mrblack | MALZ6[.]zip

Resubmissions

02-01-2025 21:33

250102-1ejbvswpcv 10

08-12-2024 01:12

241208-bkq68azkep 10

Sharing

Copy URL

Twitter E-mail

General

Target

MALZ6.zip
Size

17.8MB
MD5

5ad5a10e0ae8eeb1bb6817c9d0cd960e
SHA1

ecb3ffcf79aedfa3c35c2dab0b4f5ca0f872b62c
SHA256

c858e10e29b769ca86445ba1bebdf708e88245da4e96c4afc967818e8293e099
SHA512

05b6ee99e6843d928255daded5a699231c25275b726f68be2b67c6bfc59305bc2b2ad5ae6ab11e70ce975a3ad10e7acbb520601728d9e4b255b7891263828cdd
SSDEEP

393216:P7tKCblX9nuQNeyIvnpDDsIT0vyirPw9yesWcnE1zoQrq8:c6hVeyQpvsIgvyirPiKWcnkUr8

Score

10^/10

upx mrblack gh0strat

Malware Config

Signatures

Gh0st RAT payload 8 IoCs

resource	yara_rule
static1/unpack001/HkMh_3.exe	family_gh0strat
static1/unpack001/bj.exe	family_gh0strat
static1/unpack001/bjyk.exe	family_gh0strat
static1/unpack001/dhl.exe	family_gh0strat
static1/unpack001/server.exe	family_gh0strat
static1/unpack001/smss.exe	family_gh0strat
static1/unpack001/yk.exe	family_gh0strat
static1/unpack001/yk1.exe	family_gh0strat

Gh0strat family
gh0strat

MrBlack trojan 2 IoCs

resource	yara_rule
static1/unpack001/Drkv	family_mrblack
static1/unpack001/squld	family_mrblack

Mrblack family
mrblack

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/06432	upx
static1/unpack001/Killbash.x	upx
static1/unpack001/mh.exe	upx
static1/unpack001/rootkit	upx

Unsigned PE 27 IoCs

Checks for missing Authenticode signature.

resource
unpack002/客户端(Client)_KEY.exe
unpack006/10711.exe
unpack006/711.exe
unpack001/FCK_RSC.dump
unpack001/FUCK360.exe
unpack001/GetPass.exe
unpack001/HkMh.exe
unpack001/HkMh_2.exe
unpack001/HkMh_3.exe
unpack001/ShellCodeDec.bat
unpack001/UDP.exe
unpack001/bj.exe
unpack001/bjyk.exe
unpack001/cctv.exe
unpack001/cctv_2.exe
unpack001/cn.exe
unpack001/dhl.exe
unpack001/k5.exe
unpack001/mh.exe
unpack001/se.exe
unpack001/server.exe
unpack001/smss.exe
unpack001/taskmgr.exe
unpack001/win.exe
unpack001/xm.exe
unpack001/yk.exe
unpack001/yk1.exe

Files

MALZ6.zip
.zip

Password: infected
(Client)_KEY.rar
.rar

Password: infected
SConfig.ini
客户端(Client)_KEY.exe
.exe windows:4 windows x86 arch:x86

Password: infected

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 384KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 988KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pyajvcsw
Size: 796KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ergjshnt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
06432
.elf linux x86
1.exe
.html
518_2.exe
.exe windows:4 windows x86 arch:x86

Password: infected

9b707ded22e05293ffd8d13fa0664210

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

54:70:46:b7:b2:a6:fc:fa:4e:a0:6b:2a:81:a3:af:8f
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

26-05-2010 00:00

Not After

25-05-2013 23:59

Subject

CN=Axialis SA,O=Axialis SA,POSTALCODE=75008,STREET=1\, rue de Stockholm,L=Paris,ST=IDF,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:ae:5a:d2:3a:44:77:7b:4b:e5:0a:a6:01:bb:f7:5d:69:a5:ef:88
Signer

