arkei | MarsSamples

Sharing

Copy URL

Twitter E-mail

General

Target

MarsSamples
Size

2.5MB
MD5

1dd5541f3ee9e1e5f23859b0371fd489
SHA1

850311a9a94e64f312e74e3ad52e4dd3aebb796b
SHA256

bb480c7f0a06216549275d1dee70f63948bdf81d3ab605eb799b72c243158b52
SHA512

c67cb6723bdba2fb8ae7c90143f5fb288560e975e84ec92509a4e710ab892ffad321944b777a8dc883af7904b24a77cef77994d6112a24056b5879558f53141b
SSDEEP

49152:ugzxiJuttKPzue1g6kwRTMecXCAZAW8ltpcPU1JGDmGtotZxKuJMZGd0eW8lr:usVHKPzfm6krSPtpcMHGiGuMMhr

Score

10^/10

default arkei

Malware Config

Extracted

Family

arkei

Botnet

Default

http://tafun.link/51874.php

http://5.45.84.214/umO0HLhYp5.php

http://62.204.41.128/81uBpsioYb.php

http://212.227.211.75/after.php

http://sughicent.com/blaka.php

http://62.204.41.180/5xtELSMXvf.php

http://185.8.105.91/2FmVrGoI1K.php

http://tommytshop.com/KNOuG8qeID.php

Signatures

Arkei family
arkei

Files

MarsSamples
.zip
MarsSamples/6a21847445507489361a96684203023e617eb37d362bd3436b61eb72cc822c27
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/6d1365e37040955a395c3c0cdec2fd338f77d6067c0716858a9451de786219d3
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/70afcf1b0507e851f3a9ac434129fce707de39ebb8e09a956d2d41e065d409f4
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/771c829087e13220bf66aba98879059fecd2de0774900fabd043f495a2c9f63e
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MarsSamples/813b776096fefc9a314814fc0a79019e50268ab598dd7257fc5f3cc438191d84
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MarsSamples/8c192fb5bff179a874a8c484e748fd18b722840278848d9e0ff9f388fc528e1e
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MarsSamples/90486182025452ef6411fb51aec3f3ad46e0dac44b17fa84e5421adeeddbf833
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MarsSamples/9699bee0ae268555ceb77a02522f568229233284c9eb698209c03b05b1304b10
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/97121634e7eda9ea36ad75a3094f55803b1bf2d76e5a048ec1baa32efeea3d9a
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/97eaa5a789cfd6a823ac97af840d0df2b033a876addcb52aabea4ee65a37dbf6
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/a564b6f55800989a8be0754dafd3bacd266f6a01c46dfa84b39b9951cd589f03
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/a56fcfef8acfc51cdae41833d90e4b11b61aa151fddc5ecb31d197bcd2c27da5
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/b09cc2593ffab58f1f4efe7819e5a8706e3e820e1b129f30f465866a26562a14
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/b1b0be300d85d98bc103a1eae4993bbf848b339ec9240ca3799f5d1786d5bafe
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/b318801ed5926156ce9440f49851b0cc0dd8e3178f1581b98257148bf2c223e7
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MarsSamples/b3ba3e17aea3cf91ad56fb400f47d8a20e3d442706e86b6844699f4bfcda9275
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MarsSamples/baea9f80f8c646c5d267ee930f2fc4877066fbf1f8241436ef7be984c4de9500
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/bdcbd9e0ca51294c1fe95896ae29c992c74668d995555b1000712aec3ed7828e
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/d72974b5e0f40af3a606a2c2a27a92d409e710772f9702f3ea736a10f0a4a988
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:45

Not After

15-04-2021 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-06-2016 00:00

Not After

24-01-2019 12:00

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:6d:9d:a5:3e:87:00:9d:33:49:00:00:00:00:00:6d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-09-2018 19:45

Not After

20-09-2019 19:45

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:44:77:ac:99:fc:5e:57:cc:a7:78:5d:2c:f3:44:66:6f:80:5e:34:7b:48:5a:b8:7f:73:7a:e1:ee:d5:50:77
Signer

Actual PE Digest

d6:44:77:ac:99:fc:5e:57:cc:a7:78:5d:2c:f3:44:66:6f:80:5e:34:7b:48:5a:b8:7f:73:7a:e1:ee:d5:50:77

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

18-05-2022 18:07
Valid: false

74:9c:18:25:34:65:5b:1f:bd:94:8a:6b:21:b5:7d:76:9a:46:33:f7
Signer

Actual PE Digest

74:9c:18:25:34:65:5b:1f:bd:94:8a:6b:21:b5:7d:76:9a:46:33:f7

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

22-10-2018 07:48
Valid: true

Chain 1

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/e5e16ce47ed80d3b802a9c36f7ae408493d1e491ce83f72f253832b150aeb4bc
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MarsSamples/eb764591fb9e827a70b3ee575c6b301b5218e401505e5e2c848e7c30065a06dd
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MarsSamples/ede7013e07c7495d635459776653e11906ca44d8a50942bd94aaededdc9528f0
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MarsSamples/eed68c8b1d44d72618081bfdabce64247508b76f7ae08c9636a64484953aa3a5
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MarsSamples/f66c256c0d5303861bddc09919e1f2d9fc5de3195611d4e79f13a3a8368d463d
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MarsSamples/f6c829fc1530f2db30114c7971300b88f7fb95b9e7b298583ec42b86e771a240
.exe windows x86

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsstr
memset
_mbsnbcpy

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 864B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
__MACOSX/MarsSamples/._6a21847445507489361a96684203023e617eb37d362bd3436b61eb72cc822c27
__MACOSX/MarsSamples/._6d1365e37040955a395c3c0cdec2fd338f77d6067c0716858a9451de786219d3
__MACOSX/MarsSamples/._70afcf1b0507e851f3a9ac434129fce707de39ebb8e09a956d2d41e065d409f4
__MACOSX/MarsSamples/._771c829087e13220bf66aba98879059fecd2de0774900fabd043f495a2c9f63e
__MACOSX/MarsSamples/._813b776096fefc9a314814fc0a79019e50268ab598dd7257fc5f3cc438191d84
__MACOSX/MarsSamples/._8c192fb5bff179a874a8c484e748fd18b722840278848d9e0ff9f388fc528e1e
__MACOSX/MarsSamples/._90486182025452ef6411fb51aec3f3ad46e0dac44b17fa84e5421adeeddbf833
__MACOSX/MarsSamples/._9699bee0ae268555ceb77a02522f568229233284c9eb698209c03b05b1304b10
__MACOSX/MarsSamples/._97121634e7eda9ea36ad75a3094f55803b1bf2d76e5a048ec1baa32efeea3d9a
__MACOSX/MarsSamples/._97eaa5a789cfd6a823ac97af840d0df2b033a876addcb52aabea4ee65a37dbf6
__MACOSX/MarsSamples/._a564b6f55800989a8be0754dafd3bacd266f6a01c46dfa84b39b9951cd589f03
__MACOSX/MarsSamples/._a56fcfef8acfc51cdae41833d90e4b11b61aa151fddc5ecb31d197bcd2c27da5
__MACOSX/MarsSamples/._b09cc2593ffab58f1f4efe7819e5a8706e3e820e1b129f30f465866a26562a14
__MACOSX/MarsSamples/._b1b0be300d85d98bc103a1eae4993bbf848b339ec9240ca3799f5d1786d5bafe
__MACOSX/MarsSamples/._b318801ed5926156ce9440f49851b0cc0dd8e3178f1581b98257148bf2c223e7
__MACOSX/MarsSamples/._b3ba3e17aea3cf91ad56fb400f47d8a20e3d442706e86b6844699f4bfcda9275
__MACOSX/MarsSamples/._baea9f80f8c646c5d267ee930f2fc4877066fbf1f8241436ef7be984c4de9500
__MACOSX/MarsSamples/._bdcbd9e0ca51294c1fe95896ae29c992c74668d995555b1000712aec3ed7828e
__MACOSX/MarsSamples/._d72974b5e0f40af3a606a2c2a27a92d409e710772f9702f3ea736a10f0a4a988
__MACOSX/MarsSamples/._e5e16ce47ed80d3b802a9c36f7ae408493d1e491ce83f72f253832b150aeb4bc
__MACOSX/MarsSamples/._eb764591fb9e827a70b3ee575c6b301b5218e401505e5e2c848e7c30065a06dd
__MACOSX/MarsSamples/._ede7013e07c7495d635459776653e11906ca44d8a50942bd94aaededdc9528f0
__MACOSX/MarsSamples/._eed68c8b1d44d72618081bfdabce64247508b76f7ae08c9636a64484953aa3a5
__MACOSX/MarsSamples/._f66c256c0d5303861bddc09919e1f2d9fc5de3195611d4e79f13a3a8368d463d
__MACOSX/MarsSamples/._f6c829fc1530f2db30114c7971300b88f7fb95b9e7b298583ec42b86e771a240

Sharing

General

Malware Config

Extracted

Signatures

Files

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

Sections

.text Size: 114KB - Virtual size: 116KB

.rdata Size: 33KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 72KB

.reloc Size: 9KB - Virtual size: 9KB

Size: 1024B - Virtual size: 864B

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

Sections

.text Size: 114KB - Virtual size: 116KB

.rdata Size: 33KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 72KB

.reloc Size: 9KB - Virtual size: 9KB

Size: 1024B - Virtual size: 864B

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

Sections

.text Size: 114KB - Virtual size: 116KB

.rdata Size: 33KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 72KB

.reloc Size: 9KB - Virtual size: 9KB

Size: 1024B - Virtual size: 864B

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 69KB

.reloc Size: 9KB - Virtual size: 9KB

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

Sections

.text Size: 114KB - Virtual size: 116KB

.rdata Size: 33KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 72KB

.reloc Size: 9KB - Virtual size: 9KB

Size: 1024B - Virtual size: 864B

.rsrc Size: 196KB - Virtual size: 196KB

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 69KB

.reloc Size: 9KB - Virtual size: 9KB

4e06c011d59529bff8e1f1c88254b928

Headers

DLL Characteristics

.text
Size: 114KB - Virtual size: 116KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 72KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 116KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 72KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 116KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 72KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 69KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 116KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 72KB

.reloc
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 196KB - Virtual size: 196KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 69KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 69KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 116KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 72KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 116KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 72KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 116KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 72KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 116KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 72KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 114KB - Virtual size: 116KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 72KB

.reloc
Size: 9KB - Virtual size: 9KB