Revenge-RAT v0[.]3[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Revenge-RAT v0.3.zip
Size

14.1MB
MD5

821847dd57e8e5c9b9caa4c0850bd739
SHA1

dca1d96a460907b05279c0a4c2b66fb535619f7e
SHA256

f0250fcb539ebef5769e5bec2b2c3c5e9dfb644eefcbffd62cb2496806b6463b
SHA512

af4d96d2275b548a85accd320311d0e58d57ccc5bb80d6f69213159290579103ad155c0c1d96c407352f4123442790d9be6c61fea2fecf961bbd5470855b5a70
SSDEEP

393216:I8xy9M8RmL6EHGjRMkPuUa0wXJ645x+fD7:zxy9M8FXjXPuUiSD7

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Extensions/Aut2Exe/upx.exe	upx

Files

Revenge-RAT v0.3.zip
.zip

Password: infected
AForge.Video.DirectShow.dll
.dll windows x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AForge.Video.dll
.dll windows x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Config.XML
.xml
Database/1440-10-01/10-41-57 م.log
Database/2017-10-13/3-39-51 م.log
Database/2022-11-13/10-11-40 .log
Database/2022-12-03/6-00-45 .log
Extensions/AHK/AHK.ahk
Extensions/AHK/Ahk2Exe.exe
.exe windows x86

Password: infected

caa5e6a2892587c2324418efee31c648

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

WSACleanup

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

user32

GetDC

gdi32

BitBlt

comdlg32

GetOpenFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 312KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Extensions/AHK/AutoHotkeySC.bin
.exe windows x86

Password: infected

46978de0f8944a65af1673d613222a98

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
inet_addr
gethostbyname
gethostname
WSAStartup

winmm

mixerSetControlDetails
waveOutGetVolume
joyGetPosEx
mixerGetControlDetailsW
mixerOpen
mixerGetDevCapsW
mixerGetLineControlsW
waveOutSetVolume
mixerClose
mciSendStringW
joyGetDevCapsW
mixerGetLineInfoW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ImageList_Create
CreateStatusWindowW
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked

psapi

GetModuleBaseNameW
GetModuleFileNameExW

kernel32

FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
GetFullPathNameW
GetShortPathNameW
FindFirstFileW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapQueryInformation
HeapSize
HeapFree
HeapReAlloc
ExitProcess
HeapAlloc
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
InitializeCriticalSectionAndSpinCount
LockResource
LoadResource
SizeofResource
FindResourceW
GetSystemTimeAsFileTime
GetModuleFileNameW
DeleteCriticalSection
GetCPInfo
GetVersionExW
GetModuleHandleW
GetProcAddress
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
lstrcmpiW
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryW
SetErrorMode
InitializeCriticalSection
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
IsValidCodePage
TlsAlloc
TlsGetValue
SetHandleCount
IsProcessorFeaturePresent
GetStringTypeW
RaiseException
LCMapStringW
RtlUnwind
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
TlsSetValue
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetProcessHeap
LoadLibraryW
VirtualQuery

user32

GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
MapWindowPoints
RedrawWindow
SetParent
GetClassInfoExW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
PtInRect
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
CreateIconIndirect
GetDesktopWindow
CopyImage
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
GetIconInfo
SetWindowTextW
IsWindowVisible
CheckMenuItem
MessageBoxW
LoadImageW
GetLastInputInfo
SetClipboardViewer
LoadAcceleratorsW
EnableMenuItem
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
GetSysColorBrush
VkKeyScanExW
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharUpperW
IsCharLowerW
IsCharAlphaNumericW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
GetCursor
ClientToScreen
MessageBeep
IsWindowEnabled
SetDlgItemTextW
GetDlgItem
SendDlgItemMessageW
DialogBoxParamW
SetForegroundWindow
DefWindowProcW
FillRect
ChangeClipboardChain
DrawIconEx
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
GetWindowLongW
GetKeyState
TranslateAcceleratorW
GetSysColor
RegisterWindowMessageW
IsIconic
IsZoomed
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
GetGUIThreadInfo
SetActiveWindow
EnumChildWindows
MoveWindow
GetQueueStatus
GetWindowRect
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
DrawTextW
MapVirtualKeyExW
SetRect
GetMenu

gdi32

GetPixel
GetClipBox
GetCharABCWidthsW
SetBkMode
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
ExcludeClipRect
SetBkColor
SetTextColor
FillRgn
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
CreateFontW
GetClipRgn
GetDeviceCaps
DeleteObject

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegConnectRegistryW
RegDeleteValueW

shell32

DragQueryPoint
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetLBound
GetActiveObject
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString
SysStringLen

Sections

.text
Size: 626KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Extensions/AHK/Unicode 32-bit.bin
.exe windows x86

Password: infected

46978de0f8944a65af1673d613222a98

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
inet_addr
gethostbyname
gethostname
WSAStartup

winmm

mixerSetControlDetails
waveOutGetVolume
joyGetPosEx
mixerGetControlDetailsW
mixerOpen
mixerGetDevCapsW
mixerGetLineControlsW
waveOutSetVolume
mixerClose
mciSendStringW
joyGetDevCapsW
mixerGetLineInfoW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ImageList_Create
CreateStatusWindowW
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked

psapi

GetModuleBaseNameW
GetModuleFileNameExW

kernel32

FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
GetFullPathNameW
GetShortPathNameW
FindFirstFileW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapQueryInformation
HeapSize
HeapFree
HeapReAlloc
ExitProcess
HeapAlloc
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
InitializeCriticalSectionAndSpinCount
LockResource
LoadResource
SizeofResource
FindResourceW
GetSystemTimeAsFileTime
GetModuleFileNameW
DeleteCriticalSection
GetCPInfo
GetVersionExW
GetModuleHandleW
GetProcAddress
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
lstrcmpiW
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryW
SetErrorMode
InitializeCriticalSection
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
IsValidCodePage
TlsAlloc
TlsGetValue
SetHandleCount
IsProcessorFeaturePresent
GetStringTypeW
RaiseException
LCMapStringW
RtlUnwind
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
TlsSetValue
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetProcessHeap
LoadLibraryW
VirtualQuery

user32

GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
MapWindowPoints
RedrawWindow
SetParent
GetClassInfoExW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
PtInRect
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
CreateIconIndirect
GetDesktopWindow
CopyImage
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
GetIconInfo
SetWindowTextW
IsWindowVisible
CheckMenuItem
MessageBoxW
LoadImageW
GetLastInputInfo
SetClipboardViewer
LoadAcceleratorsW
EnableMenuItem
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
GetSysColorBrush
VkKeyScanExW
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharUpperW
IsCharLowerW
IsCharAlphaNumericW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
GetCursor
ClientToScreen
MessageBeep
IsWindowEnabled
SetDlgItemTextW
GetDlgItem
SendDlgItemMessageW
DialogBoxParamW
SetForegroundWindow
DefWindowProcW
FillRect
ChangeClipboardChain
DrawIconEx
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
GetWindowLongW
GetKeyState
TranslateAcceleratorW
GetSysColor
RegisterWindowMessageW
IsIconic
IsZoomed
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
GetGUIThreadInfo
SetActiveWindow
EnumChildWindows
MoveWindow
GetQueueStatus
GetWindowRect
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
DrawTextW
MapVirtualKeyExW
SetRect
GetMenu

gdi32

GetPixel
GetClipBox
GetCharABCWidthsW
SetBkMode
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
ExcludeClipRect
SetBkColor
SetTextColor
FillRgn
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
CreateFontW
GetClipRgn
GetDeviceCaps
DeleteObject

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegConnectRegistryW
RegDeleteValueW

shell32

DragQueryPoint
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetLBound
GetActiveObject
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString
SysStringLen

Sections

.text
Size: 626KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Extensions/Admin.res
Extensions/Aut2Exe/Aut2exe.exe
.exe windows x86

Password: infected

b11972935cc4c0ec2c384bf1b8e7fab7

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:62:fb:e3:48:77:cf:8d:b0:57:54:6d:f1:d6:46:58:a0
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

04/03/2014, 06:50

Not After

04/06/2017, 06:50

Subject

CN=AutoIt Consulting Ltd,O=AutoIt Consulting Ltd,L=Birmingham,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:e0:b6:69:ef:13:a1:ac:f4:e3:07:b6:8f:67:cd:7c:eb:a0:2b:54
Signer

Actual PE Digest

ea:e0:b6:69:ef:13:a1:ac:f4:e3:07:b6:8f:67:cd:7c:eb:a0:2b:54

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=AutoIt Consulting Ltd,O=AutoIt Consulting Ltd,L=Birmingham,C=GB