Actual PE Digest

1a:ae:5a:d2:3a:44:77:7b:4b:e5:0a:a6:01:bb:f7:5d:69:a5:ef:88

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MakeSureDirectoryPathExists

kernel32

GetVersionExA
LocalFree
HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
Sleep
CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
SetFilePointer
HeapReAlloc
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
IsBadWritePtr
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetLastError
SetConsoleCtrlHandler
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LocalAlloc
InterlockedExchange

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
520.exe
.exe windows:4 windows x86 arch:x86

Password: infected

2c8ea7e5a762ee60507eaab54fccc798

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:06:86:2c:00:00:00:00:00:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2011-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)2011,O=VeriSign Inc.,C=US

Not Before

17-11-2011 05:06

Not After

17-11-2511 05:01

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

93:9e:ec:ae:c5:79:9e:e3:59:a8:88:13:cb:02:83:4f:32:5c:17:d5
Signer

Actual PE Digest

93:9e:ec:ae:c5:79:9e:e3:59:a8:88:13:cb:02:83:4f:32:5c:17:d5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_controlfp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_ftol
asin
printf
strlen
strcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
free
realloc
memset
_except_handler3
memcpy

imagehlp

MakeSureDirectoryPathExists

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

kernel32

FreeLibrary
HeapFree
IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualFree
VirtualProtect
Sleep
VirtualAlloc
GetProcessHeap
HeapAlloc
WriteFile
CreateFileA
ReadFile
GetFileSize
SetFilePointer
GetModuleHandleA
GetStartupInfoA
CloseHandle

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
711_2.rar
.rar

Password: infected
10711.exe
.exe windows:5 windows x86 arch:x86

Password: infected

a0701968874db905ad2f19b441b018da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\SVN2\trunk\小陈\反向\Manager\Release\Manager.pdb

Imports

ws2_32

WSASocketA
setsockopt
WSAIoctl
accept
listen
send
closesocket
socket
bind
gethostname
WSACleanup
htons
WSAGetLastError
select
WSAStartup
WSARecv
WSASend
recv
gethostbyname
inet_addr
inet_ntoa
ntohs

kernel32

InterlockedIncrement
GetCPInfo
GetOEMCP
GetThreadLocale
FileTimeToSystemTime
GetModuleHandleW
WritePrivateProfileStringA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
TlsSetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
GetCommandLineA
GetStartupInfoA
HeapAlloc
RtlUnwind
RaiseException
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
HeapSize
GetACP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
TlsFree
CompareStringW
SetEnvironmentVariableA
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
lstrlenA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
LoadLibraryA
SetLastError
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetModuleFileNameA
GetLocalTime
MultiByteToWideChar
GetTickCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OpenEventA
CreateEventA
SetEvent
CreateThread
InterlockedExchange
TerminateThread
WaitForSingleObject
GetCurrentThreadId
MoveFileA
CloseHandle
FindClose
FindFirstFileA
GetFileSizeEx
ReadFile
WriteFile
SetFilePointer
CreateFileA
PostQueuedCompletionStatus
CancelIo
GetLastError
GetQueuedCompletionStatus
CreateIoCompletionPort
DeleteFileA
Sleep
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetProcessHeap
LocalReAlloc
InterlockedCompareExchange
TerminateProcess
CreateFileW

user32

GetSysColorBrush
LoadCursorA
UnregisterClassA
InvalidateRect
SetCapture
ReleaseCapture
CharNextA
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
CharUpperA
RegisterClipboardFormatA
PostThreadMessageA
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ReleaseDC
GetDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
GetDlgItem
IsWindowEnabled
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
RegisterWindowMessageA
EndPaint
GetParent
GetNextDlgTabItem
EndDialog
SetWindowLongA
GetWindowLongA
GetWindowRect
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
GetFocus
AppendMenuA
GetSystemMenu
LoadIconA
SendMessageA
EnableWindow
SetMenu

gdi32

ExtTextOutA
SaveDC
RestoreDC
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
GetViewportExtEx
CreateRectRgnIndirect
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
RectVisible
PtVisible
GetWindowExtEx
DeleteObject
SetMapMode

