e4bb8c9c4653e072aaa186ec532c509ff38047b4033a35cf67b04faf5391c2c9

Sharing

Copy URL Twitter E-mail

General

Target

e4bb8c9c4653e072aaa186ec532c509ff38047b4033a35cf67b04faf5391c2c9
Size

2.2MB
MD5

81fd39419759609e31fcadbf8f356cc6
SHA1

a3a07d37d1ed319025c1ec22217e651fdb7f1570
SHA256

e4bb8c9c4653e072aaa186ec532c509ff38047b4033a35cf67b04faf5391c2c9
SHA512

51f1e3d8ab5c8ade8229acf210dffd4d941e7b8c9497d281c3d0452bec1bb489d70bf91ddcc15e99cb8afeb458eff4e661c2fe93e30cdcaa62e7bd0d45d1f638
SSDEEP

49152:ytENFwKirPShsNxozPESpg3lAS+fKEfnE/SxkX44/2DL4xvj5CdP:ytENFWEooTLpAkfEqfC2avwP

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack002/out.upx	patched_upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/[脚本转EXE] ExeScript-v3.0/UPX/upx.exe	upx

Files

e4bb8c9c4653e072aaa186ec532c509ff38047b4033a35cf67b04faf5391c2c9
.rar
[脚本转EXE] ExeScript-v3.0/ExeScript.exe.manifest
[脚本转EXE] ExeScript-v3.0/Syntax/Batch.xml
[脚本转EXE] ExeScript-v3.0/Syntax/Hta.xml
[脚本转EXE] ExeScript-v3.0/Syntax/JavaScript.xml
[脚本转EXE] ExeScript-v3.0/Syntax/Perl.xml
[脚本转EXE] ExeScript-v3.0/Syntax/VBScript.xml
[脚本转EXE] ExeScript-v3.0/Syntax/WSF.xml
.wsf
[脚本转EXE] ExeScript-v3.0/Syntax/WSH.xml
[脚本转EXE] ExeScript-v3.0/UPX/BUGS
[脚本转EXE] ExeScript-v3.0/UPX/COPYING
[脚本转EXE] ExeScript-v3.0/UPX/LICENSE
[脚本转EXE] ExeScript-v3.0/UPX/NEWS
[脚本转EXE] ExeScript-v3.0/UPX/README
[脚本转EXE] ExeScript-v3.0/UPX/README.1ST
[脚本转EXE] ExeScript-v3.0/UPX/THANKS
[脚本转EXE] ExeScript-v3.0/UPX/TODO
[脚本转EXE] ExeScript-v3.0/UPX/upx.1
.vbs
[脚本转EXE] ExeScript-v3.0/UPX/upx.doc
.vbs
[脚本转EXE] ExeScript-v3.0/UPX/upx.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 320KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 193KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[脚本转EXE] ExeScript-v3.0/UPX/upx.html
.html .vbs
[脚本转EXE] ExeScript-v3.0/cmd.exe
.exe windows x86

dbe5febb7a19ba19945a8e8ba6534abf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushConsoleInputBuffer
LoadLibraryA
InterlockedExchange
FreeLibrary
LocalAlloc
GetVDMCurrentDirectories
CmdBatNotification
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetThreadLocale
GetDiskFreeSpaceExW
CompareFileTime
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
CopyFileW
SetFileAttributesW
DeleteFileW
SetFileTime
CreateDirectoryW
FillConsoleOutputAttribute
SetConsoleTextAttribute
ScrollConsoleScreenBufferW
FormatMessageW
DuplicateHandle
FlushFileBuffers
HeapReAlloc
HeapSize
GetFileAttributesExW
LocalFree
GetDriveTypeW
InitializeCriticalSection
SetConsoleCtrlHandler
GetWindowsDirectoryW
GetConsoleTitleW
GetModuleFileNameW
GetVersion
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
SearchPathW
WriteFile
GetVolumeInformationW
SetLastError
MoveFileW
SetConsoleTitleW
MoveFileExW
GetBinaryTypeW
GetFileAttributesW
GetCurrentThreadId
CreateProcessW
LoadLibraryW
ReadProcessMemory
SetErrorMode
GetConsoleMode
SetConsoleMode
VirtualAlloc
VirtualFree
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCommandLineW
GetEnvironmentStringsW
GetLocalTime
GetTimeFormatW
FileTimeToLocalFileTime
GetDateFormatW
GetLastError
CloseHandle
SetThreadLocale
GetProcAddress
GetModuleHandleW
SetFilePointer
lstrcmpW
lstrcmpiW
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
ReadFile
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
ReadConsoleW
GetConsoleScreenBufferInfo
GetStdHandle
GetFileType
VirtualQuery
RaiseException
GetCPInfo
GetConsoleOutputCP
WideCharToMultiByte
GetFileSize
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetUserDefaultLCID
GetLocaleInfoW
SetLocalTime
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
calloc
_wcslwr
qsort
_vsnwprintf
wcsstr
_dup2
_dup
_open_osfhandle
_close
swscanf
_ultoa
_pipe
_seh_longjmp_unwind
_setmode
wcsncmp
iswxdigit
fflush
exit
_wtol
time
srand
__set_app_type
wcsrchr
malloc
free
wcstoul
_errno
iswalpha
printf
rand
swprintf
_iob
fprintf
towlower
realloc
setlocale
_snwprintf
wcscat
_wcsupr
wcsncpy
_wpopen
fgets
_pclose
memmove
wcschr
iswspace
_tell
longjmp
wcscmp
_wcsnicmp
_wcsicmp
wcstol
iswdigit
_getch
_get_osfhandle
_controlfp
_setjmp3
_except_handler3
wcscpy
wcslen
wcsspn
towupper

user32

GetUserObjectInformationW
GetThreadDesktop
MessageBeep
GetProcessWindowStation

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[脚本转EXE] ExeScript-v3.0/console.pe
.exe windows x86

c562975262fe750cccb80157719ee388

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrlenA
lstrcmpA
AllocConsole
GetStdHandle
MultiByteToWideChar
HeapFree
lstrcmpiA
WideCharToMultiByte
HeapAlloc
WriteConsoleA
SetConsoleMode
GetConsoleMode
GetLastError
ReadConsoleA
GetModuleFileNameA
GetTimeFormatA
Sleep
GetSystemDefaultLCID
GetModuleHandleA
ReadConsoleInputA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
lstrcatA
GetTempFileNameA
GetVersion
GetTickCount
SetCurrentDirectoryA
WriteFile
CreateDirectoryA
DeleteFileA
CloseHandle
CreateFileA
GetFileAttributesA
GetCurrentDirectoryA
GetTempPathA
ExitProcess
SizeofResource
LockResource
LoadResource
FindResourceA
GetProcessHeap
RemoveDirectoryA
GetCommandLineA

user32

DialogBoxParamA
GetParent
GetDesktopWindow
CharToOemA
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
LoadStringA
SetDlgItemTextA
GetDlgItem
SetFocus
GetDlgItemTextA
EndDialog
wsprintfA
GetForegroundWindow
MessageBoxA

ole32

CoInitialize
CoUninitialize
CLSIDFromProgID
CoCreateInstance
CoGetObject

oleaut32

VarBstrFromR4
VarBstrFromR8
VarBstrFromDec
SafeArrayUnaccessData
LoadTypeLi
SysFreeString
VariantInit
SysAllocString
DispInvoke
DispGetIDsOfNames
VariantTimeToSystemTime
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VarBstrFromCy

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[脚本转EXE] ExeScript-v3.0/consolew.pe
.exe windows x86

15ff8c67400bc8bd9b0f49af5547a226

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
lstrlenW
lstrcmpW
AllocConsole
GetStdHandle
HeapFree
lstrcmpiW
HeapAlloc
WriteConsoleW
SetConsoleMode
GetConsoleMode
GetLastError
ReadConsoleW
GetModuleFileNameW
GetTimeFormatW
Sleep
GetSystemDefaultLCID
GetModuleHandleW
ReadConsoleInputW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcatW
GetTempFileNameW
GetVersion
GetTickCount
SetCurrentDirectoryW
WriteFile
CreateDirectoryW
DeleteFileW
CloseHandle
CreateFileW
GetFileAttributesW
GetCurrentDirectoryW
GetTempPathW
ExitProcess
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcessHeap
RemoveDirectoryW
GetCommandLineW
lstrcpyA
lstrlenA

user32

DialogBoxParamW
GetParent
GetDesktopWindow
MessageBoxW
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
LoadStringW
SetDlgItemTextW
GetDlgItem
SetFocus
GetDlgItemTextW
EndDialog
wsprintfW
GetForegroundWindow

ole32

CoInitialize
CoGetObject
CLSIDFromProgID
CoCreateInstance
CoUninitialize

oleaut32

VarBstrFromR4
VarBstrFromR8
VarBstrFromDec
SafeArrayUnaccessData
LoadTypeLi
SysFreeString
VariantInit
SysAllocString
DispInvoke
DispGetIDsOfNames
VariantTimeToSystemTime
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VarBstrFromCy

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[脚本转EXE] ExeScript-v3.0/english.dll
.dll windows x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

GetLanguageName

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[脚本转EXE] ExeScript-v3.0/exescript.chm
.chm
[脚本转EXE] ExeScript-v3.0/exescript.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[脚本转EXE] ExeScript-v3.0/readme.txt
[脚本转EXE] ExeScript-v3.0/run.exe
.exe windows x86

88b39d710c582d9bc71fbcc694401214

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleInputA
WriteFile
GetModuleHandleA
DeleteFileA
CloseHandle
WaitForSingleObject
CreateProcessA
CreateFileA
GetTempFileNameA
GetTempPathA
GetCommandLineA
GetStdHandle
GetStringTypeA
LCMapStringW
LCMapStringA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetStringTypeW

user32

CharToOemA
LoadStringA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[脚本转EXE] ExeScript-v3.0/windows.pe
.exe windows x86

c562975262fe750cccb80157719ee388

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrlenA
lstrcmpA
AllocConsole
GetStdHandle
MultiByteToWideChar
HeapFree
lstrcmpiA
WideCharToMultiByte
HeapAlloc
WriteConsoleA
SetConsoleMode
GetConsoleMode
GetLastError
ReadConsoleA
GetModuleFileNameA
GetTimeFormatA
Sleep
GetSystemDefaultLCID
GetModuleHandleA
ReadConsoleInputA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
lstrcatA
GetTempFileNameA
GetVersion
GetTickCount
SetCurrentDirectoryA
WriteFile
CreateDirectoryA
DeleteFileA
CloseHandle
CreateFileA
GetFileAttributesA
GetCurrentDirectoryA
GetTempPathA
ExitProcess
SizeofResource
LockResource
LoadResource
FindResourceA
GetProcessHeap
RemoveDirectoryA
GetCommandLineA

user32

DialogBoxParamA
GetParent
GetDesktopWindow
CharToOemA
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
LoadStringA
SetDlgItemTextA
GetDlgItem
SetFocus
GetDlgItemTextA
EndDialog
wsprintfA
GetForegroundWindow
MessageBoxA

ole32

CoInitialize
CoUninitialize
CLSIDFromProgID
CoCreateInstance
CoGetObject

oleaut32

VarBstrFromR4
VarBstrFromR8
VarBstrFromDec
SafeArrayUnaccessData
LoadTypeLi
SysFreeString
VariantInit
SysAllocString
DispInvoke
DispGetIDsOfNames
VariantTimeToSystemTime
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VarBstrFromCy

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[脚本转EXE] ExeScript-v3.0/windowsw.pe
.exe windows x86

15ff8c67400bc8bd9b0f49af5547a226

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
lstrlenW
lstrcmpW
AllocConsole
GetStdHandle
HeapFree
lstrcmpiW
HeapAlloc
WriteConsoleW
SetConsoleMode
GetConsoleMode
GetLastError
ReadConsoleW
GetModuleFileNameW
GetTimeFormatW
Sleep
GetSystemDefaultLCID
GetModuleHandleW
ReadConsoleInputW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcatW
GetTempFileNameW
GetVersion
GetTickCount
SetCurrentDirectoryW
WriteFile
CreateDirectoryW
DeleteFileW
CloseHandle
CreateFileW
GetFileAttributesW
GetCurrentDirectoryW
GetTempPathW
ExitProcess
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcessHeap
RemoveDirectoryW
GetCommandLineW
lstrcpyA
lstrlenA

user32

DialogBoxParamW
GetParent
GetDesktopWindow
MessageBoxW
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
LoadStringW
SetDlgItemTextW
GetDlgItem
SetFocus
GetDlgItemTextW
EndDialog
wsprintfW
GetForegroundWindow

ole32

CoInitialize
CoGetObject
CLSIDFromProgID
CoCreateInstance
CoUninitialize

oleaut32

VarBstrFromR4
VarBstrFromR8
VarBstrFromDec
SafeArrayUnaccessData
LoadTypeLi
SysFreeString
VariantInit
SysAllocString
DispInvoke
DispGetIDsOfNames
VariantTimeToSystemTime
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VarBstrFromCy

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 320KB

UPX1 Size: 193KB - Virtual size: 196KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 331KB - Virtual size: 331KB

.data Size: 1024B - Virtual size: 736B

.rdata Size: 144KB - Virtual size: 143KB

.bss Size: - Virtual size: 19KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 880B

dbe5febb7a19ba19945a8e8ba6534abf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 126KB - Virtual size: 125KB

.data Size: 114KB - Virtual size: 114KB

.rsrc Size: 218KB - Virtual size: 218KB

c562975262fe750cccb80157719ee388

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 14KB

.rsrc Size: 11KB - Virtual size: 11KB

15ff8c67400bc8bd9b0f49af5547a226

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 15KB

.rsrc Size: 11KB - Virtual size: 11KB

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 380KB - Virtual size: 377KB

.reloc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

Size: - Virtual size: 4.1MB

Size: 1.5MB - Virtual size: 1.5MB

88b39d710c582d9bc71fbcc694401214

Headers

File Characteristics

Imports

UPX0
Size: - Virtual size: 320KB

UPX1
Size: 193KB - Virtual size: 196KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 331KB - Virtual size: 331KB

.data
Size: 1024B - Virtual size: 736B

.rdata
Size: 144KB - Virtual size: 143KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 880B

.text
Size: 126KB - Virtual size: 125KB

.data
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 218KB - Virtual size: 218KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 14KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 15KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 380KB - Virtual size: 377KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 160B

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 14KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 15KB

.rsrc
Size: 11KB - Virtual size: 11KB