warzonerat | WARZONE RAT 3[.]03[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

WARZONE RAT 3.03.7z
Size

14.8MB
MD5

baa48b7b4f818eac1961077a5a8dec7b
SHA1

dfb920f433043fc37c52c41beef84a7c3f5fea51
SHA256

3acce18fa1327b1e89c47997fe1da62a86a1211d893f5128b4c59fa44d57b335
SHA512

e4f70569979e7113b457f01540da15c1117db4ad11ad7ec0bc80e8728919388238169939d3d8e4bfb16ff462600a2f79eff705ada7188c05b9fe93369498d6d7
SSDEEP

393216:tDM8XTc0COEg55W4DufHxGtAopJ/Q4k3mJghKo3pasJthjqXOrLr:BBjc0q4Sb4JI4FJUasJthjq+nr

Score

10^/10

upx rat themida warzonerat

Malware Config

Signatures

Warzone RAT payload 3 IoCs

rat

resource	yara_rule
static1/unpack001/WARZONE RAT 3.03/TyWarzone.dll	warzonerat
static1/unpack001/WARZONE RAT 3.03/cratclient.bin	warzonerat
static1/unpack001/WARZONE RAT 3.03/cratclientd.bin	warzonerat

Warzonerat family
warzonerat

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/WARZONE RAT 3.03/WARZONE RAT 3.03 Cracked.exe	themida

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/WARZONE RAT 3.03/Datas/upnp.exe	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WARZONE RAT 3.03/Datas/ServerManager.dll
unpack001/WARZONE RAT 3.03/Datas/SocksManager.exe
unpack001/WARZONE RAT 3.03/Datas/rdpwrap32.dll
unpack001/WARZONE RAT 3.03/Datas/rdpwrap64.dll
unpack001/WARZONE RAT 3.03/Datas/upnp.exe
unpack002/out.upx
unpack001/WARZONE RAT 3.03/Datas/vncviewer.exe
unpack001/WARZONE RAT 3.03/License.dll
unpack001/WARZONE RAT 3.03/MaterialSkin.dll
unpack001/WARZONE RAT 3.03/PETools.dll
unpack001/WARZONE RAT 3.03/TyWarzone.dll
unpack001/WARZONE RAT 3.03/WARZONE Password Viewer 1.0.exe
unpack001/WARZONE RAT 3.03/WARZONE RAT 3.03 Cracked.exe
unpack001/WARZONE RAT 3.03/cratclient.bin
unpack001/WARZONE RAT 3.03/cratclientd.bin

Files

WARZONE RAT 3.03.7z
.7z

Password: infected
WARZONE RAT 3.03/Datas/ServerManager.dll
.dll windows:5 windows x86 arch:x86

43276e2555cc844cac1ebf1c83657e18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ioctlsocket
accept
bind
closesocket
listen
WSAStartup
getpeername
getsockname
send
socket
ntohs
inet_ntoa
recv
htons
WSAGetLastError

user32

MessageBoxA

kernel32

RaiseException
CreateFileW
WriteConsoleW
SetFilePointerEx
CloseHandle
HeapReAlloc
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetStringTypeW
GetProcessHeap
Sleep
AllocConsole
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
DecodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
GetACP
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

Exports

Exports

?lst@@YAXH@Z

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/Datas/SocksManager.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\W7H64\source\repos\Socks5 Normal + Reverse CRAT\TCP proxy socks5\obj\Release\TCP proxy socks5.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/Datas/firefox.dlls
.dll windows:6 windows x86 arch:x86

2c54251b196d9e0cc804a7061f60558c

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:53:96:dc:b2:94:9c:70:fa:c4:8a:b0:8a:07:33:8e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/06/2017, 00:00

Not After

28/06/2019, 12:00

Subject

CN=Mozilla Corporation,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:34:fd:d7:ab:fc:0b:9c:09:fc:69:df:be:b3:c7:4b:8f:32:bb:3d
Signer

Actual PE Digest

b1:34:fd:d7:ab:fc:0b:9c:09:fc:69:df:be:b3:c7:4b:8f:32:bb:3d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\task_1538344561\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb

Imports

nss3

PORT_GetError_Util
PR_NewLock
PR_DestroyLock
PR_Lock
PR_Unlock
SECITEM_FreeItem_Util
SECITEM_ZfreeItem_Util
SECITEM_CopyItem_Util
PR_NotifyCondVar
NSS_SecureMemcmpZero
PORT_ZAllocAlignedOffset_Util
SECITEM_CompareItem_Util
PR_NewCondVar
PR_DestroyCondVar
PR_WaitCondVar
PORT_ZAlloc_Util
SECITEM_AllocItem_Util
PR_NotifyAllCondVar
SECOID_FindOIDTag_Util
PORT_ArenaAlloc_Util
PORT_ArenaZAlloc_Util
PORT_FreeArena_Util
PORT_NewArena_Util
NSS_SecureMemcmp
PR_GetEnvSecure
PR_CallOnce
PORT_SetError_Util
PORT_ZFree_Util
PORT_Free_Util
PORT_Alloc_Util

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetLogicalDrives
GetVolumeInformationA
QueryPerformanceCounter
GetCurrentProcess
GetDiskFreeSpaceA
SetUnhandledExceptionFilter
GetCurrentProcessId
GetComputerNameA
GlobalMemoryStatus
GetTickCount
GetCurrentThreadId

advapi32

SystemFunction036

vcruntime140

memset
__std_type_info_destroy_list
_except_handler4_common
memcmp
memcpy

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
abort

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-time-l1-1-0

_time64

Exports

Exports

FREEBL_GetVector

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/Datas/geoip/GeoIP.dat
WARZONE RAT 3.03/Datas/options.vnc
WARZONE RAT 3.03/Datas/rdpwrap.ini
WARZONE RAT 3.03/Datas/rdpwrap32.dll
.dll windows:5 windows x86 arch:x86

4ed84fc157e2a47dbff1bafdc889324d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
GetSystemMetrics
CharUpperBuffW

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteProcessMemory
WaitForSingleObject
SuspendThread
SignalObjectAndWait
SetEvent
ResumeThread
ResetEvent
ReadProcessMemory
MultiByteToWideChar
LoadResource
LoadLibraryW
GetVersionExW
GetThreadLocale
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFileAttributesW
GetDiskFreeSpaceW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
CreateEventW
CloseHandle
GetModuleHandleExW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
OpenThread

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/Datas/rdpwrap64.dll
.dll windows:6 windows x64 arch:x64

53a3dacee6717ddc12074523c645029b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetFileSize
ReadFile
SetLastError
SetFilePointer
WriteFile
CloseHandle
GetModuleHandleExW
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
OpenThread
ResumeThread
SuspendThread
Thread32Next
GetModuleHandleW
FindResourceW
LoadResource
LoadLibraryExW
WriteProcessMemory
GetCurrentProcess
GetModuleFileNameW
LoadLibraryW
GetProcAddress
ReadProcessMemory
SetFilePointerEx
SetStdHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
HeapReAlloc
OutputDebugStringW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW

user32

wsprintfA

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/Datas/rvncviewer.exe
.exe windows:5 windows x86 arch:x86

213323ecaf46aa001703061e2c7c72be

Code Sign

52:31:09:fd:26:76:d2:5c:b3:d4:57:c9:a3:48:53:ee
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/08/2016, 00:00

Not After

22/11/2019, 23:59

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e1:9a:88:94:9b:12:69:7c:2c:7e:30:6e:94:70:39:4f:fa:20:ea:b9:93:b1:c8:b2:c8:88:56:c9:72:66:95:d6
Signer

Actual PE Digest

e1:9a:88:94:9b:12:69:7c:2c:7e:30:6e:94:70:39:4f:fa:20:ea:b9:93:b1:c8:b2:c8:88:56:c9:72:66:95:d6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_ReplaceIcon
ord6
CreateToolbarEx
InitCommonControlsEx
ImageList_Create
ord17

winmm

timeGetTime
timeSetEvent
timeKillEvent
PlaySoundA

ws2_32

getpeername
WSACleanup
WSAStartup
connect
inet_addr
select
accept
htons
shutdown
setsockopt
socket
__WSAFDIsSet
closesocket
gethostbyname
send
listen
WSAAsyncSelect
bind
recv
WSAGetLastError
ioctlsocket