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoInitializeEx

oleaut32

VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
VariantClear

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
711.exe
.exe windows:5 windows x86 arch:x86

Password: infected

160ca90966867f92a1e8064697edb02d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\trunk\小陈\IntergrateCHK\Release\IntergrateCHK.pdb

Imports

kernel32

GetVersionExA
GetLastError
Sleep
CloseHandle
GetSystemWow64DirectoryA
CreateDirectoryA
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LoadResource
FindResourceA
SetFilePointer
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
ReadFile
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap

advapi32

StartServiceA
DeleteService
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
ControlService

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TSmm
.elf linux x86
Drkv
.elf linux x86
FCK_RSC.dump
.dll windows:4 windows x86 arch:x86

Password: infected

e23b2990e58346a0a026310d32a82b0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceA
CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
GetLastError
CreateMutexA
lstrcmpiA
GetModuleFileNameA
WaitForSingleObject
GetTickCount
GetLogicalDrives
FindClose
FindNextFileA
SetFileAttributesA
CopyFileA
GetFileAttributesA
FindFirstFileA
lstrcpyA
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
FreeLibrary
SetEvent
CreateEventA
DisableThreadLibraryCalls
LoadLibraryA
lstrcatA
GetSystemDirectoryA

shell32

ord64

shlwapi

PathFindExtensionA
PathAppendA
PathFindFileNameA

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FUCK360.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rhxcujm
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rol
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GetPass.exe
.exe windows:4 windows x86 arch:x86

a1ed4cd324f7b8102ea860429d3d02f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
FreeLibrary
OpenProcess
ReadProcessMemory
GetVersionExA
GetCurrentProcess
WideCharToMultiByte
lstrcmpiA
LoadLibraryA
CloseHandle
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetLastError
GetFileAttributesA
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
FlushFileBuffers
MultiByteToWideChar
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HkMh.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Ip

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qnk
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HkMh_2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gzlyoze
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wtq
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HkMh_3.exe
.exe windows:4 windows x86 arch:x86

b39d2a8818e34e573819e4d3d2aced3a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
OpenEventA
CreateMutexA
CopyFileA
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrcpyW
LocalReAlloc
GlobalMemoryStatusEx
WinExec
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
CreateRemoteThread
GetModuleHandleA
OpenProcess
FreeLibrary
GetDiskFreeSpaceExA
GetDriveTypeA
ReadFile
LocalAlloc
LocalFree
GetLocalTime
CreateFileA
GetFileSize
SetFilePointer
lstrlenA
WriteFile
GetTempPathA
GetTickCount
MoveFileExA
SetFileAttributesA
GetSystemDirectoryA
DeleteFileA
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
ResumeThread
CreateThread
TerminateThread
lstrcpyA
GetWindowsDirectoryA
lstrcatA
GetStartupInfoA
CreateProcessA
GetProcAddress
GetFileAttributesA
GetLastError
MoveFileA
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
Sleep
LoadLibraryA
LocalSize

user32

EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
GetMessageA
PostThreadMessageA
GetInputState
SetClipboardData
LoadIconA
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
IsWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
SendMessageA
SystemParametersInfoA
BlockInput
wsprintfA
DestroyCursor
LoadCursorA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
RegisterClassA
MessageBoxA

gdi32

GetDIBits
BitBlt
GetStockObject
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
CreateCompatibleBitmap
DeleteObject

