blankgrabber | 21071068560[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

21071068560.zip
Size

55.0MB
MD5

0d0b3a00e7bf055282ceae7726ce251a
SHA1

61017e694ae8036eccdf38e661930fd0415851d2
SHA256

b9b8c850493be6e607e8889371bcb565ac25fada7d27cca10230e50b253b3cd6
SHA512

2fc48b0d3c4bf7a831483c608a9cffb83aa11c637a68e5daf98792c7b637e1bcd77833e32f2325dd492b0ca77e17670680fe81cf96975c5d59fb2738ab614127
SSDEEP

1572864:UQ/J+ohl1sQ8m549qpfEBRs6B1X8Hol8Bvgy5BOJ:D+8lK8SqpfEBRswPiB4OBOJ

Score

10^/10

pyinstaller upx blankgrabber

Malware Config

Signatures

A stealer written in Python and packaged with Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack004/�A%�J��.pyc	blankgrabber

Blankgrabber family
blankgrabber

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack003/out.upx	Nirsoft

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/57f8e4e1d3339c0abadc0f64fc6a4abaff19cd138724cdbb3fae5f37905547c5	upx

Detects Pyinstaller 2 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/166bcfa4ec03b68bc4ee3fc95806f6d155575be88cbc3c4b7aa5891ca3cc6a88	pyinstaller
static1/unpack001/ec7b605aaefd00f0507f43c78590266b74345bc9308eba26fc542b6a0ae5e133	pyinstaller

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/14ed02af2bfe80834dd59bd49650f5c982da1a9bf2a437450ce113eb6fcf9ee1
unpack001/166bcfa4ec03b68bc4ee3fc95806f6d155575be88cbc3c4b7aa5891ca3cc6a88
unpack001/18f6e53cc27bda15c98f79e76f9210bf05b1d8528b96cf4c1523a7aeec7532bc
unpack001/1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197
unpack001/4cca8b360d5053a789ea822ab80261dc6f010c1c72b0d449ca8cdcaffd2e2c0a
unpack001/57f8e4e1d3339c0abadc0f64fc6a4abaff19cd138724cdbb3fae5f37905547c5
unpack003/out.upx
unpack001/922cba3477ffa83332622df72c2e580fcb3bdd437952c4b6b2c096b4a094acc3
unpack001/b5bd1068644f0c38e7aa1cb38dcc40eacf146be9b43d8fd865fddee61ea9a588
unpack001/ec7b605aaefd00f0507f43c78590266b74345bc9308eba26fc542b6a0ae5e133
unpack001/ff70347ce0294dc6741692164f65608d9bb47e396486c50da08a94a5b3cbe50c

Files

21071068560.zip
.zip

Password: infected
14ed02af2bfe80834dd59bd49650f5c982da1a9bf2a437450ce113eb6fcf9ee1
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\romanoff\source\repos\WindowsFormsApp1\WindowsFormsApp1\obj\Debug\WindowsFormsApp1.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
166bcfa4ec03b68bc4ee3fc95806f6d155575be88cbc3c4b7aa5891ca3cc6a88
.exe windows:6 windows x64 arch:x64

a06f302f71edd380da3d5bf4a6d94ebd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

TranslateMessage
ShutdownBlockReasonCreate
GetWindowThreadProcessId
SetWindowLongPtrW
GetWindowLongPtrW
MsgWaitForMultipleObjects
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
GetMessageW

kernel32

GetTimeZoneInformation
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
FormatMessageW
GetLastError
GetModuleFileNameW
LoadLibraryExW
SetDllDirectoryW
CreateSymbolicLinkW
GetProcAddress
CreateDirectoryW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
HeapSize
RemoveDirectoryW
GetTempPathW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
Sleep
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LocalFree
SetConsoleCtrlHandler
GetConsoleWindow
K32EnumProcessModules
K32GetModuleFileNameExW
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetDriveTypeW
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableW

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
activator.pyc
18f6e53cc27bda15c98f79e76f9210bf05b1d8528b96cf4c1523a7aeec7532bc
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1ecdd2baa03fa76ba2313ef30be6678fda212eaf2878d8e2b9557ad2aec9f197
.exe windows:5 windows x86 arch:x86