18/09/2015, 14:13
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreateStatusWindowW
InitCommonControlsEx

kernel32

LockResource
GetTempPathW
GetTempFileNameW
DeleteFileW
CopyFileW
CreateFileW
CloseHandle
LoadLibraryA
GetProcAddress
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetFileSize
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSection
IsDebuggerPresent
lstrcmpiW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
lstrlenW
ReadFile
CreateProcessW
GetExitCodeProcess
Sleep
WideCharToMultiByte
CompareStringW
GetCommandLineW
FindResourceW
EnumResourceNamesW
BeginUpdateResourceW
SetFilePointer
UpdateResourceW
EndUpdateResourceW
GetVersionExW
IsWow64Process
GetCurrentProcess
GetSystemInfo
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WriteFile
DuplicateHandle
GetStdHandle
CreatePipe
CreateThread
TerminateThread
WaitForSingleObject
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
SizeofResource
TerminateProcess
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
CreateDirectoryW
QueryPerformanceCounter
OutputDebugStringW
GetFileTime
SetStdHandle
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetFileType
GetConsoleCP
GetProcessHeap
GetModuleHandleExW
ExitProcess
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
ReadConsoleW
GetConsoleMode
RtlUnwind
RaiseException
ExitThread
HeapFree
HeapAlloc
IsProcessorFeaturePresent
DecodePointer
EncodePointer
LoadResource
FindResourceExW
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
WriteConsoleW
GetLastError

user32

LoadIconW
RegisterClassExW
MessageBeep
DispatchMessageW
PostQuitMessage
SetCursor
DefWindowProcW
ChildWindowFromPoint
LoadImageW
GetDlgItemTextW
DialogBoxParamW
EnableMenuItem
EndDialog
GetSystemMenu
SetActiveWindow
LoadCursorW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
GetDlgItem
SetFocus
UpdateWindow
SendDlgItemMessageW
CheckMenuItem
GetMenu
SetDlgItemTextW
CreateDialogParamW
LoadAcceleratorsW
MessageBoxA
DestroyIcon
LoadStringW
MessageBoxW
CharUpperBuffW
PostMessageW
ShowWindow
EnableWindow
SendMessageW
CheckMenuRadioItem

gdi32

GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW

shell32

DragFinish
DragQueryFileW
DragQueryPoint
SHGetFolderPathW

ole32

CreateStreamOnHGlobal

oleaut32

VariantCopy
VariantClear
VariantInit

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Extensions/Aut2Exe/Aut2exe_x64.exe
.exe windows x64

Password: infected

070744bbf7091790d3b13a2aef23e569

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:62:fb:e3:48:77:cf:8d:b0:57:54:6d:f1:d6:46:58:a0
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

04/03/2014, 06:50

Not After

04/06/2017, 06:50

Subject

CN=AutoIt Consulting Ltd,O=AutoIt Consulting Ltd,L=Birmingham,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:8e:a4:a9:a7:21:e3:2b:a7:b7:52:3a:24:4a:7a:99:ac:e7:c1:d4
Signer

Actual PE Digest

49:8e:a4:a9:a7:21:e3:2b:a7:b7:52:3a:24:4a:7a:99:ac:e7:c1:d4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=AutoIt Consulting Ltd,O=AutoIt Consulting Ltd,L=Birmingham,C=GB

18/09/2015, 14:13
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

CreateStatusWindowW
InitCommonControlsEx

kernel32

LockResource
GetTempPathW
GetTempFileNameW
DeleteFileW
CopyFileW
CreateFileW
CloseHandle
LoadLibraryA
GetProcAddress
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetFileSize
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSection
IsDebuggerPresent
lstrcmpiW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
lstrlenW
ReadFile
CreateProcessW
GetExitCodeProcess
Sleep
WideCharToMultiByte
CompareStringW
GetCommandLineW
FindResourceW
EnumResourceNamesW
BeginUpdateResourceW
SetFilePointer
UpdateResourceW
EndUpdateResourceW
GetVersionExW
IsWow64Process
GetCurrentProcess
GetSystemInfo
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WriteFile
DuplicateHandle
GetStdHandle
CreatePipe
CreateThread
TerminateThread
WaitForSingleObject
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
GetLastError
SizeofResource
TerminateProcess
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
CreateDirectoryW
QueryPerformanceCounter
OutputDebugStringW
GetFileTime
SetStdHandle
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetFileType
GetConsoleCP
GetProcessHeap
GetModuleHandleExW
ExitProcess
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
HeapReAlloc
ReadConsoleW
GetConsoleMode
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
ExitThread
HeapFree
HeapAlloc
IsProcessorFeaturePresent
DecodePointer
EncodePointer
LoadResource
FindResourceExW
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
WriteConsoleW