kernel32

FindClose
LoadLibraryA
FindNextFileA
GetTempPathA
DeleteFileA
lstrcpyA
CreateFileA
SetFilePointer
lstrlenA
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
CompareFileTime
SetFileTime
WriteFile
GetDriveTypeA
InitializeCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
lstrcmpiA
EnterCriticalSection
MoveFileA
GetFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
MulDiv
AllocConsole
GetStdHandle
WriteConsoleA
OutputDebugStringA
GetComputerNameA
GetVersionExA
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FindFirstFileA
RtlUnwind
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
CopyFileA
InterlockedExchange
GetDriveTypeW
LCMapStringW
HeapSize
GetConsoleMode
GetConsoleCP
SetHandleCount
GetLocaleInfoW
GetModuleFileNameW
HeapCreate
IsProcessorFeaturePresent
SetLastError
TlsFree
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
ExitThread
GetStartupInfoW
HeapSetInformation
GetCommandLineA
FindFirstFileExA
ExitProcess
GetModuleHandleW
GetFullPathNameA
HeapAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetTimeZoneInformation
GetLocalTime
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
HeapFree
TlsAlloc
DuplicateHandle
GetCurrentThreadId
SetThreadPriority
CreateSemaphoreA
TlsSetValue
GetCurrentThread
GetCurrentProcess
TlsGetValue
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryW
GetProcAddress
FreeLibrary
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalUnlock
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
CreateThread
ResumeThread
LocalFree
RemoveDirectoryA
CloseHandle
GetModuleFileNameA
ResetEvent
GetLastError
Beep
GetFileAttributesA
CreateEventA
Sleep
FormatMessageA
GetTickCount
SetEvent
WaitForSingleObject
GetModuleHandleA
lstrcatA
DosDateTimeToFileTime
GetVolumeInformationA
GetVersion
LocalFileTimeToFileTime
lstrcpynA
CreateMutexA
ReleaseMutex
SetVolumeLabelA
SetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableW
GetStringTypeW

user32

IsDlgButtonChecked
LoadKeyboardLayoutA
GetMessageA
PostThreadMessageA
CallNextHookEx
GetForegroundWindow
SetWindowsHookExA
GetWindowThreadProcessId
ToAscii
GetKeyState
keybd_event
VkKeyScanW
GetKeyboardState
ToUnicode
SetWindowRgn
LoadBitmapA
PtInRect
GetDesktopWindow
GetMenuStringA
ScreenToClient
ModifyMenuA
SendDlgItemMessageA
DrawTextA
GetParent
GetWindowTextLengthA
TranslateMessage
PeekMessageA
DispatchMessageA
GetComboBoxInfo
EnableWindow
DestroyIcon
EnumDisplaySettingsExA
MonitorFromPoint
GetMonitorInfoA
SystemParametersInfoA
GetSystemMetrics
EnumDisplayDevicesA
ValidateRect
RegisterClassExA
TrackPopupMenu
GetMenuItemID
SetCapture
GetScrollInfo
SetCaretBlinkTime
ReleaseCapture
CallWindowProcA
GetCaretBlinkTime
GetSubMenu
LoadStringA
LoadMenuA
SetMenuDefaultItem
IsClipboardFormatAvailable
RegisterClipboardFormatA
SetWindowLongA
SetCursorPos
RedrawWindow
GetCursorPos
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
GetClipboardOwner
EndPaint
DestroyWindow
SetCursor
GetDlgItemInt
GetSystemMenu
SetTimer
GetWindowRect
PostQuitMessage
IsIconic
FillRect
SendNotifyMessageA
KillTimer
GetFocus
LoadIconA
InvalidateRgn
GetClientRect
SetFocus
RegisterWindowMessageA
BeginPaint
GetDC
SetDlgItemInt
SetRect
MessageBoxA
InvalidateRect
CreateWindowExA
ReleaseDC
EnableMenuItem
ChangeClipboardChain
DefWindowProcA
SetWindowPos
ShowWindow
CreatePopupMenu
GetSysColorBrush
DrawMenuBar
AppendMenuA
IsWindow
ShowScrollBar
PostMessageA
AdjustWindowRectEx
ScrollWindowEx
UpdateWindow
DestroyMenu
LoadCursorA
SetClipboardViewer
SetScrollInfo
CheckMenuItem
RegisterClassA
MoveWindow
GetKeyboardLayoutNameA
SendMessageA
GetWindowTextA
GetWindowLongA
GetDlgItem
SetWindowTextA
GetDlgItemTextA
DestroyAcceleratorTable
CreateAcceleratorTableA
TranslateAcceleratorA
SetForegroundWindow
EndDialog
LoadImageA
DialogBoxParamA
SetDlgItemTextA
CharToOemA
OemToCharA
wvsprintfA
GetMenuItemCount