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA
AbortSystemShutdownA
QueryServiceStatus
ControlService
RegDeleteKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegCloseKey
RegSetValueExA
RegCreateKeyA
DeleteService
OpenServiceA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyExA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

msvcrt

_onexit
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
strlen
??0exception@@QAE@ABV0@@Z
_strcmpi
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_iob
memcpy
__dllonexit
??1type_info@@UAE@XZ
calloc
_snprintf
_beginthreadex
atol
_mbscmp
_mbsstr
wcscpy
wcstombs
wcslen
mbstowcs
_errno
strncpy
strncmp
rand
atoi
realloc
strncat
exit
strrchr
sprintf
_except_handler3
free
malloc
strchr
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException
memmove
ceil
_ftol

ws2_32

WSAStartup
gethostname
ioctlsocket
__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
bind
ntohs
WSACleanup
WSAIoctl
inet_addr
inet_ntoa
getsockname
send
closesocket
recv
select
socket
gethostbyname
setsockopt
connect
htons

urlmon

URLDownloadToFileA

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

avicap32

capGetDriverDescriptionA

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree

iphlpapi

GetIfTable

netapi32

NetUserGetInfo
NetUserDel
NetUserSetInfo
NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum
NetLocalGroupAddMembers
NetUserAdd

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSDisconnectSession
WTSLogoffSession

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qvafjlz
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Killbash.x
.elf linux x64
Server.rar
.rar
ShellCodeDec.bat
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TSmm
.elf linux x86
Trustr
.elf linux x86
UDP.exe
.exe windows:4 windows x86 arch:x86

fc6a2966c254e32428f6c0585b67594c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1089
ord5199
ord2396
ord3346
ord3922
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord3663
ord641
ord790
ord800
ord2514
ord2621
ord1134
ord1199
ord1247
ord5440
ord6383
ord823
ord5450
ord6394
ord540
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord2512
ord5731
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4673
ord3597
ord324
ord4234
ord6055
ord1776
ord5290
ord3402
ord3716
ord1146
ord1168
ord860
ord567
ord2298
ord2370
ord2302
ord6111
ord4160
ord2863
ord2379
ord755
ord470
ord1105
ord858
ord6334
ord1200
ord665
ord6215
ord1979
ord5186
ord354
ord2818
ord2554
ord4486
ord6375
ord4274
ord1775
ord4078
ord4425
ord1576

msvcrt

_XcptFilter
exit
_acmdln
_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_onexit
__dllonexit
_setmbcp
malloc
free
srand
__CxxFrameHandler
??1type_info@@UAE@XZ
_CxxThrowException

kernel32

GetTickCount
TerminateThread
GetExitCodeThread
GetCurrentProcessId
GetModuleHandleA
GetStartupInfoA

user32

IsIconic
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
AppendMenuA
SetTimer
KillTimer
EnableWindow
SendMessageA
LoadIconA

wsock32

setsockopt
socket
sendto
closesocket
ioctlsocket

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vsp
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a
.elf linux x86
arm1
.elf linux arm
bj.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qnk
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bjyk.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qnk
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
blah.rar
.rar
cctv.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mkchaqe
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.spm
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cctv_2.exe
.exe windows:4 windows x86 arch:x86

eb58ab5a3c8a863c4d8c4b2e9f905cdd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
WaitForSingleObject
CloseHandle
CreateThread
GetSystemInfo
Sleep
GetCurrentProcessId
CreateMutexA
GetTickCount
GetModuleHandleA
GetStartupInfoA

advapi32

RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

ws2_32

gethostbyname
select
__WSAFDIsSet
recv
inet_addr
socket
connect
send
gethostname
inet_ntoa
WSAStartup
WSASocketA
WSAGetLastError
setsockopt
htons
htonl
sendto
closesocket
WSACleanup
WSAIoctl

iphlpapi

GetIfTable

msvcrt

fprintf
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strstr
??2@YAPAXI@Z
strcpy
_local_unwind2
_except_handler3
sprintf
rand
memset
printf
memcpy
_iob

