neshta | JaffaCakes118_d63224f2076b5cdb010e31dd408b07218381fd21939f8bd3b4aa8f5c03f6a702

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_d63224f2076b5cdb010e31dd408b07218381fd21939f8bd3b4aa8f5c03f6a702
Size

2.5MB
MD5

de6c6b3143f6d911c84e3a328854d98f
SHA1

902d930733dd950bb376cf46511489b6c82401d6
SHA256

d63224f2076b5cdb010e31dd408b07218381fd21939f8bd3b4aa8f5c03f6a702
SHA512

e87239cb4e2b79152baded43758adcb0cf980e32b11455b9072ce4059f4a4bf67b926631e67789a97ecb8ef917c7bc5f51f3cd16b41488724c4531890ae58a2a
SSDEEP

49152:si4J5Oovif8jmqjm8H2zDNl9ooITRJQg262UHrSG97597tjm8DBB/bBn7lQK:e8ovif8j3jMDNvJCSVWXj7TBnD

Score

10^/10

cryptone packer upx neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
static1/unpack001/ffbb6c4d8d704a530bdd557890f367ad904c09c03f53fda5615a7208a0ea3e4d	family_neshta

Neshta family
neshta

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
static1/unpack001/1dbe9f956514460774290197ffccb11d817d1a5a5aeab81877ae7b74daa1b592	cryptone

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/1e3bf358c76f4030ffc4437d5fcd80c54bd91b361abb43a4fa6340e62d986770	upx
static1/unpack001/76a77def28acf51b2b7cdcbfaa182fe5726dd3f9e891682a4efc3226640b9c78	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0f178bc093b6b9d25924a85d9a7dde64592215599733e83e3bbc6df219564335
unpack001/1b109db549dd0bf64cadafec575b5895690760c7180a4edbf0c5296766162f18
unpack001/1e3bf358c76f4030ffc4437d5fcd80c54bd91b361abb43a4fa6340e62d986770
unpack002/out.upx
unpack001/26b6a9fecfc9d4b4b2c2ff02885b257721687e6b820f72cf2e66c1cae2675739
unpack001/286bffaa9c81abfb938fe65be198770c38115cdec95865a241f913769e9bfd3f
unpack001/410c884d883ebe2172507b5eadd10bc8a2ae2564ba0d33b1e84e5f3c22bd3677
unpack001/5072678821b490853eff0a97191f262c4e8404984dd8d5be1151fef437ca26db
unpack001/69d9dd7fdd88f33e2343fb391ba063a65fe5ffbe649da1c5083ec4a67c525997
unpack001/76a77def28acf51b2b7cdcbfaa182fe5726dd3f9e891682a4efc3226640b9c78
unpack003/out.upx
unpack001/91d1ab6c305552685996f4d80c44cc1c694355ae7d09243df027827d1df61631
unpack001/ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75
unpack001/e3f236e4aeb73f8f8f0caebe46f53abbb2f71fa4b266a34ab50e01933709e877
unpack001/ffbb6c4d8d704a530bdd557890f367ad904c09c03f53fda5615a7208a0ea3e4d

Files

JaffaCakes118_d63224f2076b5cdb010e31dd408b07218381fd21939f8bd3b4aa8f5c03f6a702
.zip

Password: infected
0f178bc093b6b9d25924a85d9a7dde64592215599733e83e3bbc6df219564335
.exe windows:5 windows x86 arch:x86

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetWkstaGetInfo
NetApiBufferFree

iphlpapi

GetAdaptersInfo

ws2_32

WSAGetLastError
ioctlsocket
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup

crypt32

CryptBinaryToStringA

gdiplus

GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipDeleteFontFamily
GdipCreateLineBrushFromRect
GdipCreateStringFormat
GdiplusStartup
GdipDisposeImage
GdipCloneBrush
GdipDrawString
GdipFree
GdipGetGenericFontFamilySansSerif
GdipFillRectangle
GdipCreateFont
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipSetStringFormatLineAlign

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveBackslashW
StrFormatByteSize64A

mpr

WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetCloseEnum

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
RtlCreateUserThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
VerSetConditionMask
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
RtlCreateAcl
NtSetInformationFile
RtlDosPathNameToNtPathName_U
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock

msvcrt

srand
malloc
free
rand
calloc

kernel32

CreateFileW
GetFileAttributesW
GetDiskFreeSpaceExW
FindClose
WaitForMultipleObjects
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetFileSizeEx
ReadFile
CreateProcessW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
GetConsoleWindow
GetProcAddress
FindFirstVolumeW
QueryDosDeviceW
WaitForSingleObject
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetComputerNameA
VerifyVersionInfoW
GetSystemInfo
GetVersionExA
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetLocalTime
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleTitleA
WriteFile
SetConsoleMode
SetProcessShutdownParameters
SetThreadUILanguage
ExitThread
GetModuleHandleA
Sleep
GetConsoleMode
SetFileAttributesW

user32

DispatchMessageA
IsWindowVisible
DeleteMenu
wsprintfA
ShowWindow
SetWindowLongA
GetMessageA
GetWindowLongA
RegisterHotKey
RegisterClassA
DefWindowProcA
FlashWindow
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
wsprintfW
EnableMenuItem
SetForegroundWindow
CharUpperA
GetSystemMenu
GetMessageW
SystemParametersInfoW
wvsprintfA
GetSystemMetrics
CharLowerBuffW
PeekMessageW

advapi32

OpenSCManagerA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
SetThreadToken
RegOpenKeyA
CryptReleaseContext
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CreateProcessAsUserW
DuplicateToken
DuplicateTokenEx
GetTokenInformation
SetSecurityInfo
GetSecurityInfo
EnumDependentServicesA
CloseServiceHandle
InitializeSecurityDescriptor
CheckTokenMembership
RegSetValueExA
ControlService
RegSetValueExW
RegDeleteValueW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid

shell32

CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteExA
ShellExecuteExW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1b109db549dd0bf64cadafec575b5895690760c7180a4edbf0c5296766162f18
.exe windows:5 windows x86 arch:x86

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetWkstaGetInfo
NetApiBufferFree

iphlpapi

GetAdaptersInfo

ws2_32

WSAGetLastError
ioctlsocket
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup

crypt32

CryptBinaryToStringA

gdiplus

GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipDeleteFontFamily
GdipCreateLineBrushFromRect
GdipCreateStringFormat
GdiplusStartup
GdipDisposeImage
GdipCloneBrush
GdipDrawString
GdipFree
GdipGetGenericFontFamilySansSerif
GdipFillRectangle
GdipCreateFont
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipSetStringFormatLineAlign

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveBackslashW
StrFormatByteSize64A

mpr

WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetCloseEnum

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
RtlCreateUserThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
VerSetConditionMask
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
RtlCreateAcl
NtSetInformationFile
RtlDosPathNameToNtPathName_U
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock

msvcrt

srand
malloc
free
rand
calloc

kernel32

CreateFileW
GetFileAttributesW
GetDiskFreeSpaceExW
FindClose
WaitForMultipleObjects
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetFileSizeEx
ReadFile
CreateProcessW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
GetConsoleWindow
GetProcAddress
FindFirstVolumeW
QueryDosDeviceW
WaitForSingleObject
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetComputerNameA
VerifyVersionInfoW
GetSystemInfo
GetVersionExA
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetLocalTime
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleTitleA
WriteFile
SetConsoleMode
SetProcessShutdownParameters
SetThreadUILanguage
ExitThread
GetModuleHandleA
Sleep
GetConsoleMode
SetFileAttributesW

user32

DispatchMessageA
IsWindowVisible
DeleteMenu
wsprintfA
ShowWindow
SetWindowLongA
GetMessageA
GetWindowLongA
RegisterHotKey
RegisterClassA
DefWindowProcA
FlashWindow
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
wsprintfW
EnableMenuItem
SetForegroundWindow
CharUpperA
GetSystemMenu
GetMessageW
SystemParametersInfoW
wvsprintfA
GetSystemMetrics
CharLowerBuffW
PeekMessageW

advapi32

OpenSCManagerA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
SetThreadToken
RegOpenKeyA
CryptReleaseContext
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CreateProcessAsUserW
DuplicateToken
DuplicateTokenEx
GetTokenInformation
SetSecurityInfo
GetSecurityInfo
EnumDependentServicesA
CloseServiceHandle
InitializeSecurityDescriptor
CheckTokenMembership
RegSetValueExA
ControlService
RegSetValueExW
RegDeleteValueW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid

shell32

CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteExA
ShellExecuteExW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1dbe9f956514460774290197ffccb11d817d1a5a5aeab81877ae7b74daa1b592
.exe windows:4 windows x86 arch:x86

