xorddos | Malz[.]zip

Resubmissions

20/04/2023, 08:22

230420-j9jsfaae7s 10

27/03/2023, 09:38

230327-lmbvescg32 10

Sharing

Copy URL Twitter E-mail

General

Target

Malz.zip
Size

41.8MB
MD5

72d76d00f0cfa5bcf976ad2f91c31219
SHA1

631f788057a9c0c9afa5adb3634cccf49134c707
SHA256

664fd170b1d07e372b3daa91aab78a8151d3f0b0361a2b3157b405314dd219a2
SHA512

d6c6afacd7bf9680545cbc306361b16f8f4d41326d3e67db8fdb7d0c771362e5833d2ec09b06f09401956c30c1921e31788c9a7029591e8950f9c25b21ed8326
SSDEEP

786432:yw31BOqBbfjzQ3HoRScthZa2BLXYXWl/efKwqKVVuiaohsBtSvVLUDMC2ygvWt+:ywDxT/Q3HnMZa2ZXYX0/efbl+E5UDM1z

Score

10^/10

upx xorddos mrblack gh0strat blackmoon

Malware Config

Extracted

Family

xorddos

gh.dsaj2a1.org:2807

192.161.60.184:2807

www.yjgost.com:2807

a.org:3306

ns3.hostasa.org:3306

ns4.hostasa.org:3306

ns1.hostasa.org:3306

ns2.hostasa.org:3306

a.org:3307

ns3.hostasa.org:3307

ns4.hostasa.org:3307

ns1.hostasa.org:3307

ns2.hostasa.org:3307

a.org:3308

ns3.hostasa.org:3308

ns4.hostasa.org:3308

ns1.hostasa.org:3308

ns2.hostasa.org:3308

a.org:3309

ns3.hostasa.org:3309

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/集群.exe	family_blackmoon

Gh0st RAT payload 2 IoCs

resource	yara_rule
static1/unpack001/yk.exe	family_gh0strat
static1/unpack001/yk1.exe	family_gh0strat

Gh0strat family
gh0strat

MrBlack trojan 3 IoCs

resource	yara_rule
static1/unpack001/ssh12	family_mrblack
static1/unpack001/ssh66	family_mrblack
static1/unpack001/ssh88	family_mrblack

Mrblack family
mrblack

XorDDoS payload 7 IoCs

resource	yara_rule
static1/unpack001/.sshdd	family_xorddos
static1/unpack001/a06	family_xorddos
static1/unpack001/a07	family_xorddos
static1/unpack001/a08	family_xorddos
static1/unpack001/a09	family_xorddos
static1/unpack001/a10	family_xorddos
static1/unpack001/z2	family_xorddos

Xorddos family
xorddos

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/32	upx
static1/unpack001/36000.exe	upx
static1/unpack001/64	upx
static1/unpack001/GetPass.exe	upx
static1/unpack001/SAY123	upx
static1/unpack001/SAY456	upx
static1/unpack001/lyjq	upx
static1/unpack001/ss32	upx
static1/unpack001/ss64	upx
static1/unpack001/svchost.exe	upx
static1/unpack001/xiaoma	upx
static1/unpack001/xudp	upx

Files

Malz.zip
.zip

Password: infected
.sshdd
.elf linux x86
1.txt
10221.rar
.rar
TSmm
.elf linux x86
bin.exe
.exe windows x86

160ca90966867f92a1e8064697edb02d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetLastError
Sleep
CloseHandle
GetSystemWow64DirectoryA
CreateDirectoryA
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LoadResource
FindResourceA
SetFilePointer
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
ReadFile
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap

advapi32

StartServiceA
DeleteService
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
ControlService

