashcake Size: 512B - Virtual size: 460B

.anemobi Size: 1024B - Virtual size: 619B

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 11KB - Virtual size: 4.0MB

.rsrc
Size: 22KB - Virtual size: 22KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 22KB - Virtual size: 50KB

.gfids
Size: 512B - Virtual size: 172B

.text
Size: 198KB - Virtual size: 221KB

.measles
Size: 512B - Virtual size: 479B

.balladw
Size: 512B - Virtual size: 481B

.gynandr
Size: 512B - Virtual size: 24KB

.poulter
Size: 512B - Virtual size: 24KB

.postror
Size: 512B - Virtual size: 24KB

.quercet
Size: 512B - Virtual size: 24KB

.sumpit
Size: 1024B - Virtual size: 24KB

.tymp
Size: 1024B - Virtual size: 586B

.seduct
Size: 1024B - Virtual size: 590B

.swonken
Size: 512B - Virtual size: 24KB

.bocardo
Size: 512B - Virtual size: 363B

.solidar
Size: 1024B - Virtual size: 590B

.whimsic
Size: 512B - Virtual size: 24KB

.plasmod
Size: 512B - Virtual size: 24KB

.sensele
Size: 512B - Virtual size: 24KB

.placer
Size: 1024B - Virtual size: 520B

.astigma
Size: 1024B - Virtual size: 24KB

.gnawn
Size: 1024B - Virtual size: 550B

.anemota
Size: 512B - Virtual size: 24KB

.apal
Size: 512B - Virtual size: 465B

.octomer
Size: 1024B - Virtual size: 554B

.tabler
Size: 512B - Virtual size: 486B

.pennae
Size: 512B - Virtual size: 24KB

.varanid
Size: 512B - Virtual size: 24KB

.tuition
Size: 512B - Virtual size: 388B

.ectobat
Size: 512B - Virtual size: 386B

.doublin
Size: 512B - Virtual size: 429B

.tantali
Size: 1024B - Virtual size: 24KB

.inerrat
Size: 1024B - Virtual size: 528B

.wiggler
Size: 512B - Virtual size: 312B

.bacteri
Size: 512B - Virtual size: 340B

.outswel
Size: 1024B - Virtual size: 577B

.impenit
Size: 1024B - Virtual size: 24KB

.heliome
Size: 512B - Virtual size: 24KB

.ind
Size: 1024B - Virtual size: 626B

.defecto
Size: 512B - Virtual size: 24KB

.untoggl
Size: 1024B - Virtual size: 24KB

.apomict
Size: 1024B - Virtual size: 595B

.schilli
Size: 512B - Virtual size: 24KB

.ashcake
Size: 512B - Virtual size: 460B

.anemobi
Size: 1024B - Virtual size: 619B

.schoolm
Size: 1024B - Virtual size: 24KB

.mutage
Size: 512B - Virtual size: 24KB

.griever
Size: 512B - Virtual size: 369B

.kadarit
Size: 512B - Virtual size: 453B

.caratch
Size: 512B - Virtual size: 407B

.thoroug
Size: 512B - Virtual size: 24KB

.thoroug
Size: 512B - Virtual size: 24KB

.rightfu
Size: 512B - Virtual size: 325B

.coralli
Size: 512B - Virtual size: 24KB

.greensa
Size: 512B - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 19KB - Virtual size: 43KB

.scabriu
Size: 512B - Virtual size: 24KB

.overtak
Size: 512B - Virtual size: 24KB

.sapinda
Size: 512B - Virtual size: 24KB

.superac
Size: 512B - Virtual size: 30B

.portall
Size: 512B - Virtual size: 248B

.b
Size: 512B - Virtual size: 24KB

.testor
Size: 512B - Virtual size: 24KB

.diamagn
Size: 512B - Virtual size: 24KB

.sniping
Size: 512B - Virtual size: 24KB

.semifab
Size: 512B - Virtual size: 166B

.platyrr
Size: 512B - Virtual size: 100B

.rsrc
Size: 205KB - Virtual size: 204KB

.text
Size: 202KB - Virtual size: 201KB

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 20KB - Virtual size: 49KB