97bb90440658f848690f8c488513f8de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlW
InternetCloseHandle
InternetSetStatusCallbackW
HttpQueryInfoW
InternetOpenW
InternetReadFileExA

kernel32

WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetProcAddress
GetModuleHandleW
GetCurrentProcess
LoadLibraryW
WideCharToMultiByte
GetFileAttributesW
GetTempPathW
CreateFileW
GetFileSize
ReadFile
WriteFile
SetFilePointer
FindResourceW
LoadResource
LockResource
SizeofResource
GetTempFileNameW
Sleep
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
DeleteFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLastError
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapReAlloc
VirtualAlloc
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
GetVersionExW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
CreateProcessA
CreateFileA
GetModuleHandleA
LCMapStringW
GetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
InterlockedIncrement
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
HeapFree
HeapAlloc

user32

IsWindowVisible
IsWindowEnabled
SendMessageW
SetWindowPos
GetWindowLongW
IsDlgButtonChecked
CheckDlgButton
KillTimer
LoadBitmapW
SetTimer
GetDlgItem
FillRect
GetAncestor
ShowWindow
MessageBoxW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
GetWindowTextW
DestroyWindow
LoadIconW
CreateDialogParamW
DrawTextW
GetClientRect
GetDC
SetPropW
GetParent
SetCursor
LoadCursorW
RemovePropW
SetWindowLongW
CallWindowProcW
GetPropW
SetWindowTextW
EnumChildWindows

gdi32

SelectObject
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
CreatePatternBrush

advapi32

RegQueryValueExW
RegOpenKeyExW

shell32

SHBrowseForFolderW
ShellExecuteW
ord190
SHOpenFolderAndSelectItems
ord155
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 793KB - Virtual size: 793KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
259af5147b99b4c014aeb425aaf236fc76ab60f1aa06efa77027393854e5fff4
.exe windows:4 windows x86 arch:x86

5dc882c2547d7b74ff2e563856f72620

Code Sign

0d:16:0b:82:52:a4:f0:a1:6f:e1:25:5f:a0:a2:2e:2b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25-02-2014 00:00

Not After

25-02-2015 23:59

Subject

CN=CHIP Digital GmbH,O=CHIP Digital GmbH,L=Muenchen,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d5:50:5b:d4:e7:ef:c3:96:96:1e:fb:9b:79:7f:aa:5c:e3:b3:01:d6
Signer

Actual PE Digest

d5:50:5b:d4:e7:ef:c3:96:96:1e:fb:9b:79:7f:aa:5c:e3:b3:01:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord593
ord594
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
ord520
_CIsin
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaStrCmp
__vbaVarTstEq
__vbaPutOwner4
DllFunctionCall
ord563
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord531
__vbaFPException
__vbaInStrVar
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
ord579
__vbaVarAdd
__vbaStrToAnsi
ord613
ord616
__vbaFpI4
ord617
_CIatan
__vbaStrMove
ord618
_allmul
_CItan
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaI4ErrVar
__vbaFreeObj

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4c8b1c9ed7ba0d921b0971a3e5de96bfdb3b18024e8880c7aaa2759f13c01316
.exe windows:5 windows x86 arch:x86

d0f09e6c76eee3e10435ab6ac6f52856

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:9a:ab:57:d7:fc:c4:38:12:b2:13:ae:de:a4:1a:b6
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03-05-2023 00:00

Not After

02-05-2026 23:59

Subject

CN=Emjysoft,O=Emjysoft,ST=Auvergne-Rhône-Alpes,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07-11-2023 17:13

Not After

09-12-2034 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:a2:17:08:96:73:a6:c3:b7:74:a1:a4:15:c7:a3:01:40:48:d3:6d:13:b4:ef:da:5b:60:77:59:af:e4:c1:a1
Signer

Actual PE Digest

3d:a2:17:08:96:73:a6:c3:b7:74:a1:a4:15:c7:a3:01:40:48:d3:6d:13:b4:ef:da:5b:60:77:59:af:e4:c1:a1