gdi32

DeleteDC
SetStretchBltMode
SelectPalette
RealizePalette
CombineRgn
CreatePalette
SetDIBColorTable
SetBrushOrgEx
StretchBlt
GetDeviceCaps
GetStockObject
CreateRectRgnIndirect
Rectangle
CreatePen
SetBkMode
CreateFontA
SetTextColor
LineTo
MoveToEx
CreatePolygonRgn
SetROP2
UpdateColors
BitBlt
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
CreateRectRgn
CreateSolidBrush

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

OpenProcessToken
GetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorLength
AdjustTokenPrivileges
IsValidAcl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
RegSetValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
Shell_NotifyIconA
SHGetFolderPathA

imm32

ImmAssociateContext

Sections

.text
Size: 722KB - Virtual size: 722KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 474KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/Datas/upnp.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/Datas/vncviewer.exe
.exe windows:4 windows x86 arch:x86

40269abf5b1cb28ac007eed117b0b2c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW

comctl32

_TrackMouseEvent

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertGetCertificateContextProperty
CertOpenSystemStoreA
PFXImportCertStore

gdi32

Arc
BitBlt
CloseEnhMetaFile
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateEnhMetaFileA
CreateFontA
CreatePalette
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteEnhMetaFile
DeleteObject
EqualRgn
ExtCreatePen
ExtCreateRegion
GdiFlush
GetCharacterPlacementW
GetDIBits
GetDeviceCaps
GetEnhMetaFileHeader
GetGlyphOutlineW
GetRgnBox
GetStockObject
GetTextExtentPoint32W
GetTextMetricsA
GetWindowOrgEx
LPtoDP
LineTo
MoveToEx
Pie
PlayEnhMetaFile
PolyPolygon
Polygon
Polyline
RealizePalette
RectInRegion
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetDIBitsToDevice
SetPixel
SetTextAlign
SetTextColor
SetWindowOrgEx
StretchDIBits
TextOutW
UpdateColors

kernel32

AllocConsole
CloseHandle
CreateEventA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumResourceLanguagesA
EnumSystemLocalesA
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetComputerNameA
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeConditionVariable
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
SetEvent
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte

msimg32

AlphaBlend

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_cexit
_close
_errno
_execvp
_exit
_findclose
_findfirst
_fmode
_fstati64
_fullpath
_initterm
_iob
_lock
_mkdir
_onexit
_open
_open_osfhandle
_putenv
_setjmp3
_snwprintf
time
localtime
gmtime
ctime
_stati64
_strdup
_stricmp
_strnicmp
atol
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
fseek
ftell
fwprintf
fwrite
getc
getenv
isalnum
isalpha
islower
isprint
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
qsort
raise
rand
realloc
remove
rename
setlocale
signal
sprintf
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
_unlock
_vsnwprintf
_waccess
_wchmod
_wfopen
_wgetcwd
_wgetenv
_wmkdir
_wopen
_wrename
_wrmdir
_wstat
_wunlink
abort
acos
atof
atoi
system
time
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcschr
wcscoll
wcscpy
wcsftime
wcslen
wcstombs
wcsxfrm
_vsnprintf
_findnext
longjmp
_write
_strdup
_read
_open
_getpid
_getcwd
_fileno
_fdopen
_close

ole32

DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium

shell32

DragQueryFileW
SHGetSpecialFolderPathA

user32

AdjustWindowRectEx
BringWindowToTop
CallNextHookEx
ChangeClipboardChain
ClientToScreen
CloseClipboard
CopyIcon
CreateIconIndirect
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
FillRect
GetAsyncKeyState
GetClipboardData
GetClipboardOwner
GetCursorPos
GetDC
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetUpdateRgn
GetWindow
GetWindowInfo
GetWindowLongA
GetWindowRect
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsWindow
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
OpenClipboard
OpenIcon
PeekMessageA
PeekMessageW
PostMessageA
PostThreadMessageA
RegisterClassExA
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
SendMessageA
SetActiveWindow
SetCapture
SetClipboardData
SetClipboardViewer
SetCursor
SetFocus
SetForegroundWindow
SetRect
SetTimer
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExA
ShowWindow
SystemParametersInfoA
ToUnicode
TranslateMessage
UnhookWindowsHookEx
ValidateRgn
WindowFromPoint

ws2_32

WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_ntoa
listen
ntohs
recv
select
send
setsockopt
shutdown
socket