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gscixgv
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cn.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.packed
Size: 512B - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RLPack
Size: 518KB - Virtual size: 535KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cn1.exe
cook
dhl.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qnk
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dot.rar
.rar
java
.elf linux x86
java (2)
.elf linux x86
java1
.elf linux x86
k5.exe
.exe windows:4 windows x86 arch:x86

2abfb21dbfa1afea540d42cc1884f155

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameA
GetModuleFileNameA
ExitProcess
CloseHandle
ReleaseMutex
OpenMutexA
GetTempPathA
GetEnvironmentVariableA
WaitForSingleObject
GetLastError
CreateMutexA
GetCurrentThreadId
GetWindowsDirectoryA
TerminateProcess
OutputDebugStringA
ExitThread
GetSystemDirectoryA
GetTickCount
GetStartupInfoA
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
ResumeThread
GetSystemDefaultUILanguage
GetVersionExA
lstrcpyA
GlobalMemoryStatusEx
GetSystemInfo
GetModuleHandleA
GlobalAlloc
GlobalFree
lstrlenA
LoadLibraryA
GetProcAddress
Sleep
CreateThread
lstrcatA

user32

GetInputState
GetMessageA
GetDesktopWindow
PostThreadMessageA
wsprintfA

advapi32

OpenServiceA
StartServiceCtrlDispatcherA
RegOpenKeyA
OpenSCManagerA
CloseServiceHandle
DeleteService
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegCloseKey

ws2_32

connect
WSAIoctl
setsockopt
send
recv
__WSAFDIsSet
select
WSAStartup
socket
gethostbyname
inet_addr
sendto
WSASocketA
WSACleanup
htonl
inet_ntoa
htons
closesocket

msvcrt

_exit
rand
_strrev
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_except_handler3
strncat
strchr
realloc
malloc
__CxxFrameHandler
_CxxThrowException
atoi
strncpy
strcspn
strstr
sprintf
free
??2@YAPAXI@Z
exit
strncmp
??3@YAXPAX@Z
??1type_info@@UAE@XZ
__dllonexit
_onexit
srand
_XcptFilter
_acmdln
__getmainargs

iphlpapi

GetIfTable

shlwapi

SHDeleteKeyA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

molptqp
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ly1
.elf linux mipsbe
mh.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vawkmrz
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mips
.elf linux mipsel
pjhxx
.elf linux x86
rootkit
.elf linux x64
s_3.txt
se.exe
.exe windows:4 windows x86 arch:x86

2f42d9bf2e4bd6a55ae0fba78a741ee5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
inet_ntoa
gethostname
closesocket
sendto
htonl
htons
setsockopt
WSAGetLastError
WSASocketA
select
__WSAFDIsSet
recv
WSAIoctl
connect
send
socket
WSAStartup
gethostbyname

pdh

PdhAddCounterA
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhEnumObjectItemsA
PdhOpenQueryA
PdhCloseQuery

iphlpapi

GetAdaptersInfo
GetIfTable

user32

wsprintfA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
RegSetValueExA
CloseServiceHandle
RegOpenKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

kernel32

GetStringTypeA
MultiByteToWideChar
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
GetStringTypeW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
WideCharToMultiByte
SetPriorityClass
GetTickCount
GetLocalTime
Sleep
ExitThread
GetCurrentProcessId
GetLastError
GetSystemTimes
GetVersionExA
CreateThread
WinExec
GetProcAddress
GetTempPathA
LoadLibraryA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
SetFileAttributesA
GetWindowsDirectoryA
CloseHandle
WaitForSingleObject
ExitProcess
CreateMutexA
lstrlenA
CopyFileA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
CreateDirectoryA
TerminateProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
server.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qnk
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
smss.exe
.exe windows:4 windows x86 arch:x86

c61b25c77e0b3cab046182a90ef2f53a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetLocalTime
GetModuleHandleA
GetSystemInfo
GetComputerNameA
OpenEventA
GetTickCount
SetErrorMode
GetExitCodeProcess
GetShortPathNameA
GetModuleFileNameA
ExitProcess
CreateMutexA
GlobalFree
GlobalUnlock
CreateToolhelp32Snapshot
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
OutputDebugStringA
lstrcpyW
GlobalMemoryStatusEx
WinExec
lstrcmpiA
Module32Next
Module32First
CreateRemoteThread
GetCurrentThreadId
Process32First
OpenProcess
LocalSize
Process32Next
GetCurrentProcess
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
CreateEventA
GetWindowsDirectoryA
lstrcpyA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
Sleep
CancelIo
InterlockedExchange
ResetEvent
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
GlobalLock

user32

MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
GetProcessWindowStation
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
keybd_event
ReleaseDC
GetCursorInfo
GetCursorPos
GetWindowThreadProcessId
OpenWindowStationA
SetProcessWindowStation
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
ExitWindowsEx
CharNextA
wsprintfA
SendMessageA
DispatchMessageA
BlockInput
SystemParametersInfoA
DestroyCursor
GetDesktopWindow
LoadCursorA
IsWindow
CloseClipboard
TranslateMessage
GetMessageA
CloseWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
EnumWindows
IsWindowVisible

gdi32

DeleteObject
CreateDIBSection
BitBlt
GetDIBits
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

LookupPrivilegeValueA
GetTokenInformation
LookupAccountSidA
GetUserNameA
AbortSystemShutdownA
QueryServiceStatus
ControlService
RegCreateKeyExA
IsValidSid
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
LsaFreeMemory
RegCloseKey
RegQueryValueA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
RegOpenKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
CloseServiceHandle
RegSetValueExA
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
StartServiceCtrlDispatcherA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

msvcrt

__setusermatherr
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_strcmpi
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
atol
_mbscmp
_mbsstr
_CxxThrowException
wcscpy
strncmp
wcstombs
wcslen
strncpy
mbstowcs
strncat
sprintf
atoi
exit
strrchr
_except_handler3
free
malloc
strchr
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z

winmm

waveInReset
waveInStop
waveInUnprepareHeader
waveInStart
waveInAddBuffer
waveInOpen
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutWrite
waveInPrepareHeader
waveInGetNumDevs
waveOutPrepareHeader
waveOutClose
waveOutGetNumDevs
waveOutOpen

ws2_32

WSACleanup
setsockopt
connect
htons
gethostbyname
socket
select
recv
closesocket
send
getsockname
htonl
WSAStartup
WSAIoctl

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree

netapi32

NetUserDel
NetUserSetInfo
NetUserGetLocalGroups
NetApiBufferFree
NetUserGetInfo
NetUserEnum
NetLocalGroupAddMembers
NetUserAdd

iphlpapi

GetTcpTable

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSEnumerateSessionsA
WTSQuerySessionInformationW
WTSFreeMemory
WTSLogoffSession
WTSDisconnectSession
WTSQuerySessionInformationA

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sqlrer
.elf linux x86
squld
.elf linux x86
ssh.sh
.sh linux
taskmgr.exe
.exe windows:4 windows x86 arch:x86

8a3f6e86b732126f2306d30c08600c88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
GetEnvironmentVariableW
CloseHandle
WriteFile
CreateFileW
GetModuleFileNameA
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
MultiByteToWideChar
CreateDirectoryW
GetFileAttributesW
SetFileTime
GetModuleHandleA
GetStartupInfoA

user32

wsprintfW

shell32

ShellExecuteW

msvcrt

_XcptFilter
??2@YAPAXI@Z
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_CxxThrowException
wcscat
sprintf
calloc
free
malloc
wcslen
wcscpy
wcsstr
_exit
??0exception@@QAE@ABQBD@Z
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
win.exe
.exe windows:5 windows x86 arch:x86

205aeb3f447d4abc4db53c705847d3e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
CreateProcessA
CopyFileA
SetPriorityClass
FreeLibrary
GetProcAddress
GlobalMemoryStatus
GetShortPathNameA
ExitProcess
GetLastError
SetErrorMode
WriteFile
ReadFile
WinExec
GetSystemInfo
GetTickCount
lstrcpyA
lstrcatA
CreateMutexA
LoadLibraryA
DeleteFileA
GetVersionExA
CreateFileW
HeapSize
WaitForSingleObject
ResumeThread
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
WideCharToMultiByte
CloseHandle
LCMapStringW
GetStringTypeW
WriteConsoleW
ReadConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
LoadLibraryExW
SetEndOfFile
HeapReAlloc
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
Sleep
GetEnvironmentVariableA
CreateThread
CreateDirectoryW
GetCPInfo
GetOEMCP
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
EncodePointer
DecodePointer
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
DeleteCriticalSection
HeapFree
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetFileType
GetModuleFileNameW
GetProcessHeap
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetACP

user32

wsprintfA

advapi32

CheckTokenMembership
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenProcessToken
GetUserNameA
LookupPrivilegeValueA
FreeSid
AllocateAndInitializeSid

ws2_32

select
recv
inet_ntoa
WSASocketA
WSAGetLastError
WSACleanup
WSAStartup
gethostname
WSAIoctl
socket
setsockopt
sendto
send
ntohl
inet_addr
htons
htonl
connect
closesocket
gethostbyname
__WSAFDIsSet

dnsapi

DnsFree
DnsQuery_A

shlwapi

PathRemoveFileSpecA
PathFindFileNameA

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xwqcbzg
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wm
.html .js polyglot
wrt1
.elf linux mipsbe
xm.exe
.exe windows:4 windows x86 arch:x86

c812e1a6ad9f5238ea5742cba100d24c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
DeleteFileA
GetModuleHandleA
GetStartupInfoA
CreateThread
GetSystemInfo
Sleep
LoadLibraryA
GetProcAddress
GetCurrentProcessId
GetTickCount

user32

wsprintfA

advapi32

OpenServiceA
DeleteService
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

ws2_32

select
__WSAFDIsSet
recv
closesocket
setsockopt
sendto
WSAStartup
htons
socket
connect
send
inet_addr
gethostbyname

iphlpapi

GetIfEntry
GetIfTable
GetInterfaceInfo

msvcrt

free
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
time
localtime
memset
memcpy
??3@YAXPAX@Z
rand
strrchr
??2@YAPAXI@Z
strcpy
sprintf
strcat
malloc
strstr
__CxxFrameHandler
_CxxThrowException
exit
_controlfp

Sections

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yk.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qnk
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yk1.exe
.exe windows:4 windows x86 arch:x86

b39d2a8818e34e573819e4d3d2aced3a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
OpenEventA
CreateMutexA
CopyFileA
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrcpyW
LocalReAlloc
GlobalMemoryStatusEx
WinExec
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
CreateRemoteThread
GetModuleHandleA
OpenProcess
FreeLibrary
GetDiskFreeSpaceExA
GetDriveTypeA
ReadFile
LocalAlloc
LocalFree
GetLocalTime
CreateFileA
GetFileSize
SetFilePointer
lstrlenA
WriteFile
GetTempPathA
GetTickCount
MoveFileExA
SetFileAttributesA
GetSystemDirectoryA
DeleteFileA
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
ResumeThread
CreateThread
TerminateThread
lstrcpyA
GetWindowsDirectoryA
lstrcatA
GetStartupInfoA
CreateProcessA
GetProcAddress
GetFileAttributesA
GetLastError
MoveFileA
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
Sleep
LoadLibraryA
LocalSize

user32

EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
GetMessageA
PostThreadMessageA
GetInputState
SetClipboardData
LoadIconA
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
IsWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
SendMessageA
SystemParametersInfoA
BlockInput
wsprintfA
DestroyCursor
LoadCursorA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
RegisterClassA
MessageBoxA

gdi32

GetDIBits
BitBlt
GetStockObject
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
CreateCompatibleBitmap
DeleteObject

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA
AbortSystemShutdownA
QueryServiceStatus
ControlService
RegDeleteKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegCloseKey
RegSetValueExA
RegCreateKeyA
DeleteService
OpenServiceA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyExA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

msvcrt

_onexit
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
strlen
??0exception@@QAE@ABV0@@Z
_strcmpi
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_iob
memcpy
__dllonexit
??1type_info@@UAE@XZ
calloc
_snprintf
_beginthreadex
atol
_mbscmp
_mbsstr
wcscpy
wcstombs
wcslen
mbstowcs
_errno
strncpy
strncmp
rand
atoi
realloc
strncat
exit
strrchr
sprintf
_except_handler3
free
malloc
strchr
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException
memmove
ceil
_ftol

ws2_32

WSAStartup
gethostname
ioctlsocket
__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
bind
ntohs
WSACleanup
WSAIoctl
inet_addr
inet_ntoa
getsockname
send
closesocket
recv
select
socket
gethostbyname
setsockopt
connect
htons

urlmon

URLDownloadToFileA

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

avicap32

capGetDriverDescriptionA

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree

iphlpapi

GetIfTable

netapi32

NetUserGetInfo
NetUserDel
NetUserSetInfo
NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum
NetLocalGroupAddMembers
NetUserAdd

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSDisconnectSession
WTSLogoffSession

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yvosmwp
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 384KB - Virtual size: 1.1MB

.rsrc Size: 4KB - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 4KB

Size: 4KB - Virtual size: 988KB

pyajvcsw Size: 796KB - Virtual size: 796KB

ergjshnt Size: 4KB - Virtual size: 4KB

Password: infected

9b707ded22e05293ffd8d13fa0664210

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

54:70:46:b7:b2:a6:fc:fa:4e:a0:6b:2a:81:a3:af:8fCertificate

Extended Key Usages

Key Usages

1a:ae:5a:d2:3a:44:77:7b:4b:e5:0a:a6:01:bb:f7:5d:69:a5:ef:88Signer

Headers

File Characteristics

Imports

imagehlp

kernel32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 12KB - Virtual size: 10KB

Password: infected

2c8ea7e5a762ee60507eaab54fccc798

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:06:86:2c:00:00:00:00:00:02Certificate

Extended Key Usages

Key Usages

93:9e:ec:ae:c5:79:9e:e3:59:a8:88:13:cb:02:83:4f:32:5c:17:d5Signer

Headers

File Characteristics

Imports

msvcrt

imagehlp

wininet

kernel32

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 996B

.rsrc Size: 4KB - Virtual size: 3KB

Password: infected

Password: infected

a0701968874db905ad2f19b441b018da

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

.rsrc
Size: 4KB - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 4KB

pyajvcsw
Size: 796KB - Virtual size: 796KB

ergjshnt
Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

54:70:46:b7:b2:a6:fc:fa:4e:a0:6b:2a:81:a3:af:8f
Certificate

1a:ae:5a:d2:3a:44:77:7b:4b:e5:0a:a6:01:bb:f7:5d:69:a5:ef:88
Signer

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 12KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:06:86:2c:00:00:00:00:00:02
Certificate

93:9e:ec:ae:c5:79:9e:e3:59:a8:88:13:cb:02:83:4f:32:5c:17:d5
Signer

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 996B

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 509KB - Virtual size: 508KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 15KB - Virtual size: 31KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 47KB - Virtual size: 46KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 478KB - Virtual size: 477KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 700B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 522B

.data
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 36KB - Virtual size: 37KB

rhxcujm
Size: - Virtual size: 4KB

.rol
Size: 1KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 868B