1989daa9c43f6e4cbe8ebd7434f74c47

Code Sign

63:c6:85:b6:45:e2:05:ba:43:f7:ea:cf:e6:41:01:5e
Certificate

Issuer

CN=TATNMESDIGVTXKPZHP

Not Before

11-05-2020 16:12

Not After

31-12-2039 23:59

Subject

CN=TATNMESDIGVTXKPZHP

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

55:60:2b:e0:d0:e5:1c:ae:46:59:72:03:96:01:13:6b:a1:40:f8:53
Signer

Actual PE Digest

55:60:2b:e0:d0:e5:1c:ae:46:59:72:03:96:01:13:6b:a1:40:f8:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualAllocEx
GetLastError

user32

LoadIconA
GetWindowTextLengthW
IsCharUpperW
IsGUIThread
GetTopWindow
DestroyMenu
GetClipboardOwner
EndMenu
IsCharLowerA
PaintDesktop
GetInputState
DestroyCursor
GetMenuContextHelpId
GetListBoxInfo
GetKeyboardLayout
IsWindowEnabled
IsWindow
GetDoubleClickTime
InSendMessage
GetDlgCtrlID
IsCharAlphaNumericW
GetClipboardSequenceNumber
CountClipboardFormats
IsClipboardFormatAvailable
CloseWindowStation
CharUpperW

gdi32

AddFontResourceW
GetEnhMetaFileW
GetObjectType
GetPixelFormat
DeleteObject
GetROP2
DeleteDC
GetDCPenColor
GetColorSpace
CancelDC
GetTextCharacterExtra
EndPath
SwapBuffers
FillPath
CreateMetaFileA
CloseMetaFile
PathToRegion
EndPage
EndDoc

comdlg32

GetFileTitleA

advapi32

RegQueryValueExA
RegSetValueW
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegCloseKey

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
StringFromCLSID

msvcrt

__p__commode
__p__fmode
__set_app_type
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_wcsnicmp
printf
_except_handler3
wcscpy
wcscat
fgetws
towupper
_iob
_putws
wcscmp
swprintf
malloc
free
_wcsicmp
wcschr
wcslen
_get_osfhandle

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 325B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1e3bf358c76f4030ffc4437d5fcd80c54bd91b361abb43a4fa6340e62d986770
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
26b6a9fecfc9d4b4b2c2ff02885b257721687e6b820f72cf2e66c1cae2675739
.exe windows:5 windows x86 arch:x86

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetWkstaGetInfo
NetApiBufferFree

iphlpapi

GetAdaptersInfo

ws2_32

WSAGetLastError
ioctlsocket
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup

crypt32

CryptBinaryToStringA

gdiplus

GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipDeleteFontFamily
GdipCreateLineBrushFromRect
GdipCreateStringFormat
GdiplusStartup
GdipDisposeImage
GdipCloneBrush
GdipDrawString
GdipFree
GdipGetGenericFontFamilySansSerif
GdipFillRectangle
GdipCreateFont
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipSetStringFormatLineAlign

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveBackslashW
StrFormatByteSize64A

mpr

WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetCloseEnum

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
RtlCreateUserThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
VerSetConditionMask
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
RtlCreateAcl
NtSetInformationFile
RtlDosPathNameToNtPathName_U
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock

msvcrt

srand
malloc
free
rand
calloc

kernel32

CreateFileW
GetFileAttributesW
GetDiskFreeSpaceExW
FindClose
WaitForMultipleObjects
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetFileSizeEx
ReadFile
CreateProcessW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
GetConsoleWindow
GetProcAddress
FindFirstVolumeW
QueryDosDeviceW
WaitForSingleObject
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetComputerNameA
VerifyVersionInfoW
GetSystemInfo
GetVersionExA
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetLocalTime
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleTitleA
WriteFile
SetConsoleMode
SetProcessShutdownParameters
SetThreadUILanguage
ExitThread
GetModuleHandleA
Sleep
GetConsoleMode
SetFileAttributesW

user32

DispatchMessageA
IsWindowVisible
DeleteMenu
wsprintfA
ShowWindow
SetWindowLongA
GetMessageA
GetWindowLongA
RegisterHotKey
RegisterClassA
DefWindowProcA
FlashWindow
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
wsprintfW
EnableMenuItem
SetForegroundWindow
CharUpperA
GetSystemMenu
GetMessageW
SystemParametersInfoW
wvsprintfA
GetSystemMetrics
CharLowerBuffW
PeekMessageW

advapi32

OpenSCManagerA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
SetThreadToken
RegOpenKeyA
CryptReleaseContext
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CreateProcessAsUserW
DuplicateToken
DuplicateTokenEx
GetTokenInformation
SetSecurityInfo
GetSecurityInfo
EnumDependentServicesA
CloseServiceHandle
InitializeSecurityDescriptor
CheckTokenMembership
RegSetValueExA
ControlService
RegSetValueExW
RegDeleteValueW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid

shell32

CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteExA
ShellExecuteExW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
286bffaa9c81abfb938fe65be198770c38115cdec95865a241f913769e9bfd3f
.exe windows:5 windows x86 arch:x86