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\source\source.SAM\202788\Release_wdexe_9\WX\Desktop_x86_32_VS2019\Release\WDExe.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
LocalFree
WideCharToMultiByte
GetLastError
LoadLibraryW
GetTickCount
Sleep
GetModuleFileNameW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
FreeResource
GetProfileStringW
GetExitCodeProcess
CloseHandle
GetProcAddress
FreeLibrary
GetSystemDefaultLangID
CreateEventW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentProcessId
GetCommandLineW
GetMailslotInfo
ReadFile
GetComputerNameW
GetLocalTime
ExpandEnvironmentStringsW
CreateMailslotW
WritePrivateProfileStringW
GetModuleHandleW
FileTimeToSystemTime
SizeofResource
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
WriteFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
SetLastError
SystemTimeToFileTime
CreateFileW
DeleteFileW
MoveFileW
CopyFileW
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindClose
SetFileAttributesW
FindFirstFileExW
FindNextFileW
GetTempPathW
GetCurrentDirectoryW
GetTempFileNameW
GetFullPathNameW
GetDriveTypeW
HeapAlloc
GetProcessHeap
HeapFree
CompareStringW
GetTimeZoneInformation
IsBadReadPtr
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
CreateMutexW
GetVersionExW
GetCurrentProcess
CreateProcessW
TlsSetValue
TlsGetValue
VirtualProtect
TlsAlloc
TlsFree
GetCurrentThreadId
MulDiv
ResumeThread
TerminateThread
CreateThread
GetVersionExA
GetStartupInfoW
SetEvent
ReleaseMutex
ExitProcess
RaiseException
GetSystemInfo
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
GetStdHandle
LCMapStringW
HeapReAlloc
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
GetConsoleOutputCP
GetConsoleMode
DecodePointer
HeapSize
WriteConsoleW

Exports

Exports

CommandeComposante
DeclareProxy
Execution
LibereMutex
SetRestartPourAppliDeclencheMAJ

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4cca8b360d5053a789ea822ab80261dc6f010c1c72b0d449ca8cdcaffd2e2c0a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
57f8e4e1d3339c0abadc0f64fc6a4abaff19cd138724cdbb3fae5f37905547c5
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 324KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 238KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
922cba3477ffa83332622df72c2e580fcb3bdd437952c4b6b2c096b4a094acc3
.exe windows:5 windows x86 arch:x86

0ae9e38912ff6bd742a1b9e5c003576a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
LocalFree
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapReAlloc
HeapAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b5bd1068644f0c38e7aa1cb38dcc40eacf146be9b43d8fd865fddee61ea9a588
.exe windows:5 windows x64 arch:x64

b1c5b1beabd90d9fdabd1df0779ea832

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb

Imports

kernel32

LocalFree
GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GlobalMemoryStatusEx
LoadResource
SizeofResource
GetTimeFormatW
GetDateFormatW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
GetStringTypeW
HeapReAlloc
LCMapStringW
FindFirstFileExA

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipCloneImage
GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipAlloc

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
da5f0322d31a05d525ee8b37a748670be35647c692a85fdb8997742f5fed3524
.exe windows:5 windows x64 arch:x64

f4f2e2b03fe5666a721620fcea3aea9b

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

29-09-2021 00:00

Not After

28-09-2024 23:59

Subject

SERIALNUMBER=407950,CN=Akeo Consulting,O=Akeo Consulting,ST=Donegal,C=IE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024945

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

28:9e:bc:1e:56:53:e0:d5:c1:ca:2c:b0:f0:b0:51:db:81:96:fc:bd:e2:55:52:04:e1:7b:55:9f:f6:d6:69:4c
Signer

Actual PE Digest

28:9e:bc:1e:56:53:e0:d5:c1:ca:2c:b0:f0:b0:51:db:81:96:fc:bd:e2:55:52:04:e1:7b:55:9f:f6:d6:69:4c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
PostMessageW
GetMessageW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
CreateFileW
GetFinalPathNameByHandleW
CloseHandle
GetModuleFileNameW
CreateSymbolicLinkW
GetCPInfo
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
GetProcAddress
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�A%�J��.pyc
ec7b605aaefd00f0507f43c78590266b74345bc9308eba26fc542b6a0ae5e133
.exe windows:6 windows x64 arch:x64

