27979d42891e9dcf71d2ee5b96a27d5f1f6eecb532f888dad75d3918af64f64e

Sharing

Copy URL Twitter E-mail

General

Target

27979d42891e9dcf71d2ee5b96a27d5f1f6eecb532f888dad75d3918af64f64e
Size

1.5MB
MD5

16f5f5b99568872b17b40b82e0ef6b75
SHA1

0d038e350e54575eefde9a3d892722347a8f4b08
SHA256

27979d42891e9dcf71d2ee5b96a27d5f1f6eecb532f888dad75d3918af64f64e
SHA512

37987d58fd951ebc43dad69aacea1223327deb712f0ff70be410ddd83227437a47770b5e85eaf0ef8619199afc44e6165cc481e55b623ca0c7e0b6edc5a438b3
SSDEEP

24576:ob1EpWg+okNn7W6NcelgytYWQumQ8EANHtsZYhuvuBXDUDI4gx/uRZTBxtz:o6pLQW6gCYh4YNsZYAkOI4gJuRZTBxtz

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ISOtoUSBPortable/isoinfo.exe	upx

Files

27979d42891e9dcf71d2ee5b96a27d5f1f6eecb532f888dad75d3918af64f64e
.rar
ISOtoUSBPortable/7z.dll
.dll windows x86

6121a49841bf6f5b3700c1ebbb28be41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharPrevExA
CharPrevA
CharNextA
CharLowerW
CharLowerA
CharUpperW
CharUpperA

oleaut32

SysFreeString
SysAllocStringByteLen
VariantCopy
VariantClear
SysAllocString

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
strcmp
memset
memcmp
_purecall
memmove
memcpy
__CxxFrameHandler
free
_CxxThrowException
malloc

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
FileTimeToDosDateTime
DosDateTimeToFileTime
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ISOtoUSBPortable/bootsect_x64.exe
.exe windows x64

1e0b11dd3d2f59e2eef2c73004f3863d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryDosDeviceW
GetModuleFileNameW
LocalFree
FormatMessageW
Sleep
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
OutputDebugStringA
GetLastError
ReadFile
TerminateProcess
WriteFile
UnhandledExceptionFilter
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceExW
CloseHandle
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
GetLocaleInfoW
GetVersionExW
CreateFileW
SetLastError
CreateFileMappingW
SearchPathW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess

msvcrt

?terminate@@YAXXZ
calloc
isdigit
memset
free
isxdigit
mbtowc
__mb_cur_max
isleadbyte
localeconv
_iob
_snprintf
_itoa
wctomb
malloc
ferror
iswctype
wcstombs
realloc
__badioinfo
__pioinfo
_read
_fileno
_lseeki64
_write
_isatty
ungetc
wcsstr
bsearch
wcsncmp
_vsnwprintf
memcpy
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_wcslwr
_errno
iswxdigit
printf
_wcsnicmp
_wcsicmp
_stricmp
isalpha

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtWaitForSingleObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlFreeHeap
NtResetEvent
NtQuerySystemInformation
NtDeviceIoControlFile
NtCreateEvent
NtOpenDirectoryObject
RtlAllocateHeap
NtQueryDirectoryObject
RtlInitUnicodeString
NtClose
RtlNtStatusToDosError
NtQueryVolumeInformationFile
NtOpenFile
NtFsControlFile
NtQueryValueKey
NtOpenKey

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ISOtoUSBPortable/bootsect_x86.exe
.exe windows x86

704f7b0cf386fa53083ffa68ba646f50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
LocalFree
FormatMessageW
GetModuleFileNameW
ReadFile
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
WriteFile
GetLastError
QueryDosDeviceW
LoadResource
FindResourceExW
LoadLibraryExW
MapViewOfFile
CloseHandle
CreateFileMappingW
CreateFileW
GetLocaleInfoW
FreeLibrary
GetVersionExW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
SearchPathW
SetLastError

msvcrt

_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
malloc
exit
iswctype
?terminate@@YAXXZ
_controlfp
calloc
isdigit
isxdigit
mbtowc
isleadbyte
localeconv
_snprintf
_itoa
wctomb
ferror
wcstombs
realloc
__badioinfo
__pioinfo
_read
_fileno
_lseeki64
_write
_isatty
ungetc
wcsstr
bsearch
wcsncmp
_XcptFilter
_exit
_cexit
__getmainargs
_iob
__mb_cur_max
_vsnwprintf
_wcslwr
_errno
iswxdigit
memset
printf
_stricmp
isalpha
_wcsnicmp
memcpy
_wcsicmp
free

ntdll

RtlUnwind
NtOpenDirectoryObject
NtQueryDirectoryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtCreateEvent
NtDeviceIoControlFile
NtWaitForSingleObject
NtResetEvent
NtQuerySystemInformation
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeString
NtOpenFile
RtlNtStatusToDosError
NtClose
NtFsControlFile
NtQueryVolumeInformationFile
NtOpenKey
NtQueryValueKey

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ISOtoUSBPortable/cygwin1.dll
.dll windows x86

2160fe359a1764a35de52881edb91018

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey

kernel32

AllocConsole
BackupRead
BackupSeek
BackupWrite
ClearCommBreak
ClearCommError
CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMailslotA
CreateMutexA
CreateNamedPipeA
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateTapePartition
CreateThread
DebugBreak
DeleteCriticalSection
DeleteFileA
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EraseTape
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstChangeNotificationA
FindFirstFileA
FindNextChangeNotification
FindNextFileA
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FreeConsole
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCommModemStatus
GetCommState
GetCommandLineA
GetComputerNameA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLogicalDriveStringsA
GetLogicalDrives
GetMailslotInfo
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTapeParameters
GetTapePosition
GetTapeStatus
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
InitializeCriticalSection
IsBadStringPtrA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LockFile
LockFileEx
MapViewOfFile
MapViewOfFileEx
MoveFileA
MoveFileExA
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenMutexA
OpenProcess
OpenSemaphoreA
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
PrepareTape
PurgeComm
QueryDosDeviceA
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadConsoleOutputA
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
ResetEvent
ResumeThread
RtlUnwind
ScrollConsoleScreenBufferA
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileApisToANSI
SetFileApisToOEM
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetMailslotInfo
SetNamedPipeHandleState
SetPriorityClass
SetStdHandle
SetSystemTime
SetTapeParameters
SetTapePosition
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransmitCommChar
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitCommEvent
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeA
WideCharToMultiByte
WriteConsoleOutputA
WriteFile
WriteProcessMemory
WriteTapemark

Exports

Exports

__argc
__argv
__argz_add
__argz_add_sep
__argz_append
__argz_count
__argz_create
__argz_create_sep
__argz_delete
__argz_extract
__argz_insert
__argz_next
__argz_replace
__argz_stringify
__assert
__assertfail
__check_rhosts_file
__cygwin_environ
__cygwin_user_data
__envz_add
__envz_entry
__envz_get
__envz_merge
__envz_remove
__envz_strip
__eprintf
__errno
__f_atan2
__f_atan2f
__f_exp
__f_expf
__f_frexp
__f_frexpf
__f_ldexp
__f_ldexpf
__f_log
__f_log10
__f_log10f
__f_logf
__f_pow
__f_powf
__f_tan
__f_tanf
__fpclassifyd
__fpclassifyf
__getdelim
__getline
__getreent
__infinity
__main
__mb_cur_max
__mempcpy
__progname
__rcmd_errstr
__signbitd
__signbitf
__signgam
__srget
__swbuf
_abort
_abs
_access
_acl
_acl32
_aclcheck
_aclcheck32
_aclfrommode
_aclfrommode32
_aclfrompbits
_aclfrompbits32
_aclfromtext
_aclfromtext32
_aclsort
_aclsort32
_acltomode
_acltomode32
_acltopbits
_acltopbits32
_acltotext
_acltotext32
_acos
_acosf
_acosh
_acoshf
_alarm
_alloca
_alphasort
_asctime
_asctime_r
_asin
_asinf
_asinh
_asinhf
_asprintf
_asprintf_r
_atan
_atan2
_atan2f
_atanf
_atanh
_atanhf
_atexit
_atof
_atoff
_atoi
_atol
_bcmp
_bcopy
_bsearch
_bzero
_cabs
_cabsf
_calloc
_cbrt
_cbrtf
_ceil
_ceilf
_chdir
_check_for_executable
_chmod
_chown
_chown32
_chroot
_clearerr
_clock
_close
_closedir
_closelog
_copysign
_copysignf
_cos
_cosf
_cosh
_coshf
_creat
_ctime
_ctime_r
_ctype_
_cuserid
_cwait
_daylight
_difftime
_dirfd
_div
_dll_crt0@0
_drand48
_drem
_dremf
_dup
_dup2
_ecvt
_ecvtbuf
_ecvtf
_endgrent
_endmntent
_endpwent
_endutent
_erand48
_erf
_erfc
_erfcf
_erff
_execl
_execle
_execlp
_execv
_execve
_execvp
_exit
_exp
_expf
_expm1
_expm1f
_f_atan2
_f_atan2f
_f_exp
_f_expf
_f_frexp
_f_frexpf
_f_ldexp
_f_ldexpf
_f_log
_f_log10
_f_log10f
_f_logf
_f_pow
_f_powf
_f_tan
_f_tanf
_fabs
_fabsf
_facl
_facl32
_fchdir
_fchmod
_fchown
_fchown32
_fclose
_fcloseall
_fcloseall_r
_fcntl
_fcntl64
_fcvt
_fcvtbuf
_fcvtf
_fdopen
_fdopen64
_feof
_ferror
_fflush
_ffs
_fgetc
_fgetpos
_fgetpos64
_fgets
_fileno
_finite
_finitef
_fiprintf
_floor
_floorf
_fmod
_fmodf
_fnmatch
_fopen
_fopen64
_fork
_fprintf
_fputc
_fputs
_fread
_free
_freopen
_freopen64
_frexp
_frexpf
_fscanf
_fscanf_r
_fseek
_fseeko
_fseeko64
_fsetpos
_fsetpos64
_fstat
_fstat64
_fstatfs
_fsync
_ftell
_ftello
_ftello64
_ftime
_ftok
_ftruncate
_ftruncate64
_fwrite
_gamma
_gamma_r
_gammaf
_gammaf_r
_gcvt
_gcvtf
_get_osfhandle
_getc
_getc_unlocked
_getchar
_getchar_unlocked
_getcwd
_getdomainname
_getdtablesize
_getegid
_getegid32
_getenv
_geteuid
_geteuid32
_getgid
_getgid32
_getgrent
_getgrent32
_getgrgid
_getgrgid32
_getgrnam
_getgrnam32
_getgroups
_getgroups32
_gethostname
_getlogin
_getmntent
_getmode
_getpagesize
_getpass
_getpgrp
_getpid
_getppid
_getpwduid
_getpwent
_getpwnam
_getpwuid
_getpwuid32
_getpwuid_r32
_getrlimit
_getrusage
_gets
_gettimeofday
_getuid
_getuid32
_getutent
_getutid
_getutline
_getw
_getwd
_glob
_globfree
_gmtime
_gmtime_r
_htonl
_htons
_hypot
_hypotf
_ilogb
_ilogbf
_impure_ptr
_index
_infinity
_infinityf
_initgroups32
_ioctl
_iprintf
_isalnum
_isalpha
_isascii
_isatty
_iscntrl
_isdigit
_isgraph
_isinf
_isinff
_islower
_isnan
_isnanf
_isprint
_ispunct
_isspace
_isupper
_isxdigit
_j0
_j0f
_j1
_j1f
_jn
_jnf
_jrand48
_kill
_labs
_lacl
_lchown
_lchown32
_lcong48
_ldexp
_ldexpf
_ldiv
_lgamma
_lgamma_r
_lgammaf
_lgammaf_r
_link
_localeconv
_localtime
_localtime_r
_log
_log10
_log10f
_log1p
_log1pf
_logb
_logbf
_logf
_longjmp
_lrand48
_lseek
_lseek64
_lstat
_lstat64
_malloc
_matherr
_mblen
_mbstowcs
_mbtowc
_memccpy
_memchr
_memcmp
_memcpy
_memmove
_memset
_mkdir
_mknod
_mknod32
_mkstemp
_mktemp
_mktime
_mmap64
_modf
_modff
_mount
_nan
_nanf
_nanosleep
_nextafter
_nextafterf
_nice
_nl_langinfo
_nrand48
_ntohl
_ntohs
_open
_open64
_opendir
_openlog
_pathconf
_pclose
_perror
_pipe
_poll
_popen
_pow
_powf
_printf
_pthread_cleanup_pop
_pthread_cleanup_push
_putc
_putc_unlocked
_putchar
_putchar_unlocked
_putenv
_puts
_pututline
_putw
_qsort
_raise
_rand
_read
_readdir
_readlink
_readv
_realloc
_remainder
_remainderf
_remove
_rename
_rewind
_rewinddir
_rindex
_rint
_rintf
_rmdir
_sbrk
_scalb
_scalbf
_scalbn
_scalbnf
_scandir
_scanf
_scanf_r
_seed48
_seekdir
_seekdir64
_select
_setbuf
_setdtablesize
_setegid
_setegid32
_setenv
_seteuid
_seteuid32
_setgid
_setgid32
_setgrent
_setgroups
_setgroups32
_setjmp
_setlocale
_setmntent
_setmode
_setpassent
_setpgid
_setpgrp
_setpwent
_setregid
_setregid32
_setreuid
_setreuid32
_setrlimit
_setsid
_settimeofday
_setuid
_setuid32
_setutent
_setvbuf
_sin
_sinf
_sinh

Sections

.text
Size: 975KB - Virtual size: 974KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/4
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/38
Size: 512B - Virtual size: 16B

IMAGE_SCN_MEM_DISCARDABLE

.idata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cygheap
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ISOtoUSBPortable/isoinfo.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ISOtoUSBPortable/isotousb.exe
.exe windows x86

5dfd50bad45ca4c9867f1751e36a96f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString
SysAllocString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CopyImage
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
TerminateProcess
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreatePipe
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontFamiliesExW
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

Shell_NotifyIconW

comdlg32

GetOpenFileNameW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ISOtoUSBPortable/license.txt
ISOtoUSBPortable/阿榮福利味 - 免費軟體下載正版付費軟體.url
.url

Sharing

General

Malware Config

Signatures

Files

6121a49841bf6f5b3700c1ebbb28be41

Headers

File Characteristics

Imports

user32

oleaut32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 520KB - Virtual size: 520KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 18KB - Virtual size: 38KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 26KB - Virtual size: 26KB

1e0b11dd3d2f59e2eef2c73004f3863d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

advapi32

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 21KB - Virtual size: 26KB

.pdata Size: 1024B - Virtual size: 984B

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

704f7b0cf386fa53083ffa68ba646f50

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

advapi32

Sections

.text Size: 47KB - Virtual size: 47KB

.data Size: 21KB - Virtual size: 25KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 3KB

2160fe359a1764a35de52881edb91018

Headers

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 975KB - Virtual size: 974KB

/4 Size: 10KB - Virtual size: 9KB

.data Size: 38KB - Virtual size: 38KB

.rdata Size: 202KB - Virtual size: 201KB

.bss Size: - Virtual size: 37KB

.edata Size: 31KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 63KB - Virtual size: 63KB

/19 Size: 512B - Virtual size: 256B

/38 Size: 512B - Virtual size: 16B

.idata Size: 24KB - Virtual size: 24KB

.cygheap Size: - Virtual size: 128KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 192KB

UPX1 Size: 55KB - Virtual size: 56KB

UPX2 Size: 512B - Virtual size: 4KB

5dfd50bad45ca4c9867f1751e36a96f2

Headers

File Characteristics

.text
Size: 520KB - Virtual size: 520KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 18KB - Virtual size: 38KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 26KB - Virtual size: 26KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 21KB - Virtual size: 26KB

.pdata
Size: 1024B - Virtual size: 984B

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 47KB - Virtual size: 47KB

.data
Size: 21KB - Virtual size: 25KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 975KB - Virtual size: 974KB

/4
Size: 10KB - Virtual size: 9KB

.data
Size: 38KB - Virtual size: 38KB

.rdata
Size: 202KB - Virtual size: 201KB

.bss
Size: - Virtual size: 37KB

.edata
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 63KB - Virtual size: 63KB

/19
Size: 512B - Virtual size: 256B

/38
Size: 512B - Virtual size: 16B

.idata
Size: 24KB - Virtual size: 24KB

.cygheap
Size: - Virtual size: 128KB

UPX0
Size: - Virtual size: 192KB

UPX1
Size: 55KB - Virtual size: 56KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.itext
Size: 5KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 15KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 13KB - Virtual size: 12KB

.didata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 64B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 151KB - Virtual size: 150KB

.rsrc
Size: 191KB - Virtual size: 191KB