01e0549a1a46ccf2960d3d124cf32ee9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\lowdoes\magnetTen\DrawSince\LargeSeason\northfraction\enemybarChord.pdb

Imports

kernel32

CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenEventA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
HeapReAlloc
HeapSize
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTickCount
QueryPerformanceCounter
GetTimeZoneInformation
IsValidCodePage
GetACP
CompareStringW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
ExitProcess
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
SetFilePointer
WriteFile
CreateFileA
GetCurrentProcess
GetModuleHandleW
InterlockedIncrement
InterlockedExchange
GetCurrentThread
GetLocaleInfoA
GetOEMCP
GetCPInfo
GlobalFlags
lstrcmpA
FormatMessageA
SetEvent
CloseHandle
CompareStringA
MultiByteToWideChar
LoadLibraryA
lstrcmpW
GetCurrentThreadId
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
GetCurrentProcessId
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalReAlloc
GlobalLock
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LoadResource
LockResource
SizeofResource
FindResourceA
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
lstrlenA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetAtomNameA
GlobalGetAtomNameA
GetLastError
SetLastError
CreateEventA
GetSystemDirectoryA
LocalAlloc
MoveFileA
VirtualProtect
GetCurrentDirectoryA
LocalFree
Sleep

ole32

StringFromCLSID
OleUninitialize
OleInitialize
OleSetContainedObject
CoTaskMemFree

oleaut32

VariantInit
VariantChangeType
VariantClear

uxtheme

CloseThemeData
GetThemeBackgroundRegion
GetThemeFont
DrawThemeText
OpenThemeData

gdi32

DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
DeleteDC
Escape
GetTextExtentPoint32A
TextOutA
GetPixel
BitBlt
RectVisible
PtVisible
SelectObject
GetDeviceCaps
CreateCompatibleDC
ExtTextOutA
GetClipBox
SetTextColor
SetBkColor
GetObjectA
GetStockObject
GetObjectType
CreateSolidBrush
CreatePatternBrush
CreateFontIndirectA
CreateBitmap
CreateCompatibleBitmap

user32

MapWindowPoints
GetClientRect
LoadIconA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
RegisterWindowMessageA
ValidateRect
GetSysColorBrush
LoadBitmapA
TabbedTextOutA
FillRect
DrawTextA
DrawTextExA
GrayStringA
CreatePopupMenu
IsMenu
CheckMenuItem
EnableMenuItem
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuItemInfoA
GetSubMenu
InsertMenuItemA
ModifyMenuA
SetMenuItemBitmaps
LoadMenuA
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
GetActiveWindow
GetDesktopWindow
GetMenuCheckMarkDimensions
BringWindowToTop
UpdateWindow
InvalidateRect
IsWindowVisible
ShowOwnedPopups
GetSysColor
SetForegroundWindow
GetForegroundWindow
LoadCursorA
SetWindowTextA
ShowWindow
SetRectEmpty
SetCursor
ReleaseCapture
LoadAcceleratorsA
TranslateAcceleratorA
DestroyMenu
ReuseDDElParam
UnpackDDElParam
GetClipboardFormatNameA
PtInRect
InflateRect
PostQuitMessage
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
UnhookWindowsHookEx
IsWindow
SendMessageA
PostMessageA
GetTopWindow
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
GetWindow
GetCapture
WinHelpA
TrackPopupMenu
GetDlgItem
GetWindowTextA
GetKeyState
DestroyWindow
GetDlgCtrlID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
SetMenu
GetMenu
GetMessageTime
GetMessagePos
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
MessageBoxA
GetWindowLongA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetWindowThreadProcessId

oleacc

CreateStdAccessibleObject
LresultFromObject

shell32

DragFinish
DragQueryFileA

advapi32

OpenThreadToken
RevertToSelf
SetThreadToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
410c884d883ebe2172507b5eadd10bc8a2ae2564ba0d33b1e84e5f3c22bd3677
.exe windows:5 windows x86 arch:x86

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetWkstaGetInfo
NetApiBufferFree

iphlpapi

GetAdaptersInfo

ws2_32

WSAGetLastError
ioctlsocket
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup

crypt32

CryptBinaryToStringA

gdiplus

GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipDeleteFontFamily
GdipCreateLineBrushFromRect
GdipCreateStringFormat
GdiplusStartup
GdipDisposeImage
GdipCloneBrush
GdipDrawString
GdipFree
GdipGetGenericFontFamilySansSerif
GdipFillRectangle
GdipCreateFont
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipSetStringFormatLineAlign

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveBackslashW
StrFormatByteSize64A

mpr

WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetCloseEnum

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
RtlCreateUserThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
VerSetConditionMask
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
RtlCreateAcl
NtSetInformationFile
RtlDosPathNameToNtPathName_U
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock

msvcrt

srand
malloc
free
rand
calloc

kernel32

CreateFileW
GetFileAttributesW
GetDiskFreeSpaceExW
FindClose
WaitForMultipleObjects
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetFileSizeEx
ReadFile
CreateProcessW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
GetConsoleWindow
GetProcAddress
FindFirstVolumeW
QueryDosDeviceW
WaitForSingleObject
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetComputerNameA
VerifyVersionInfoW
GetSystemInfo
GetVersionExA
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetLocalTime
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleTitleA
WriteFile
SetConsoleMode
SetProcessShutdownParameters
SetThreadUILanguage
ExitThread
GetModuleHandleA
Sleep
GetConsoleMode
SetFileAttributesW

user32

DispatchMessageA
IsWindowVisible
DeleteMenu
wsprintfA
ShowWindow
SetWindowLongA
GetMessageA
GetWindowLongA
RegisterHotKey
RegisterClassA
DefWindowProcA
FlashWindow
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
wsprintfW
EnableMenuItem
SetForegroundWindow
CharUpperA
GetSystemMenu
GetMessageW
SystemParametersInfoW
wvsprintfA
GetSystemMetrics
CharLowerBuffW
PeekMessageW

advapi32

OpenSCManagerA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
SetThreadToken
RegOpenKeyA
CryptReleaseContext
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CreateProcessAsUserW
DuplicateToken
DuplicateTokenEx
GetTokenInformation
SetSecurityInfo
GetSecurityInfo
EnumDependentServicesA
CloseServiceHandle
InitializeSecurityDescriptor
CheckTokenMembership
RegSetValueExA
ControlService
RegSetValueExW
RegDeleteValueW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid

shell32

CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteExA
ShellExecuteExW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5072678821b490853eff0a97191f262c4e8404984dd8d5be1151fef437ca26db
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\user\work\code\dotnet\regedit-64\regedit-64\obj\Release\rs40.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
69d9dd7fdd88f33e2343fb391ba063a65fe5ffbe649da1c5083ec4a67c525997
.exe windows:5 windows x86 arch:x86

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetWkstaGetInfo
NetApiBufferFree

iphlpapi

GetAdaptersInfo

ws2_32

WSAGetLastError
ioctlsocket
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup

crypt32

CryptBinaryToStringA

gdiplus

GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipDeleteFontFamily
GdipCreateLineBrushFromRect
GdipCreateStringFormat
GdiplusStartup
GdipDisposeImage
GdipCloneBrush
GdipDrawString
GdipFree
GdipGetGenericFontFamilySansSerif
GdipFillRectangle
GdipCreateFont
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipSetStringFormatLineAlign

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveBackslashW
StrFormatByteSize64A

mpr

WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetCloseEnum

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
RtlCreateUserThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
VerSetConditionMask
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
RtlCreateAcl
NtSetInformationFile
RtlDosPathNameToNtPathName_U
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock

msvcrt

srand
malloc
free
rand
calloc

kernel32

CreateFileW
GetFileAttributesW
GetDiskFreeSpaceExW
FindClose
WaitForMultipleObjects
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetFileSizeEx
ReadFile
CreateProcessW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
GetConsoleWindow
GetProcAddress
FindFirstVolumeW
QueryDosDeviceW
WaitForSingleObject
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetComputerNameA
VerifyVersionInfoW
GetSystemInfo
GetVersionExA
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetLocalTime
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleTitleA
WriteFile
SetConsoleMode
SetProcessShutdownParameters
SetThreadUILanguage
ExitThread
GetModuleHandleA
Sleep
GetConsoleMode
SetFileAttributesW