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
261664
.elf linux x64
32
.elf linux x86
3306.zip_
.zip
36000.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 724KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 413KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
64
.elf linux x64
64.zip
.zip
GetPass.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 480KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Linux3264生成器M.1.0_se.rar
.rar
NetSyst81.dll
POP
.elf linux x86
SAY123
.elf linux x86
SAY456
.elf linux x64
Server.rar
.rar
TomDog_Result.html
a.rar
.rar
a06
.elf linux x86
a07
.elf linux x86
a08
.elf linux x86
a09
.elf linux x86
a10
.elf linux x86
aaaa.rar
.rar
b.rar
.rar
banner313.pl
.pl .sh linux
c.rar
.rar
desktop.ini
f.sh
.sh linux
g3m.pl
.pl .sh linux
getbinaries.sh
.sh linux
hosst
.elf linux x86
host.exe
.exe windows x86

c37071790129a533e4046947023f9794

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
inet_addr
inet_ntoa
gethostname
setsockopt
ntohs
ioctlsocket
connect
WSAStartup
select
WSAGetLastError
sendto
WSACleanup
gethostbyname
socket
closesocket
send
htonl
htons

kernel32

GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetModuleHandleA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcessId
DeleteFileA
GetLastError
CreateMutexA
lstrlenA
GlobalAlloc
GetVersionExA
CreateFileA
SetFilePointer
WriteFile
WriteConsoleW
CloseHandle
GetCurrentThreadId
WaitForSingleObject
Sleep
InterlockedExchange
CreateThread
SetEvent
CreateEventA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
ReadFile
InterlockedDecrement
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
InterlockedIncrement
SetEnvironmentVariableA
InterlockedCompareExchange
GetLocaleInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

pdh

PdhOpenQueryA
PdhAddCounterA
PdhCollectQueryData
PdhEnumObjectItemsA
PdhGetFormattedCounterValue

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.lif
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
index.html
.js
ktx-armer
.elf linux arm
ktx-i686er
.elf linux x86
ktx-mipsel
.elf linux mipsel
lyjq
.elf linux mipsbe
mips
.elf linux mipsbe
mips-ktx
.elf linux mipsbe
mm.rar
.rar
multi.py
.py .sh linux
payw
pma.pl
.sh .ps1 linux
putty.exe
.exe windows x86

6331cdb5d878c7264ad0657f66b30caf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA

comctl32

ord14
ord15
ord17
ord13

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

gdi32

CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
SelectPalette
CreatePalette
ExtTextOutA
GetCharacterPlacementW
SetBkMode
GetBkMode
ExtTextOutW
GetCharABCWidthsFloatA
GetPixel
SetTextAlign
CreateCompatibleBitmap
TranslateCharsetInfo
GetObjectA
LineTo
MoveToEx
CreatePen
SetPixel
Polyline
GetCharWidthW
GetCharWidth32W
GetCharWidthA
GetCharWidth32A
SetPaletteEntries
UnrealizeObject

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shell32

ShellExecuteA

user32

GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
MessageBoxIndirectA
WinHelpA
PeekMessageA
DefWindowProcA
InvalidateRect
SetWindowPos
EndPaint
GetWindowTextA
GetWindowTextLengthA
GetClientRect
BeginPaint
SetWindowTextA
MsgWaitForMultipleObjects
IsWindow
CreateCaret
ShowCaret
HideCaret
DestroyCaret
TranslateMessage
EnableMenuItem
GetCursorPos
TrackPopupMenu
GetScrollInfo
ScreenToClient
GetKeyboardLayout
SetKeyboardState
ToUnicodeEx
ToAsciiEx
SetScrollInfo
GetMessageTime
PostMessageA
CheckMenuItem
IsZoomed
FlashWindow
GetClipboardData
RegisterClipboardFormatA
EmptyClipboard
SetClipboardData
CloseClipboard
SetCaretPos
KillTimer
SetTimer
GetKeyboardState
SetClassLongA
SetCursor
ShowCursor
CreatePopupMenu
InsertMenuA
DeleteMenu
AppendMenuA
IsIconic
GetSystemMetrics
GetCapture
ReleaseCapture
LoadIconA
GetDesktopWindow
MoveWindow
DefDlgProcA
LoadCursorA
CreateDialogParamA
GetMessageA
GetWindowLongA
IsDialogMessageA
DispatchMessageA
PostQuitMessage
EnableWindow
DialogBoxParamA
EndDialog
GetParent
SetActiveWindow
GetWindowPlacement
SetWindowPlacement
RegisterWindowMessageA
DrawEdge
GetDlgItemTextA
SetCapture
MessageBoxA
SetFocus
GetDlgItem
SetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
SetWindowLongA
MessageBeep
SendDlgItemMessageA
GetDC
ReleaseDC
SendMessageA
MapDialogRect
GetCaretBlinkTime
DestroyWindow
RegisterClassA
GetSysColor
SystemParametersInfoA
GetWindowRect
CreateWindowExA
ShowWindow
OpenClipboard