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/105
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/License.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

|VVuli
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 127B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/MaterialSkin.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\W7H64\Desktop\MaterialSkin-master\MaterialSkin\obj\Release\MaterialSkin.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/PETools.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Workspace\Projects\MiscProjects\PETools-master\obj\Release\PETools.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/TyWarzone.dll
.dll windows:6 windows x86 arch:x86

56fc94e02d7bc310030753938e49a91a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

webservices

WsFileTimeToDateTime

bcrypt

BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptDecrypt

kernel32

lstrcpyW
GetTickCount
HeapAlloc
GetProcessHeap
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualAlloc
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
SystemTimeToFileTime
TerminateThread
CreateThread
WriteProcessMemory
GetCurrentProcess
OpenProcess
GetWindowsDirectoryA
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
GetModuleHandleW
IsWow64Process
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
lstrcmpA
GetFileSize
FreeLibrary
SetDllDirectoryW
GetFileSizeEx
WaitForSingleObject
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
SetEvent
CreateProcessW
CreateEventA
GetModuleFileNameW
WideCharToMultiByte
LoadResource
FindResourceW
GetComputerNameW
GlobalMemoryStatusEx
LoadLibraryExW
FindFirstFileW
FindNextFileW
SetFilePointer
GetLogicalDriveStringsW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
lstrlenA
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
K32GetModuleFileNameExW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DeleteFileW
SizeofResource
VirtualProtect
GetSystemDirectoryW
LockResource
GetWindowsDirectoryW
Process32First
Process32Next
GetTempPathA
ExpandEnvironmentStringsW
lstrlenW
lstrcmpW
CreateProcessA
WinExec
ExitProcess
GetProcAddress
lstrcpyA
CloseHandle
lstrcatW
LoadLibraryA
GetLastError
GetPrivateProfileStringW
GetModuleHandleA
GetTempPathW
VirtualFree
SetLastError
Sleep
GetModuleFileNameA
CreateDirectoryW
MultiByteToWideChar
lstrcatA
SetCurrentDirectoryW
InitializeCriticalSection

user32

GetKeyState
GetMessageA
DispatchMessageA
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
RegisterClassW
GetRawInputData
MapVirtualKeyA
DefWindowProcA
RegisterRawInputDevices
TranslateMessage
ToUnicode
wsprintfW
PostQuitMessage
GetLastInputInfo
GetForegroundWindow
GetWindowTextW
wsprintfA
GetKeyNameTextW
CharLowerW

advapi32

RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
LookupAccountSidW
RegCreateKeyExW
RegDeleteKeyW
InitializeSecurityDescriptor
RegDeleteKeyA
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
OpenSCManagerW
CloseServiceHandle
GetTokenInformation
RegSetValueExA

shell32

SHGetFolderPathW
ShellExecuteExA
ord680
SHGetKnownFolderPath
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

urlmon

URLDownloadToFileW

ws2_32

getaddrinfo
setsockopt
freeaddrinfo
htons
recv
socket
send
WSAConnect
WSAStartup
shutdown
closesocket
WSACleanup
connect
InetNtopW
gethostbyname
inet_addr

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
CoInitializeSecurity

shlwapi

StrStrW
PathFindExtensionW
PathCombineA
PathFindFileNameW
StrStrA
PathRemoveFileSpecA
PathFileExistsW

netapi32

NetUserAdd
NetLocalGroupAddMembers

oleaut32

VariantInit

crypt32

CryptUnprotectData
CryptStringToBinaryA
CryptStringToBinaryW

wininet

InternetTimeToSystemTimeA

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/WARZONE Password Viewer 1.0.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\PV\Password Viewer CRAT\Password Viewer CRAT\obj\Release\WARZONE Password Viewer 1.0.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/WARZONE RAT 3.03 Cracked.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 74KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 27KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 835B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5.1MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/cratclient.bin
.exe windows:6 windows x86 arch:x86