user32

DispatchMessageA
IsWindowVisible
DeleteMenu
wsprintfA
ShowWindow
SetWindowLongA
GetMessageA
GetWindowLongA
RegisterHotKey
RegisterClassA
DefWindowProcA
FlashWindow
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
wsprintfW
EnableMenuItem
SetForegroundWindow
CharUpperA
GetSystemMenu
GetMessageW
SystemParametersInfoW
wvsprintfA
GetSystemMetrics
CharLowerBuffW
PeekMessageW

advapi32

OpenSCManagerA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
SetThreadToken
RegOpenKeyA
CryptReleaseContext
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CreateProcessAsUserW
DuplicateToken
DuplicateTokenEx
GetTokenInformation
SetSecurityInfo
GetSecurityInfo
EnumDependentServicesA
CloseServiceHandle
InitializeSecurityDescriptor
CheckTokenMembership
RegSetValueExA
ControlService
RegSetValueExW
RegDeleteValueW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid

shell32

CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteExA
ShellExecuteExW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
76a77def28acf51b2b7cdcbfaa182fe5726dd3f9e891682a4efc3226640b9c78
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 544KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 319KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
91d1ab6c305552685996f4d80c44cc1c694355ae7d09243df027827d1df61631
.exe windows:5 windows x86 arch:x86

e9f710b579880d1b6ff748176eb620f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetApiBufferFree
NetShareEnum

iphlpapi

GetAdaptersInfo

ws2_32

WSAGetLastError
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup
ioctlsocket

crypt32

CryptBinaryToStringA

gdiplus

GdipGetImageEncodersSize
GdipDeleteGraphics
GdipDeleteStringFormat
GdipGetImageGraphicsContext
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipCloneBrush
GdipDrawString
GdipFree
GdipDeleteBrush
GdipAlloc
GdipDisposeImage
GdipCreateLineBrushFromRect
GdipSetStringFormatLineAlign
GdipCreateFont
GdiplusStartup
GdipGetGenericFontFamilySansSerif
GdipCreateStringFormat
GdipDeleteFontFamily
GdipGetImageEncoders
GdipFillRectangle
GdipCreateFontFamilyFromName

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveBackslashW
PathRemoveExtensionA
StrFormatByteSize64A
PathRemoveFileSpecW

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetAddConnection2W

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
NtClose
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
NtSetInformationProcess
RtlCreateAcl
NtWaitForSingleObject
NtSetInformationFile
RtlDosPathNameToNtPathName_U
NtCreateIoCompletion
NtRemoveIoCompletion
NtQueryInformationFile
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock

msvcrt

malloc
calloc
free

kernel32

GetLocalTime
GetProcAddress
SetThreadUILanguage
GetConsoleMode
GetWindowsDirectoryW
GetCurrentProcess
GlobalFree
GlobalAlloc
ReadFile
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
GetModuleHandleA
SetProcessShutdownParameters
SetConsoleMode
WriteFile
GetConsoleWindow
SetConsoleTitleA
FindVolumeClose
SetVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
GetVersion
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
GetUserDefaultUILanguage
TerminateProcess
GetSystemDefaultUILanguage
Process32First
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
Sleep
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetDiskFreeSpaceExW
SetFileAttributesW
ExitThread
GetFileAttributesW
CreateFileW
FindClose
SetConsoleTextAttribute
WaitForMultipleObjects
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
SetConsoleCtrlHandler

user32

wsprintfW
GetMessageW
GetSystemMenu
SystemParametersInfoW
DeleteMenu
wsprintfA
CharUpperA
SetWindowLongA
PeekMessageW
GetWindowLongA
wvsprintfA
RegisterHotKey
FlashWindow
SetLayeredWindowAttributes
EnableMenuItem
MessageBoxA
GetSystemMetrics
GetShellWindow
GetWindowThreadProcessId
IsWindowVisible
ShowWindow
CharLowerBuffW

advapi32

CloseServiceHandle
RegQueryValueExW
RegDeleteValueW
RegSetValueExA
RegSetValueExW
RegCreateKeyExA
RegQueryValueExA
OpenProcessToken
DuplicateToken
OpenThreadToken
GetTokenInformation
SetSecurityInfo
RegOpenKeyA
RegCloseKey
GetSecurityInfo
EnumDependentServicesA
SetThreadToken
OpenSCManagerA
ControlService
QueryServiceStatusEx
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid
CheckTokenMembership
InitializeSecurityDescriptor
CryptReleaseContext

shell32

SHEmptyRecycleBinW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExA
ShellExecuteExW
CommandLineToArgvW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\user\work\code\dotnet\regedit-64\regedit-64\obj\Release\rs35.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e3f236e4aeb73f8f8f0caebe46f53abbb2f71fa4b266a34ab50e01933709e877
.exe windows:5 windows x86 arch:x86