winmm

PlaySoundA

winspool.drv

OpenPrinterA
StartDocPrinterA
StartPagePrinter
EndDocPrinter
ClosePrinter
EnumPrintersA
WritePrinter
EndPagePrinter

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
SetEndOfFile
InterlockedExchange
RtlUnwind
SetFilePointer
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetTimeZoneInformation
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
TerminateProcess
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
GetDateFormatA
GetTimeFormatA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetACP
GetLocalTime
GetEnvironmentVariableA
DeleteFileA
SetCommBreak
CreateFileA
GetCommState
SetCommState
SetCommTimeouts
ClearCommBreak
CreatePipe
SetHandleInformation
GetCurrentThreadId
OpenProcess
LocalAlloc
LocalFree
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcessId
QueryPerformanceCounter
GlobalMemoryStatus
GetCurrentThread
GetThreadTimes
GetCurrentProcess
GetProcessTimes
GetSystemTime
GetSystemTimeAdjustment
FormatMessageA
GetSystemDirectoryA
WriteFile
CreateEventA
ReadFile
GetLastError
WaitForSingleObject
GetOverlappedResult
SetEvent
LoadLibraryA
FreeLibrary
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
CreateProcessA
CloseHandle
Beep
CreateThread
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
IsDBCSLeadByteEx
MultiByteToWideChar
GetLocaleInfoA
GetOEMCP
GetCPInfo
lstrcpynA
GetModuleHandleA
GetProcAddress
GetVersionExA
MulDiv
GetTickCount

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mmoluwc
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rc.local
.sh linux
s-3.rar
.rar
ss32
.elf linux x86
ss64
.elf linux x64
ssh12
.elf linux x86
ssh32
.elf linux x86
ssh64
.elf linux x64
ssh66
.elf linux x86
ssh88
.elf linux x86
svchost (2).exe
.exe windows x86

f83bf57899b2ddd413fb4d334eac7a54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_stricmp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
free
realloc

imagehlp

MakeSureDirectoryPathExists

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

kernel32

CreateFileA
WriteFile
CloseHandle
FreeLibrary
HeapFree
IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualFree
VirtualProtect
VirtualAlloc
GetProcessHeap
HeapAlloc
GetFileSize
SetFilePointer
Sleep
GetModuleHandleA
GetStartupInfoA
ReadFile

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
svchost.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
svchost.exe.1
.exe windows x86

9b76dac8a18f363adaed8a7f786ed2c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostMessageA
GetThreadDesktop
GetClassNameA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetInputState
PostThreadMessageA
GetMessageA
FindWindowA
GetWindowTextA
GetWindow
GetUserObjectInformationA
wsprintfA

advapi32

ClearEventLogA
GetUserNameA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenEventLogA
CloseEventLog

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

SetEvent
CreateEventA
VirtualProtect
GetProcessHeap
HeapAlloc
WriteFile
CreateFileA
GetLastError
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
HeapFree
GetCurrentThreadId
GetWindowsDirectoryA
CopyFileA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
InterlockedExchange
lstrcpyA
lstrlenA
MultiByteToWideChar
LocalFree
WinExec
lstrcatA
GetSystemDirectoryA
ExitProcess
Sleep
CloseHandle
WaitForSingleObject
GetCurrentProcess
GetProcAddress
LoadLibraryA
GlobalMemoryStatusEx
OpenProcess
FreeLibrary
GetSystemInfo
GetDiskFreeSpaceExA
GetDriveTypeA
GetTickCount
GetComputerNameA
GetLocalTime
GetModuleFileNameA
GetVersionExA
SetFileAttributesA
lstrcmpiA