56fc94e02d7bc310030753938e49a91a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

webservices

WsFileTimeToDateTime

bcrypt

BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptDecrypt

kernel32

lstrcpyW
GetTickCount
HeapAlloc
GetProcessHeap
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualAlloc
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
SystemTimeToFileTime
TerminateThread
CreateThread
WriteProcessMemory
GetCurrentProcess
OpenProcess
GetWindowsDirectoryA
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
GetModuleHandleW
IsWow64Process
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
lstrcmpA
GetFileSize
FreeLibrary
SetDllDirectoryW
GetFileSizeEx
WaitForSingleObject
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
SetEvent
CreateProcessW
CreateEventA
GetModuleFileNameW
WideCharToMultiByte
LoadResource
FindResourceW
GetComputerNameW
GlobalMemoryStatusEx
LoadLibraryExW
FindFirstFileW
FindNextFileW
SetFilePointer
GetLogicalDriveStringsW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
lstrlenA
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
K32GetModuleFileNameExW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DeleteFileW
SizeofResource
VirtualProtect
GetSystemDirectoryW
LockResource
GetWindowsDirectoryW
Process32First
Process32Next
GetTempPathA
ExpandEnvironmentStringsW
lstrlenW
lstrcmpW
CreateProcessA
WinExec
ExitProcess
GetProcAddress
lstrcpyA
CloseHandle
lstrcatW
LoadLibraryA
GetLastError
GetPrivateProfileStringW
GetModuleHandleA
GetTempPathW
VirtualFree
SetLastError
Sleep
GetModuleFileNameA
CreateDirectoryW
MultiByteToWideChar
lstrcatA
SetCurrentDirectoryW
InitializeCriticalSection

user32

GetKeyState
GetMessageA
DispatchMessageA
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
RegisterClassW
GetRawInputData
MapVirtualKeyA
DefWindowProcA
RegisterRawInputDevices
TranslateMessage
ToUnicode
wsprintfW
PostQuitMessage
GetLastInputInfo
GetForegroundWindow
GetWindowTextW
wsprintfA
GetKeyNameTextW
CharLowerW

advapi32

RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
LookupAccountSidW
RegCreateKeyExW
RegDeleteKeyW
InitializeSecurityDescriptor
RegDeleteKeyA
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
OpenSCManagerW
CloseServiceHandle
GetTokenInformation
RegSetValueExA

shell32

SHGetFolderPathW
ShellExecuteExA
ord680
SHGetKnownFolderPath
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

urlmon

URLDownloadToFileW

ws2_32

getaddrinfo
setsockopt
freeaddrinfo
htons
recv
socket
send
WSAConnect
WSAStartup
shutdown
closesocket
WSACleanup
connect
InetNtopW
gethostbyname
inet_addr

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
CoInitializeSecurity

shlwapi

StrStrW
PathFindExtensionW
PathCombineA
PathFindFileNameW
StrStrA
PathRemoveFileSpecA
PathFileExistsW

netapi32

NetUserAdd
NetLocalGroupAddMembers

oleaut32

VariantInit

crypt32

CryptUnprotectData
CryptStringToBinaryA
CryptStringToBinaryW

wininet

InternetTimeToSystemTimeA

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/cratclientd.bin
.dll windows:6 windows x86 arch:x86

56fc94e02d7bc310030753938e49a91a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