72c4e339b7af8ab1ed2eb3821c98713a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
ShutdownBlockReasonCreate
MsgWaitForMultipleObjects
ShowWindow
DestroyWindow
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
PostMessageW
GetMessageW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetACP
IsValidCodePage
GetStringTypeW
GetFileAttributesExW
SetEnvironmentVariableW
FlushFileBuffers
GetCurrentDirectoryW
LCMapStringW
CompareStringW
FlsFree
GetOEMCP
GetCPInfo
GetModuleHandleW
MulDiv
FormatMessageW
GetLastError
GetModuleFileNameW
LoadLibraryExW
SetDllDirectoryW
CreateSymbolicLinkW
GetProcAddress
GetEnvironmentStringsW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeW
RemoveDirectoryW
GetTempPathW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LocalFree
SetConsoleCtrlHandler
K32EnumProcessModules
K32GetModuleFileNameExW
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
FlsSetValue
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
CreateDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TrkWksrv.pyc
ff70347ce0294dc6741692164f65608d9bb47e396486c50da08a94a5b3cbe50c
.exe windows:6 windows x64 arch:x64

3f080e40199b31469fce5d2a5d945048

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\source\repos\ez_lock\x64\Release\ez_lock.pdb

Imports

kernel32

GetCurrentProcess
Sleep
GetLastError
CreateThread
GetProcAddress
GetModuleHandleW
IsBadReadPtr
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$ctype@D@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
memset
__std_terminate
__std_exception_copy
__std_exception_destroy
__C_specific_handler
__current_exception_context
_CxxThrowException
memcmp

api-ms-win-crt-runtime-l1-1-0

__p___argc
_exit
_initterm_e
_register_onexit_function
_register_thread_local_exe_atexit_callback
_crt_atexit
terminate
_initterm
_c_exit
exit
_get_initial_narrow_environment
__p___argv
_cexit
_set_app_type
_seh_filter_exe
_initialize_narrow_environment
_initialize_onexit_table
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
_set_fmode
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strncpy_s
strncmp

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

a06f302f71edd380da3d5bf4a6d94ebd

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 3KB - Virtual size: 21KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 2KB - Virtual size: 1KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 20KB - Virtual size: 19KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 12B

97bb90440658f848690f8c488513f8de

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 793KB - Virtual size: 793KB

.reloc Size: 11KB - Virtual size: 11KB

5dc882c2547d7b74ff2e563856f72620

Code Sign

0d:16:0b:82:52:a4:f0:a1:6f:e1:25:5f:a0:a2:2e:2bCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

d5:50:5b:d4:e7:ef:c3:96:96:1e:fb:9b:79:7f:aa:5c:e3:b3:01:d6Signer

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 96KB - Virtual size: 95KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 492KB - Virtual size: 490KB

d0f09e6c76eee3e10435ab6ac6f52856

Code Sign

01Certificate

Key Usages

.text
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 21KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 793KB - Virtual size: 793KB

.reloc
Size: 11KB - Virtual size: 11KB

0d:16:0b:82:52:a4:f0:a1:6f:e1:25:5f:a0:a2:2e:2b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

d5:50:5b:d4:e7:ef:c3:96:96:1e:fb:9b:79:7f:aa:5c:e3:b3:01:d6
Signer

.text
Size: 96KB - Virtual size: 95KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 492KB - Virtual size: 490KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

98:9a:ab:57:d7:fc:c4:38:12:b2:13:ae:de:a4:1a:b6
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

3d:a2:17:08:96:73:a6:c3:b7:74:a1:a4:15:c7:a3:01:40:48:d3:6d:13:b4:ef:da:5b:60:77:59:af:e4:c1:a1
Signer

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 6KB - Virtual size: 10KB

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 14KB - Virtual size: 13KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 324KB

UPX1
Size: 238KB - Virtual size: 240KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 326KB - Virtual size: 325KB

.rdata
Size: 164KB - Virtual size: 164KB

.data
Size: 7KB - Virtual size: 31KB

.rsrc
Size: 21KB - Virtual size: 21KB

.text
Size: 203KB - Virtual size: 203KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 4KB - Virtual size: 145KB

.didat
Size: 512B - Virtual size: 420B