General

Malware Config

Signatures

Files

• d3d4961c7dcf161765f5bbdb29225f4d73bd71a162e0c92d2d60ca5e17951316

  .zip
• Bypass 2015.bat

  .exe windows x86

  ec4df5ff7576be7cc5148bf3830aa5ad

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  advapi32

  ChangeServiceConfigA

  comctl32

  ImageList_DragShowNolock

  comdlg32

  ChooseFontA

  gdi32

  GetWindowOrgEx

  hhctrl.ocx

  HtmlHelpA

  imagehlp

  SymFunctionTableAccess64

  imm32

  ImmGetContext

  kernel32

  GetVersionExA

  CreateNamedPipeA

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  lua5.1-32

  luaL_unref

  ole32

  OleInitialize

  oleaut32

  VariantCopy

  opengl32

  wglUseFontBitmapsA

  shell32

  DragQueryFileW

  user32

  GetWindowTextW

  version

  GetFileVersionInfoA

  ws2_32

  WSACleanup

  wsock32

  gethostbyname

  Exports

  Exports

  ��%�˩4��S��0*|0��|3��$�Z%�9���� �E����΃�:E��c��fC(XZ*�v���7Ƿ�m=��{��v�ϨiK>[TȤ�`�Љ����M��sʯ�A��(䩳�&��M����Q݄�ƫn1��c��"�{���pD�J7�1�Š�#H|��ZA���� >��)#kB\���yᦛAH��G1;n2�[��!�\.��?v����vEQ�b�G�%Fq�z�vE3���tr+� �R���d�x���`�N���HK���奉�O��͡�P�i� ���J}y�4��/��^���y�]ҡu���b�|R� ����w���UaP�����!����c:y� ��m��='��� *m��
  ��J�H\�@o�Oñ��h7�~�V��)�6{5$�x��4ɅҸ��?���n:D��_C���GO���J���Zlލ[`����a˟��nnC��96��s��O�-I@�*�l+�}uI_�,��9U ��Y�w�&.E�P8�:h� ~��26��&UJ؀�W��#\�)�6���ev�����+C�'������{d|=7aP_�4�/ ;s�H���N��/�����U�Mzx^b����;���;#Z��D{���fp!�ؼ�u��1Q�=�5�b.\��m��.J����=gv�| �ŞD;�Y��xS���X{FtR]S���4R��ՂG K�Y���Y��l��l|8޸�NoY��'���h9���X�t;i����k`��e�f͌BU�8���4���8�HU��eIڤr�F�3|n�(���ⶻ�Q��l�M�޸���"C�o�/�'��������W�����褱�p�d~��������3�F�C�l*�\se�D�}�,9����yBN�<H��k;g��kA��}T�-��4���=c.+v"4����L�=�4�k�W��� �sD�h>��o��� ��^z��*e/1H vG[k�!3g�^^��F�+ �;�q��'�{֞=��}�����[e�Gw�w��M,�� ��c��Kѱ�Oˈ8O�����Vn��U�����R��E������օ[��60�y��tbq)Y��/�(�a��h>�Tz�!쌔ЪK6�p6<�}�(��U�}&K��u���W��!r��C�:8��:�B�Wa�"��JQ�R�o��Y�Zv���o������\
  ڵ�,0nQр�G�9(|���S�;���R���7���x�8\qnC @�w��h����ˌ�yH��,��1B�˿�c�x����^���YQt�G1頝�TY��Vgԙ&���O�͎_�%=|��9]f��$���sOȮ�¥*)Mc�I�/�pi��-�f��R�C �(�o�.������sQ %u��
  0~���A�B�v��ЧE�B�ӧ���U��YN�*�F$mș���0�A߃����������Y��Ȁ�/��0�3�`i�ùM1� ?��ԙ2��~/?�h��A��?�w}�zD�iL %MGb���-%/9�G�r�*�H���.�@!��_>٘��'#�c4���絫}�փ[`٘��&�����<8��b�,;���\f����4�,���*��ۉ��q��t��k**��,[G�]z{���Xf~�lݬyV�U��`
  ����w���6�i�C�HC����r҃]ܼ@�l�<!��3I��$�Q'�.V}�Uz����Ku�H\i"te3�Z6 �m��w*Vk�����r˘S��;0`Ԑ���&@����"������uY�Mn�7s�LIoJ�����ʙot\į���y���E"���g��ؙ���&N��j�;�@r`����K-W�f�b����<��aY����=d����g8{�S�ov���D,�@�����L�&FƖ����� D�wK�07�)M���0jJHE
  @��#�\8P��Q"*��9�I��`g*�S�>L�dz�~X3iӔsJ�ےS�����M����ɪ�[�_�M���lAޕ�h�';�1��>BUx�����ƞ�"b����Io�Wjw�b�=r�6'V_y�u@�*���!ĕ�I� kTDf%�?�U���۰��O?:8�#����e�,��U�qjX5�"�K�Tȣ-&����N�$n���2ir(〼"P���@_ǀ1��#�oq�8 OLDd {~9���[�q�n��Q�}*�̄r%�T�/?�O��ى䌀����^^��j6b:�����XQ���s㄄Lŵ )����w��3�YB��__��*�����/�I��9��݄��U��-7��e�m���Nr�-���t:���&Ds:�o6��G�GU����ƪJ��]���)pY�Ǔ���r�\��������`Y'z��^owJ���(<�=w�u�[(v��풆�h���&��n��|������)_P꽢J9�"e-3߁��t�0��v#��`���5׻kp�/�8ի��kz�b�e)����
  �����﵂S�;Ҏ��Qc?��H0�Iؤ�����B�qp�����vA�E�J�[�LFP+���tGU�S-}���› �������nr�l�׺�����։ <Jxi�5�����8<������R�i��y��Nz���w��m���1I3�:wž��,dw�io���X��b�%�<#��j��Iq$w��8s��Y�>k^���4*�ڣ9u��/e�BE&�D�d��G𶿶 �D[��M�DN�gU����}�� �O���@j�ڛ⩹&�Nde���`6�F�G�%��)�~�F�D�,�̀C�����P�w��s� ׿\���w���z��7�� L.���+��7���]�0��M{��<i�R � C�L����\�+�R�� }=hv5������z�I��ءF�{*�k~VT�/ŕ>���3qב����%��-�������-�'/��ܮ?�C�X��ָ�$�Kt�&i�QT��Bt�<��o|Ö�WЗ�K�qs�(�gt��gy� /���r?����87 �s�D;�y�D�������F�S\��_Y�S�����sX{Z �Mm ����}��ED�c�{�玻� V́UGz���Pj���-���G�W���u�k�<E��

  Sections

  .text

  Size: - Virtual size: 4.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 2.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: - Virtual size: 39KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: - Virtual size: 4B

  .idata

  Size: - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 821KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 2.7MB - Virtual size: 2.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 68KB - Virtual size: 67KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• Readme.txt