avicap32

capGetDriverDescriptionA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_stricmp
__p__commode
__p__fmode
__set_app_type
_controlfp
_strupr
??1type_info@@UAE@XZ
_onexit
__dllonexit
calloc
strchr
??3@YAXPAX@Z
memcpy
memmove
ceil
_ftol
strlen
strstr
__CxxFrameHandler
printf
memset
??2@YAPAXI@Z
_CxxThrowException
puts
strrchr
wcscpy
fclose
fwrite
fseek
ftell
fopen
strcmp
strcat
_mbsrev
_mbsicmp
strcpy
atol
rand
realloc
free
_beginthreadex
_except_handler3

netapi32

NetLocalGroupAddMembers
NetUserAdd

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
svchost.exe.1_
.exe windows x86

9b76dac8a18f363adaed8a7f786ed2c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostMessageA
GetThreadDesktop
GetClassNameA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetInputState
PostThreadMessageA
GetMessageA
FindWindowA
GetWindowTextA
GetWindow
GetUserObjectInformationA
wsprintfA

advapi32

ClearEventLogA
GetUserNameA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenEventLogA
CloseEventLog

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

SetEvent
CreateEventA
VirtualProtect
GetProcessHeap
HeapAlloc
WriteFile
CreateFileA
GetLastError
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
HeapFree
GetCurrentThreadId
GetWindowsDirectoryA
CopyFileA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
InterlockedExchange
lstrcpyA
lstrlenA
MultiByteToWideChar
LocalFree
WinExec
lstrcatA
GetSystemDirectoryA
ExitProcess
Sleep
CloseHandle
WaitForSingleObject
GetCurrentProcess
GetProcAddress
LoadLibraryA
GlobalMemoryStatusEx
OpenProcess
FreeLibrary
GetSystemInfo
GetDiskFreeSpaceExA
GetDriveTypeA
GetTickCount
GetComputerNameA
GetLocalTime
GetModuleFileNameA
GetVersionExA
SetFileAttributesA
lstrcmpiA

avicap32

capGetDriverDescriptionA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_stricmp
__p__commode
__p__fmode
__set_app_type
_controlfp
_strupr
??1type_info@@UAE@XZ
_onexit
__dllonexit
calloc
strchr
??3@YAXPAX@Z
memcpy
memmove
ceil
_ftol
strlen
strstr
__CxxFrameHandler
printf
memset
??2@YAPAXI@Z
_CxxThrowException
puts
strrchr
wcscpy
fclose
fwrite
fseek
ftell
fopen
strcmp
strcat
_mbsrev
_mbsicmp
strcpy
atol
rand
realloc
free
_beginthreadex
_except_handler3

netapi32

NetLocalGroupAddMembers
NetUserAdd

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tfddos.exe
.exe windows x86

3ad350f14c2e450686dbd3fbcbe807a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
CreateMutexA
SetThreadPriority
GetLastError
SetFileAttributesA
CopyFileA
GetModuleHandleA
GetTickCount
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
CompareStringW
ResumeThread
GetSystemDirectoryA
CreateProcessA
OpenProcess
WaitForSingleObject
GetSystemInfo
LoadLibraryA
GetProcAddress
GlobalMemoryStatus
CreateThread
CloseHandle
ExitThread
lstrlenA
Sleep
CompareStringA
GetFileAttributesA
SetConsoleCtrlHandler
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RaiseException
SetFilePointer
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
ExitProcess
TerminateProcess
DuplicateHandle
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
SetStdHandle
CreatePipe
GetExitCodeProcess
HeapReAlloc
HeapSize
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

user32

wsprintfA

comdlg32

GetFileTitleA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
RegSetValueExA
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

ws2_32

WSAGetLastError
gethostname
select
__WSAFDIsSet
recv
WSAIoctl
connect
send
socket
WSAStartup
inet_ntoa
setsockopt
sendto
closesocket
WSACleanup
ntohl
htons
inet_addr
gethostbyname
WSASocketA

iphlpapi

GetIfTable

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wso2.5.1.php
.js
x64-ktx
.elf linux x64
xiaoma
.elf linux x86
xmit32
.elf linux x86
xudp
.elf linux x86
yk.exe
.exe windows x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:88:d3:75:b5:e7:44:4f:67:f4:4a:dd:0e:65:10:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/02/2009, 00:00