user32

RegisterClassExW
PostQuitMessage
SetCursor
DefWindowProcW
ChildWindowFromPoint
GetDlgItemTextW
MessageBeep
DialogBoxParamW
EnableMenuItem
EndDialog
GetSystemMenu
SetActiveWindow
LoadIconW
LoadImageW
LoadCursorW
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
GetDlgItem
SetFocus
UpdateWindow
SendDlgItemMessageW
GetMenu
CheckMenuRadioItem
SetDlgItemTextW
CreateDialogParamW
LoadAcceleratorsW
MessageBoxA
DestroyIcon
LoadStringW
MessageBoxW
CharUpperBuffW
PostMessageW
ShowWindow
EnableWindow
SendMessageW
CheckMenuItem

gdi32

GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW

shell32

DragFinish
DragQueryFileW
DragQueryPoint
SHGetFolderPathW

ole32

CreateStreamOnHGlobal

oleaut32

VariantCopy
VariantClear
VariantInit

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Extensions/Aut2Exe/Autoit.au3
Extensions/Aut2Exe/Icons/AutoIt_Main_v10_256x256_RGB-A.ico
Extensions/Aut2Exe/Icons/AutoIt_Main_v10_48x48_256.ico
Extensions/Aut2Exe/Icons/AutoIt_Main_v10_48x48_RGB-A.ico
Extensions/Aut2Exe/Icons/AutoIt_Main_v9_48x48_256.ico
Extensions/Aut2Exe/Icons/AutoIt_Main_v9_48x48_RGB-A.ico
Extensions/Aut2Exe/Icons/AutoIt_Old1.ico
Extensions/Aut2Exe/Icons/AutoIt_Old2.ico
Extensions/Aut2Exe/Icons/AutoIt_Old3.ico
Extensions/Aut2Exe/Icons/AutoIt_Old4.ico
Extensions/Aut2Exe/Icons/SETUP01.ICO
Extensions/Aut2Exe/Icons/SETUP02.ICO
Extensions/Aut2Exe/Icons/SETUP03.ICO
Extensions/Aut2Exe/Icons/SETUP04.ICO
Extensions/Aut2Exe/Icons/SETUP05.ICO
Extensions/Aut2Exe/Icons/SETUP06.ICO
Extensions/Aut2Exe/Icons/SETUP07.ICO
Extensions/Aut2Exe/Icons/SETUP08.ICO
Extensions/Aut2Exe/Icons/SETUP09.ICO
Extensions/Aut2Exe/Icons/SETUP10.ICO
Extensions/Aut2Exe/Icons/SETUP11.ICO
Extensions/Aut2Exe/Icons/SETUP12.ICO
Extensions/Aut2Exe/upx.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Extensions/GoRC.exe
.exe windows x86

bdb954ef3cacc6d0d2d8da424b551443

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
WriteConsoleA
IsBadReadPtr
CreateFileA
SetFilePointer
SetEndOfFile
CloseHandle
GetCommandLineW
lstrlenW
WideCharToMultiByte
CreateFileMappingA
MapViewOfFile
GetFileSize
VirtualAlloc
ReadFile
UnmapViewOfFile
CompareStringA
GetSystemTimeAsFileTime
VirtualFree
GetVersionExA
GetModuleHandleA
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
GetStdHandle
Beep
ExitProcess
MultiByteToWideChar
lstrlen
GetUserDefaultLangID
GetEnvironmentVariableA

Sections

code
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

data
Size: 19KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 49B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Extensions/Resource Hacker.exe
.exe windows x86

3cea3b0059dc5ddaa661a158b31ddd9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
VariantInit
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
SystemParametersInfoW
SubtractRect
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
SendDlgItemMessageW
ScrollWindowEx
ScrollWindow
ScrollDC
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
NotifyWinEvent
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadMenuIndirectW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenuBarInfo
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawStateW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconFromResourceEx
CreateIconFromResource
CreateIcon
CreateDialogIndirectParamW
CreateCaret
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClipCursor
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
BeginDeferWindowPos
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenW
lstrcmpW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
IsDebuggerPresent
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsValidCodePage
IsDBCSLeadByteEx
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemInfo
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringA
CompareStringW
CloseHandle
Sleep
MulDiv

msimg32

TransparentBlt
GradientFill
AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetDCPenColor
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc
TranslateCharsetInfo
GetRandomRgn

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
ReleaseStgMedium
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

msvcrt

memset
memcpy

shell32

ShellExecuteW
Shell_NotifyIconW
DragQueryFileW
DragAcceptFiles
SHGetDesktopFolder

comdlg32

ChooseFontW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

winmm

timeGetTime
sndPlaySoundW
mciSendCommandW
mciGetErrorStringW

oleacc

LresultFromObject

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 164KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 883KB - Virtual size: 883KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Extensions/dotNET_Reactor.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Extensions/mpress.exe
.exe windows x86