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetWkstaGetInfo
NetApiBufferFree

iphlpapi

GetAdaptersInfo

ws2_32

WSAGetLastError
ioctlsocket
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup

crypt32

CryptBinaryToStringA

gdiplus

GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipDeleteFontFamily
GdipCreateLineBrushFromRect
GdipCreateStringFormat
GdiplusStartup
GdipDisposeImage
GdipCloneBrush
GdipDrawString
GdipFree
GdipGetGenericFontFamilySansSerif
GdipFillRectangle
GdipCreateFont
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipSetStringFormatLineAlign

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveBackslashW
StrFormatByteSize64A

mpr

WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetCloseEnum

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
RtlCreateUserThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
VerSetConditionMask
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
RtlCreateAcl
NtSetInformationFile
RtlDosPathNameToNtPathName_U
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock

msvcrt

srand
malloc
free
rand
calloc

kernel32

CreateFileW
GetFileAttributesW
GetDiskFreeSpaceExW
FindClose
WaitForMultipleObjects
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetFileSizeEx
ReadFile
CreateProcessW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
GetConsoleWindow
GetProcAddress
FindFirstVolumeW
QueryDosDeviceW
WaitForSingleObject
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetComputerNameA
VerifyVersionInfoW
GetSystemInfo
GetVersionExA
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetLocalTime
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleTitleA
WriteFile
SetConsoleMode
SetProcessShutdownParameters
SetThreadUILanguage
ExitThread
GetModuleHandleA
Sleep
GetConsoleMode
SetFileAttributesW

user32

DispatchMessageA
IsWindowVisible
DeleteMenu
wsprintfA
ShowWindow
SetWindowLongA
GetMessageA
GetWindowLongA
RegisterHotKey
RegisterClassA
DefWindowProcA
FlashWindow
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
wsprintfW
EnableMenuItem
SetForegroundWindow
CharUpperA
GetSystemMenu
GetMessageW
SystemParametersInfoW
wvsprintfA
GetSystemMetrics
CharLowerBuffW
PeekMessageW

advapi32

OpenSCManagerA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
SetThreadToken
RegOpenKeyA
CryptReleaseContext
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CreateProcessAsUserW
DuplicateToken
DuplicateTokenEx
GetTokenInformation
SetSecurityInfo
GetSecurityInfo
EnumDependentServicesA
CloseServiceHandle
InitializeSecurityDescriptor
CheckTokenMembership
RegSetValueExA
ControlService
RegSetValueExW
RegDeleteValueW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid

shell32

CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteExA
ShellExecuteExW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
faa3453ceb1bd4e5b0b10171eaa908e56e7275173178010fcc323fdea67a6869
.exe windows:5 windows x86 arch:x86

01e0549a1a46ccf2960d3d124cf32ee9

Code Sign

9b:d6:14:d5:86:9b:b6:6c:96:b6:7e:15:4d:51:73:84
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-12-2019 00:00

Not After

07-11-2020 23:59

Subject

CN=\"CENTR MBP\",O=\"CENTR MBP\",POSTALCODE=344064,STREET=Vavilova\, 56\,309/1,L=Rostov-na-Donu,ST=Rostovskaya Obl,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01-02-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:26:ba:89:41:f7:1f:81:a4:8b:8b:91:61:83:f0:73:e7:64:fa:f8
Signer

Actual PE Digest

0c:26:ba:89:41:f7:1f:81:a4:8b:8b:91:61:83:f0:73:e7:64:fa:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\lowdoes\magnetTen\DrawSince\LargeSeason\northfraction\enemybarChord.pdb