webservices

WsFileTimeToDateTime

bcrypt

BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptDecrypt

kernel32

lstrcpyW
GetTickCount
HeapAlloc
GetProcessHeap
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualAlloc
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
SystemTimeToFileTime
TerminateThread
CreateThread
WriteProcessMemory
GetCurrentProcess
OpenProcess
GetWindowsDirectoryA
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
GetModuleHandleW
IsWow64Process
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
lstrcmpA
GetFileSize
FreeLibrary
SetDllDirectoryW
GetFileSizeEx
WaitForSingleObject
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
SetEvent
CreateProcessW
CreateEventA
GetModuleFileNameW
WideCharToMultiByte
LoadResource
FindResourceW
GetComputerNameW
GlobalMemoryStatusEx
LoadLibraryExW
FindFirstFileW
FindNextFileW
SetFilePointer
GetLogicalDriveStringsW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
lstrlenA
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
K32GetModuleFileNameExW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DeleteFileW
SizeofResource
VirtualProtect
GetSystemDirectoryW
LockResource
GetWindowsDirectoryW
Process32First
Process32Next
GetTempPathA
ExpandEnvironmentStringsW
lstrlenW
lstrcmpW
CreateProcessA
WinExec
ExitProcess
GetProcAddress
lstrcpyA
CloseHandle
lstrcatW
LoadLibraryA
GetLastError
GetPrivateProfileStringW
GetModuleHandleA
GetTempPathW
VirtualFree
SetLastError
Sleep
GetModuleFileNameA
CreateDirectoryW
MultiByteToWideChar
lstrcatA
SetCurrentDirectoryW
InitializeCriticalSection

user32

GetKeyState
GetMessageA
DispatchMessageA
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
RegisterClassW
GetRawInputData
MapVirtualKeyA
DefWindowProcA
RegisterRawInputDevices
TranslateMessage
ToUnicode
wsprintfW
PostQuitMessage
GetLastInputInfo
GetForegroundWindow
GetWindowTextW
wsprintfA
GetKeyNameTextW
CharLowerW

advapi32

RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
LookupAccountSidW
RegCreateKeyExW
RegDeleteKeyW
InitializeSecurityDescriptor
RegDeleteKeyA
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
OpenSCManagerW
CloseServiceHandle
GetTokenInformation
RegSetValueExA

shell32

SHGetFolderPathW
ShellExecuteExA
ord680
SHGetKnownFolderPath
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

urlmon

URLDownloadToFileW

ws2_32

getaddrinfo
setsockopt
freeaddrinfo
htons
recv
socket
send
WSAConnect
WSAStartup
shutdown
closesocket
WSACleanup
connect
InetNtopW
gethostbyname
inet_addr

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
CoInitializeSecurity

shlwapi

StrStrW
PathFindExtensionW
PathCombineA
PathFindFileNameW
StrStrA
PathRemoveFileSpecA
PathFileExistsW

netapi32

NetUserAdd
NetLocalGroupAddMembers

oleaut32

VariantInit

crypt32

CryptUnprotectData
CryptStringToBinaryA
CryptStringToBinaryW

wininet

InternetTimeToSystemTimeA

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 3.03/rdpwrap.bin
WARZONE RAT 3.03/sqllite3.bin

Sharing

General

Malware Config

Signatures

Files

Password: infected

43276e2555cc844cac1ebf1c83657e18

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

user32

kernel32

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 4KB - Virtual size: 3KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

2c54251b196d9e0cc804a7061f60558c

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:53:96:dc:b2:94:9c:70:fa:c4:8a:b0:8a:07:33:8eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

b1:34:fd:d7:ab:fc:0b:9c:09:fc:69:df:be:b3:c7:4b:8f:32:bb:3dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nss3

kernel32

advapi32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 246KB - Virtual size: 245KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 1024B - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 6KB - Virtual size: 5KB

4ed84fc157e2a47dbff1bafdc889324d

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:53:96:dc:b2:94:9c:70:fa:c4:8a:b0:8a:07:33:8e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

b1:34:fd:d7:ab:fc:0b:9c:09:fc:69:df:be:b3:c7:4b:8f:32:bb:3d
Signer

.text
Size: 246KB - Virtual size: 245KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 1024B - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 57KB - Virtual size: 56KB

.itext
Size: 512B - Virtual size: 408B

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 110B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB

52:31:09:fd:26:76:d2:5c:b3:d4:57:c9:a3:48:53:ee
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

e1:9a:88:94:9b:12:69:7c:2c:7e:30:6e:94:70:39:4f:fa:20:ea:b9:93:b1:c8:b2:c8:88:56:c9:72:66:95:d6
Signer

.text
Size: 722KB - Virtual size: 722KB

.rdata
Size: 173KB - Virtual size: 173KB

.data
Size: 10KB - Virtual size: 346KB

.rsrc
Size: 474KB - Virtual size: 474KB

.reloc
Size: 37KB - Virtual size: 37KB

UPX0
Size: - Virtual size: 100KB

UPX1
Size: 68KB - Virtual size: 72KB