51e7ef6b1d43d0d05d7109dee9789560

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

imagehlp

CheckSumMappedFile

Sections

.MPRESS1
Size: 88KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 862B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FastColoredTextBox.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GeoIP.dat
IconLib.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Icons/Android.ico
Icons/App.ico
Icons/Apple.ico
Icons/Application.ico
Icons/Archive.ico
Icons/Excavator.ico
Icons/FB Messenger.ico
Icons/Facebook.ico
Icons/Filezilla.ico
Icons/Firefox.ico
Icons/Folder.ico
Icons/Google Chrome.ico
Icons/Internet explorer.ico
Icons/Microsoft.ico
Icons/Moon.ico
Icons/Notepad.ico
Icons/Onedrive.ico
Icons/Opera.ico
Icons/RDP.ico
Icons/Rar.ico
Icons/Remote Connexion.ico
Icons/Skype.ico
Icons/TOR.ico
Icons/Team Viewer.ico
Icons/Torrent.ico
Icons/Ubuntu.ico
Icons/Vmware.ico
Icons/Whatsapp.ico
Icons/Windows.ico
Icons/Word.ico
Plugin Compiler.exe
.exe .ps1 windows x86
Plugin/CH.dll
.gz
Plugin/FM.dll
.gz
Plugin/KE.dll
.gz
Plugin/MC.dll
.gz
Plugin/PA.dll
.gz
Plugin/PW.dll
.gz
Plugin/RD.dll
.gz
Plugin/RW.dll
.gz
Plugin/SC.dll
.gz
Plugin/SI.dll
.gz
Plugin/SM.dll
.gz
Plugin/SP.dll
.gz
Plugin/SPC.dll
.gz
Plugin/TS.dll
.gz
Profiles/Default.ini
Profiles/Main.ini
RV.IL
Revenge-RAT Client Source Code.rar
.rar
Revenge-RAT v0.3.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 13.4MB - Virtual size: 13.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Theme Compiler.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/Black Currant.XML
Themes/Corduroy.XML
.xml
Themes/Dark Slate Blue.XML
.xml
Themes/Darkness.XML
.xml
Themes/Default.XML
.xml
Themes/Ebony.XML
.xml
Themes/Gondola.XML
.xml
Themes/Gray.XML
.xml
Themes/Light Sea Green.XML
.xml
Themes/Night Fury.XML
.xml
Themes/Spring Green.XML
.xml
Themes/Steel Blue.XML
.xml
Themes/THE MYSTERIES LEGACY.XML
.xml
Themes/Teal.XML
.xml
Themes/Tsunamii.XML
.xml
Themes/v_B01 - 3hud.XML
.xml
WinMM.Net.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
notify.wav

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 33KB - Virtual size: 32KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 512B - Virtual size: 12B

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 14KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 512B - Virtual size: 12B

Password: infected

caa5e6a2892587c2324418efee31c648

Headers

File Characteristics

Imports

kernel32

wsock32

winmm

version

comctl32

psapi

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.MPRESS1 Size: 312KB - Virtual size: 864KB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 22KB - Virtual size: 21KB

Password: infected

46978de0f8944a65af1673d613222a98

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 626KB - Virtual size: 626KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 12KB - Virtual size: 40KB

.rsrc Size: 22KB - Virtual size: 22KB

Password: infected

46978de0f8944a65af1673d613222a98

Headers

File Characteristics

Imports

wsock32

winmm

.text
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 512B - Virtual size: 12B

.MPRESS1
Size: 312KB - Virtual size: 864KB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 22KB - Virtual size: 21KB

.text
Size: 626KB - Virtual size: 626KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 12KB - Virtual size: 40KB

.rsrc
Size: 22KB - Virtual size: 22KB

.text
Size: 626KB - Virtual size: 626KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 12KB - Virtual size: 40KB

.rsrc
Size: 22KB - Virtual size: 22KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

11:21:62:fb:e3:48:77:cf:8d:b0:57:54:6d:f1:d6:46:58:a0
Certificate

ea:e0:b6:69:ef:13:a1:ac:f4:e3:07:b6:8f:67:cd:7c:eb:a0:2b:54
Signer

18/09/2015, 14:13
Valid: false

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

11:21:62:fb:e3:48:77:cf:8d:b0:57:54:6d:f1:d6:46:58:a0
Certificate

49:8e:a4:a9:a7:21:e3:2b:a7:b7:52:3a:24:4a:7a:99:ac:e7:c1:d4
Signer

18/09/2015, 14:13
Valid: false