Imports

kernel32

CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenEventA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
HeapReAlloc
HeapSize
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTickCount
QueryPerformanceCounter
GetTimeZoneInformation
IsValidCodePage
GetACP
CompareStringW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
ExitProcess
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
SetFilePointer
WriteFile
CreateFileA
GetCurrentProcess
GetModuleHandleW
InterlockedIncrement
InterlockedExchange
GetCurrentThread
GetLocaleInfoA
GetOEMCP
GetCPInfo
GlobalFlags
lstrcmpA
FormatMessageA
SetEvent
CloseHandle
CompareStringA
MultiByteToWideChar
LoadLibraryA
lstrcmpW
GetCurrentThreadId
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
GetCurrentProcessId
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalReAlloc
GlobalLock
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LoadResource
LockResource
SizeofResource
FindResourceA
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
lstrlenA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetAtomNameA
GlobalGetAtomNameA
GetLastError
SetLastError
CreateEventA
GetSystemDirectoryA
LocalAlloc
MoveFileA
VirtualProtect
GetCurrentDirectoryA
LocalFree
Sleep

ole32

StringFromCLSID
OleUninitialize
OleInitialize
OleSetContainedObject
CoTaskMemFree

oleaut32

VariantInit
VariantChangeType
VariantClear

uxtheme

CloseThemeData
GetThemeBackgroundRegion
GetThemeFont
DrawThemeText
OpenThemeData

gdi32

DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
DeleteDC
Escape
GetTextExtentPoint32A
TextOutA
GetPixel
BitBlt
RectVisible
PtVisible
SelectObject
GetDeviceCaps
CreateCompatibleDC
ExtTextOutA
GetClipBox
SetTextColor
SetBkColor
GetObjectA
GetStockObject
GetObjectType
CreateSolidBrush
CreatePatternBrush
CreateFontIndirectA
CreateBitmap
CreateCompatibleBitmap

user32

MapWindowPoints
GetClientRect
LoadIconA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
RegisterWindowMessageA
ValidateRect
GetSysColorBrush
LoadBitmapA
TabbedTextOutA
FillRect
DrawTextA
DrawTextExA
GrayStringA
CreatePopupMenu
IsMenu
CheckMenuItem
EnableMenuItem
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuItemInfoA
GetSubMenu
InsertMenuItemA
ModifyMenuA
SetMenuItemBitmaps
LoadMenuA
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
GetActiveWindow
GetDesktopWindow
GetMenuCheckMarkDimensions
BringWindowToTop
UpdateWindow
InvalidateRect
IsWindowVisible
ShowOwnedPopups
GetSysColor
SetForegroundWindow
GetForegroundWindow
LoadCursorA
SetWindowTextA
ShowWindow
SetRectEmpty
SetCursor
ReleaseCapture
LoadAcceleratorsA
TranslateAcceleratorA
DestroyMenu
ReuseDDElParam
UnpackDDElParam
GetClipboardFormatNameA
PtInRect
InflateRect
PostQuitMessage
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
UnhookWindowsHookEx
IsWindow
SendMessageA
PostMessageA
GetTopWindow
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
GetWindow
GetCapture
WinHelpA
TrackPopupMenu
GetDlgItem
GetWindowTextA
GetKeyState
DestroyWindow
GetDlgCtrlID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
SetMenu
GetMenu
GetMessageTime
GetMessagePos
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
MessageBoxA
GetWindowLongA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetWindowThreadProcessId

oleacc

CreateStdAccessibleObject
LresultFromObject

shell32

DragFinish
DragQueryFileA

advapi32

OpenThreadToken
RevertToSelf
SetThreadToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ffbb6c4d8d704a530bdd557890f367ad904c09c03f53fda5615a7208a0ea3e4d
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

iphlpapi

ws2_32

crypt32

gdiplus

shlwapi

mpr

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 8KB

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

iphlpapi

ws2_32

crypt32

gdiplus

shlwapi

mpr

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 8KB

1989daa9c43f6e4cbe8ebd7434f74c47

Code Sign

63:c6:85:b6:45:e2:05:ba:43:f7:ea:cf:e6:41:01:5eCertificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

55:60:2b:e0:d0:e5:1c:ae:46:59:72:03:96:01:13:6b:a1:40:f8:53Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

msvcrt

Sections

.text Size: 271KB - Virtual size: 270KB

.rdata Size: 512B - Virtual size: 325B

.data Size: 23KB - Virtual size: 22KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 8KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 8KB

63:c6:85:b6:45:e2:05:ba:43:f7:ea:cf:e6:41:01:5e
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

55:60:2b:e0:d0:e5:1c:ae:46:59:72:03:96:01:13:6b:a1:40:f8:53
Signer

.text
Size: 271KB - Virtual size: 270KB

.rdata
Size: 512B - Virtual size: 325B

.data
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 15KB - Virtual size: 15KB

UPX0
Size: - Virtual size: 108KB

UPX1
Size: 65KB - Virtual size: 68KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 8KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 8KB

.text
Size: 489KB - Virtual size: 489KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 11KB - Virtual size: 97KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 62KB - Virtual size: 62KB