Not After

13/03/2010, 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:60:18:cf:d5:8e:97:93:9d:82:4c:8e:36:21:1c:fd:06:53:8c:89
Signer

Actual PE Digest

30:60:18:cf:d5:8e:97:93:9d:82:4c:8e:36:21:1c:fd:06:53:8c:89

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

20/10/2009, 16:39
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yk1.exe
.exe windows x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:88:d3:75:b5:e7:44:4f:67:f4:4a:dd:0e:65:10:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/02/2009, 00:00

Not After

13/03/2010, 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:60:18:cf:d5:8e:97:93:9d:82:4c:8e:36:21:1c:fd:06:53:8c:89
Signer

Actual PE Digest

30:60:18:cf:d5:8e:97:93:9d:82:4c:8e:36:21:1c:fd:06:53:8c:89

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

20/10/2009, 16:39
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
z2
.elf linux x86
集群.exe
.exe windows x86

d1d5f966b653a61664e0a50f1c3f92af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
CreateProcessA
lstrcpyn
RtlMoveMemory
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
lstrcatA
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
WriteFile
LoadResource
SetFileAttributesA
Sleep
DeleteFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
DeleteCriticalSection
CreateThread
SizeofResource
FindResourceA
GetModuleHandleA
CreateFileA

user32

TranslateMessage
DispatchMessageA
wsprintfA
GetMessageA
MessageBoxA
CallWindowProcA
CopyImage
ShowWindow
IsWindowVisible
EnumChildWindows
GetWindowThreadProcessId
SetWindowTextA
PeekMessageA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

gdi32

DeleteObject

msvcrt

_strnicmp
sprintf
??3@YAXPAX@Z
atoi
_ftol
strncpy
strncmp
floor
_CIfmod
tolower
strrchr
strchr
modf
memmove
free
malloc
__CxxFrameHandler
calloc

shlwapi

PathFileExistsA

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

160ca90966867f92a1e8064697edb02d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 478KB - Virtual size: 477KB

.reloc Size: 7KB - Virtual size: 7KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 724KB

UPX1 Size: 413KB - Virtual size: 416KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 480KB

UPX1 Size: 176KB - Virtual size: 176KB

.rsrc Size: 1024B - Virtual size: 4KB

c37071790129a533e4046947023f9794

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

pdh

Sections

.text Size: 223KB - Virtual size: 223KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 15KB - Virtual size: 15KB

.lif Size: 1KB - Virtual size: 4KB

6331cdb5d878c7264ad0657f66b30caf

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

imm32

ole32

shell32

user32

winmm

winspool.drv

kernel32

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 112KB - Virtual size: 109KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 44KB - Virtual size: 44KB

mmoluwc Size: - Virtual size: 4KB

f83bf57899b2ddd413fb4d334eac7a54

Headers

File Characteristics

Imports

msvcrt

imagehlp

wininet

kernel32

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 478KB - Virtual size: 477KB

.reloc
Size: 7KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 724KB

UPX1
Size: 413KB - Virtual size: 416KB

.rsrc
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 480KB

UPX1
Size: 176KB - Virtual size: 176KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 223KB - Virtual size: 223KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 15KB - Virtual size: 15KB

.lif
Size: 1KB - Virtual size: 4KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 112KB - Virtual size: 109KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 44KB - Virtual size: 44KB

mmoluwc
Size: - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 28KB - Virtual size: 32KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 10KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 10KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 84KB - Virtual size: 9.2MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate