xorddos | Malz[.]zip

Resubmissions

20-04-2023 08:22

230420-j9jsfaae7s 10

27-03-2023 09:38

230327-lmbvescg32 10

Sharing

Copy URL

Twitter E-mail

General

Target

Malz.zip
Size

41.8MB
MD5

72d76d00f0cfa5bcf976ad2f91c31219
SHA1

631f788057a9c0c9afa5adb3634cccf49134c707
SHA256

664fd170b1d07e372b3daa91aab78a8151d3f0b0361a2b3157b405314dd219a2
SHA512

d6c6afacd7bf9680545cbc306361b16f8f4d41326d3e67db8fdb7d0c771362e5833d2ec09b06f09401956c30c1921e31788c9a7029591e8950f9c25b21ed8326
SSDEEP

786432:yw31BOqBbfjzQ3HoRScthZa2BLXYXWl/efKwqKVVuiaohsBtSvVLUDMC2ygvWt+:ywDxT/Q3HnMZa2ZXYX0/efbl+E5UDM1z

Score

10^/10

upx xorddos mrblack gh0strat blackmoon

Malware Config

Extracted

Family

xorddos

http://info1.3000uc.com/b/u.php

gh.dsaj2a1.org:2807

192.161.60.184:2807

www.yjgost.com:2807

http://aa.hostasa.org/game.rar

ns3.hostasa.org:3306

ns4.hostasa.org:3306

ns1.hostasa.org:3306

ns2.hostasa.org:3306

ns3.hostasa.org:3307

ns4.hostasa.org:3307

ns1.hostasa.org:3307

ns2.hostasa.org:3307

ns3.hostasa.org:3308

ns4.hostasa.org:3308

ns1.hostasa.org:3308

ns2.hostasa.org:3308

ns3.hostasa.org:3309

ns4.hostasa.org:3309

ns1.hostasa.org:3309

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/集群.exe	family_blackmoon

Gh0st RAT payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/yk.exe	family_gh0strat
static1/unpack001/yk1.exe	family_gh0strat

Gh0strat family
gh0strat

MrBlack trojan 3 IoCs

Processes:

resource	yara_rule
static1/unpack001/ssh12	family_mrblack
static1/unpack001/ssh66	family_mrblack
static1/unpack001/ssh88	family_mrblack

Mrblack family
mrblack

XorDDoS payload 7 IoCs

Processes:

resource	yara_rule
static1/unpack001/.sshdd	family_xorddos
static1/unpack001/a06	family_xorddos
static1/unpack001/a07	family_xorddos
static1/unpack001/a08	family_xorddos
static1/unpack001/a09	family_xorddos
static1/unpack001/a10	family_xorddos
static1/unpack001/z2	family_xorddos

Xorddos family
xorddos

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
static1/unpack004/3306/3306/޸3306 - 500̰߳/libmySQL.dll	acprotect
static1/unpack004/3306/3306/޸3306 - 500̰߳/up.dll	acprotect

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/32	upx
static1/unpack004/3306/3306/޸3306 - 500̰߳/libmySQL.dll	upx
static1/unpack001/36000.exe	upx
static1/unpack001/64	upx
static1/unpack001/GetPass.exe	upx
static1/unpack001/SAY123	upx
static1/unpack001/SAY456	upx
static1/unpack001/lyjq	upx
static1/unpack001/ss32	upx
static1/unpack001/ss64	upx
static1/unpack001/svchost.exe	upx
static1/unpack001/xiaoma	upx
static1/unpack001/xudp	upx

Files

Malz.zip
.zip

Password: infected
.sshdd
.elf linux x86
1.txt
10221.rar
.rar

Password: infected
TSmm
.elf linux x86
bin.exe
.exe windows x86

Password: infected

160ca90966867f92a1e8064697edb02d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetLastError
Sleep
CloseHandle
GetSystemWow64DirectoryA
CreateDirectoryA
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LoadResource
FindResourceA
SetFilePointer
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
ReadFile
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap

advapi32

StartServiceA
DeleteService
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
ControlService

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
261664
.elf linux x64
32
.elf linux x86
3306.zip_
.zip

Password: infected
3306/3306/ʹ˵.txt
3306/3306/޸3306 - 500̰߳/Result.txt
3306/3306/޸3306 - 500̰߳/Syn.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3306/3306/޸3306 - 500̰߳/ip.txt
3306/3306/޸3306 - 500̰߳/libmySQL.dll
.dll windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_dig_vec_lower
_dig_vec_upper
bmove_upp
client_errors
delete_dynamic
free_defaults
get_defaults_options
getopt_compare_strings
getopt_ull_limit_value
handle_options
init_dynamic_array
insert_dynamic
int2str
is_prefix
list_add
list_delete
load_defaults
modify_defaults_file
my_end
my_getopt_print_errors
my_init
my_malloc
my_memdup
my_no_flags_free
my_path
my_print_help
my_print_variables
my_realloc
my_strdup
myodbc_remove_escape
mysql_affected_rows
mysql_autocommit
mysql_change_user
mysql_character_set_name
mysql_close
mysql_commit
mysql_data_seek
mysql_debug
mysql_disable_reads_from_master
mysql_disable_rpl_parse
mysql_dump_debug_info
mysql_embedded
mysql_enable_reads_from_master
mysql_enable_rpl_parse
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_get_character_set_info
mysql_get_client_info
mysql_get_client_version
mysql_get_host_info
mysql_get_parameters
mysql_get_proto_info
mysql_get_server_info
mysql_get_server_version
mysql_get_ssl_cipher
mysql_hex_string
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_master_query
mysql_more_results
mysql_next_result
mysql_num_fields
mysql_num_rows
mysql_odbc_escape_string
mysql_options
mysql_ping
mysql_query
mysql_read_query_result
mysql_real_connect
mysql_real_escape_string
mysql_real_query
mysql_refresh
mysql_rollback
mysql_row_seek
mysql_row_tell
mysql_rpl_parse_enabled
mysql_rpl_probe
mysql_rpl_query_type
mysql_select_db
mysql_send_query
mysql_server_end
mysql_server_init
mysql_set_character_set
mysql_set_local_infile_default
mysql_set_local_infile_handler
mysql_set_server_option
mysql_shutdown
mysql_slave_query
mysql_sqlstate
mysql_ssl_set
mysql_stat
mysql_stmt_affected_rows
mysql_stmt_attr_get
mysql_stmt_attr_set
mysql_stmt_bind_param
mysql_stmt_bind_result
mysql_stmt_close
mysql_stmt_data_seek
mysql_stmt_errno
mysql_stmt_error
mysql_stmt_execute
mysql_stmt_fetch
mysql_stmt_fetch_column
mysql_stmt_field_count
mysql_stmt_free_result
mysql_stmt_init
mysql_stmt_insert_id
mysql_stmt_num_rows
mysql_stmt_param_count
mysql_stmt_param_metadata
mysql_stmt_prepare
mysql_stmt_reset
mysql_stmt_result_metadata
mysql_stmt_row_seek
mysql_stmt_row_tell
mysql_stmt_send_long_data
mysql_stmt_sqlstate
mysql_stmt_store_result
mysql_store_result
mysql_thread_end
mysql_thread_id
mysql_thread_init
mysql_thread_safe
mysql_use_result
mysql_warning_count
set_dynamic
strcend
strcont
strdup_root
strfill
strinstr
strmake
strmov
strxmov

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 664KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3306/3306/޸3306 - 500̰߳/pass.txt
3306/3306/޸3306 - 500̰߳/s.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3306/3306/޸3306 - 500̰߳/up.dll
.dll windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ShellExe
ShellExe_deinit
ShellExe_init

Sections

.text
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3306/3306/޸3306 - 500̰߳/updata.ini
3306/3306/޸3306 - 500̰߳/user.txt
3306/3306/޸3306 - 500̰߳/˵.txt
3306/3306/޸3306 - 500̰߳/.bat
3306/3306/޸3306 - 500̰߳/޸3306 - 500̰߳.exe
.exe windows x86

Password: infected

423f01e9d2b066cd1b31541d1211d4ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
MessageBoxA
CharPrevA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
VirtualQuery
GetStartupInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WaitForSingleObject
SizeofResource
SetFileAttributesA
SetEnvironmentVariableA
LockResource
LoadResource
GetWindowsDirectoryA
GetFullPathNameA
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetCurrentProcessId
GetCommandLineA
FreeResource
FreeLibrary
FindResourceA
DeleteFileA
CreateProcessA
CreateFileA
CloseHandle

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
36000.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 724KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 413KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
64
.elf linux x64
64.zip
.zip
GetPass.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 480KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Linux3264生成器M.1.0_se.rar
.rar
NetSyst81.dll
POP
.elf linux x86
SAY123
.elf linux x86
SAY456
.elf linux x64
Server.rar
.rar
TomDog_Result.html
a.rar
.rar
a06
.elf linux x86
a07
.elf linux x86
a08
.elf linux x86
a09
.elf linux x86
a10
.elf linux x86
aaaa.rar
.rar
b.rar
.rar
banner313.pl
.pl .sh linux
c.rar
.rar
desktop.ini
f.sh
.sh linux
g3m.pl
.pl .sh linux
getbinaries.sh
.sh linux
hosst
.elf linux x86
host.exe
.exe windows x86

c37071790129a533e4046947023f9794

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
inet_addr
inet_ntoa
gethostname
setsockopt
ntohs
ioctlsocket
connect
WSAStartup
select
WSAGetLastError
sendto
WSACleanup
gethostbyname
socket
closesocket
send
htonl
htons

kernel32

GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetModuleHandleA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcessId
DeleteFileA
GetLastError
CreateMutexA
lstrlenA
GlobalAlloc
GetVersionExA
CreateFileA
SetFilePointer
WriteFile
WriteConsoleW
CloseHandle
GetCurrentThreadId
WaitForSingleObject
Sleep
InterlockedExchange
CreateThread
SetEvent
CreateEventA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
ReadFile
InterlockedDecrement
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
InterlockedIncrement
SetEnvironmentVariableA
InterlockedCompareExchange
GetLocaleInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

pdh

PdhOpenQueryA
PdhAddCounterA
PdhCollectQueryData
PdhEnumObjectItemsA
PdhGetFormattedCounterValue

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.lif
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
index.html
.js
ktx-armer
.elf linux arm
ktx-i686er
.elf linux x86
ktx-mipsel
.elf linux mipsel
lyjq
.elf linux mipsbe
mips
.elf linux mipsbe
mips-ktx
.elf linux mipsbe
mm.rar
.rar
multi.py
.py .sh linux
payw
pma.pl
.sh .ps1 linux
putty.exe
.exe windows x86

6331cdb5d878c7264ad0657f66b30caf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA

comctl32

ord14
ord15
ord17
ord13

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

gdi32

CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
SelectPalette
CreatePalette
ExtTextOutA
GetCharacterPlacementW
SetBkMode
GetBkMode
ExtTextOutW
GetCharABCWidthsFloatA
GetPixel
SetTextAlign
CreateCompatibleBitmap
TranslateCharsetInfo
GetObjectA
LineTo
MoveToEx
CreatePen
SetPixel
Polyline
GetCharWidthW
GetCharWidth32W
GetCharWidthA
GetCharWidth32A
SetPaletteEntries
UnrealizeObject

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shell32

ShellExecuteA

user32

GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
MessageBoxIndirectA
WinHelpA
PeekMessageA
DefWindowProcA
InvalidateRect
SetWindowPos
EndPaint
GetWindowTextA
GetWindowTextLengthA
GetClientRect
BeginPaint
SetWindowTextA
MsgWaitForMultipleObjects
IsWindow
CreateCaret
ShowCaret
HideCaret
DestroyCaret
TranslateMessage
EnableMenuItem
GetCursorPos
TrackPopupMenu
GetScrollInfo
ScreenToClient
GetKeyboardLayout
SetKeyboardState
ToUnicodeEx
ToAsciiEx
SetScrollInfo
GetMessageTime
PostMessageA
CheckMenuItem
IsZoomed
FlashWindow
GetClipboardData
RegisterClipboardFormatA
EmptyClipboard
SetClipboardData
CloseClipboard
SetCaretPos
KillTimer
SetTimer
GetKeyboardState
SetClassLongA
SetCursor
ShowCursor
CreatePopupMenu
InsertMenuA
DeleteMenu
AppendMenuA
IsIconic
GetSystemMetrics
GetCapture
ReleaseCapture
LoadIconA
GetDesktopWindow
MoveWindow
DefDlgProcA
LoadCursorA
CreateDialogParamA
GetMessageA
GetWindowLongA
IsDialogMessageA
DispatchMessageA
PostQuitMessage
EnableWindow
DialogBoxParamA
EndDialog
GetParent
SetActiveWindow
GetWindowPlacement
SetWindowPlacement
RegisterWindowMessageA
DrawEdge
GetDlgItemTextA
SetCapture
MessageBoxA
SetFocus
GetDlgItem
SetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
SetWindowLongA
MessageBeep
SendDlgItemMessageA
GetDC
ReleaseDC
SendMessageA
MapDialogRect
GetCaretBlinkTime
DestroyWindow
RegisterClassA
GetSysColor
SystemParametersInfoA
GetWindowRect
CreateWindowExA
ShowWindow
OpenClipboard

winmm

PlaySoundA

winspool.drv

OpenPrinterA
StartDocPrinterA
StartPagePrinter
EndDocPrinter
ClosePrinter
EnumPrintersA
WritePrinter
EndPagePrinter

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
SetEndOfFile
InterlockedExchange
RtlUnwind
SetFilePointer
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetTimeZoneInformation
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
TerminateProcess
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
GetDateFormatA
GetTimeFormatA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetACP
GetLocalTime
GetEnvironmentVariableA
DeleteFileA
SetCommBreak
CreateFileA
GetCommState
SetCommState
SetCommTimeouts
ClearCommBreak
CreatePipe
SetHandleInformation
GetCurrentThreadId
OpenProcess
LocalAlloc
LocalFree
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcessId
QueryPerformanceCounter
GlobalMemoryStatus
GetCurrentThread
GetThreadTimes
GetCurrentProcess
GetProcessTimes
GetSystemTime
GetSystemTimeAdjustment
FormatMessageA
GetSystemDirectoryA
WriteFile
CreateEventA
ReadFile
GetLastError
WaitForSingleObject
GetOverlappedResult
SetEvent
LoadLibraryA
FreeLibrary
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
CreateProcessA
CloseHandle
Beep
CreateThread
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
IsDBCSLeadByteEx
MultiByteToWideChar
GetLocaleInfoA
GetOEMCP
GetCPInfo
lstrcpynA
GetModuleHandleA
GetProcAddress
GetVersionExA
MulDiv
GetTickCount

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mmoluwc
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rc.local
.sh linux
s-3.rar
.rar
ss32
.elf linux x86
ss64
.elf linux x64
ssh12
.elf linux x86
ssh32
.elf linux x86
ssh64
.elf linux x64
ssh66
.elf linux x86
ssh88
.elf linux x86
svchost (2).exe
.exe windows x86

f83bf57899b2ddd413fb4d334eac7a54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_stricmp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
free
realloc

imagehlp

MakeSureDirectoryPathExists

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

kernel32

CreateFileA
WriteFile
CloseHandle
FreeLibrary
HeapFree
IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualFree
VirtualProtect
VirtualAlloc
GetProcessHeap
HeapAlloc
GetFileSize
SetFilePointer
Sleep
GetModuleHandleA
GetStartupInfoA
ReadFile

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
svchost.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
svchost.exe.1
.exe windows x86

9b76dac8a18f363adaed8a7f786ed2c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostMessageA
GetThreadDesktop
GetClassNameA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetInputState
PostThreadMessageA
GetMessageA
FindWindowA
GetWindowTextA
GetWindow
GetUserObjectInformationA
wsprintfA

advapi32

ClearEventLogA
GetUserNameA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenEventLogA
CloseEventLog

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

SetEvent
CreateEventA
VirtualProtect
GetProcessHeap
HeapAlloc
WriteFile
CreateFileA
GetLastError
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
HeapFree
GetCurrentThreadId
GetWindowsDirectoryA
CopyFileA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
InterlockedExchange
lstrcpyA
lstrlenA
MultiByteToWideChar
LocalFree
WinExec
lstrcatA
GetSystemDirectoryA
ExitProcess
Sleep
CloseHandle
WaitForSingleObject
GetCurrentProcess
GetProcAddress
LoadLibraryA
GlobalMemoryStatusEx
OpenProcess
FreeLibrary
GetSystemInfo
GetDiskFreeSpaceExA
GetDriveTypeA
GetTickCount
GetComputerNameA
GetLocalTime
GetModuleFileNameA
GetVersionExA
SetFileAttributesA
lstrcmpiA

avicap32

capGetDriverDescriptionA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_stricmp
__p__commode
__p__fmode
__set_app_type
_controlfp
_strupr
??1type_info@@UAE@XZ
_onexit
__dllonexit
calloc
strchr
??3@YAXPAX@Z
memcpy
memmove
ceil
_ftol
strlen
strstr
__CxxFrameHandler
printf
memset
??2@YAPAXI@Z
_CxxThrowException
puts
strrchr
wcscpy
fclose
fwrite
fseek
ftell
fopen
strcmp
strcat
_mbsrev
_mbsicmp
strcpy
atol
rand
realloc
free
_beginthreadex
_except_handler3

netapi32

NetLocalGroupAddMembers
NetUserAdd

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
svchost.exe.1_
.exe windows x86

9b76dac8a18f363adaed8a7f786ed2c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostMessageA
GetThreadDesktop
GetClassNameA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetInputState
PostThreadMessageA
GetMessageA
FindWindowA
GetWindowTextA
GetWindow
GetUserObjectInformationA
wsprintfA

advapi32

ClearEventLogA
GetUserNameA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenEventLogA
CloseEventLog

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

SetEvent
CreateEventA
VirtualProtect
GetProcessHeap
HeapAlloc
WriteFile
CreateFileA
GetLastError
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
HeapFree
GetCurrentThreadId
GetWindowsDirectoryA
CopyFileA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
InterlockedExchange
lstrcpyA
lstrlenA
MultiByteToWideChar
LocalFree
WinExec
lstrcatA
GetSystemDirectoryA
ExitProcess
Sleep
CloseHandle
WaitForSingleObject
GetCurrentProcess
GetProcAddress
LoadLibraryA
GlobalMemoryStatusEx
OpenProcess
FreeLibrary
GetSystemInfo
GetDiskFreeSpaceExA
GetDriveTypeA
GetTickCount
GetComputerNameA
GetLocalTime
GetModuleFileNameA
GetVersionExA
SetFileAttributesA
lstrcmpiA

avicap32

capGetDriverDescriptionA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_stricmp
__p__commode
__p__fmode
__set_app_type
_controlfp
_strupr
??1type_info@@UAE@XZ
_onexit
__dllonexit
calloc
strchr
??3@YAXPAX@Z
memcpy
memmove
ceil
_ftol
strlen
strstr
__CxxFrameHandler
printf
memset
??2@YAPAXI@Z
_CxxThrowException
puts
strrchr
wcscpy
fclose
fwrite
fseek
ftell
fopen
strcmp
strcat
_mbsrev
_mbsicmp
strcpy
atol
rand
realloc
free
_beginthreadex
_except_handler3

netapi32

NetLocalGroupAddMembers
NetUserAdd

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tfddos.exe
.exe windows x86

3ad350f14c2e450686dbd3fbcbe807a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
CreateMutexA
SetThreadPriority
GetLastError
SetFileAttributesA
CopyFileA
GetModuleHandleA
GetTickCount
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
CompareStringW
ResumeThread
GetSystemDirectoryA
CreateProcessA
OpenProcess
WaitForSingleObject
GetSystemInfo
LoadLibraryA
GetProcAddress
GlobalMemoryStatus
CreateThread
CloseHandle
ExitThread
lstrlenA
Sleep
CompareStringA
GetFileAttributesA
SetConsoleCtrlHandler
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RaiseException
SetFilePointer
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
ExitProcess
TerminateProcess
DuplicateHandle
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
SetStdHandle
CreatePipe
GetExitCodeProcess
HeapReAlloc
HeapSize
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

user32

wsprintfA

comdlg32

GetFileTitleA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
RegSetValueExA
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

ws2_32

WSAGetLastError
gethostname
select
__WSAFDIsSet
recv
WSAIoctl
connect
send
socket
WSAStartup
inet_ntoa
setsockopt
sendto
closesocket
WSACleanup
ntohl
htons
inet_addr
gethostbyname
WSASocketA

iphlpapi

GetIfTable

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wso2.5.1.php
.js
x64-ktx
.elf linux x64
xiaoma
.elf linux x86
xmit32
.elf linux x86
xudp
.elf linux x86
yk.exe
.exe windows x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:88:d3:75:b5:e7:44:4f:67:f4:4a:dd:0e:65:10:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18-02-2009 00:00

Not After

13-03-2010 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:60:18:cf:d5:8e:97:93:9d:82:4c:8e:36:21:1c:fd:06:53:8c:89
Signer

Actual PE Digest

30:60:18:cf:d5:8e:97:93:9d:82:4c:8e:36:21:1c:fd:06:53:8c:89

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

20-10-2009 16:39
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yk1.exe
.exe windows x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:88:d3:75:b5:e7:44:4f:67:f4:4a:dd:0e:65:10:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18-02-2009 00:00

Not After

13-03-2010 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:60:18:cf:d5:8e:97:93:9d:82:4c:8e:36:21:1c:fd:06:53:8c:89
Signer

Actual PE Digest

30:60:18:cf:d5:8e:97:93:9d:82:4c:8e:36:21:1c:fd:06:53:8c:89

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

20-10-2009 16:39
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
z2
.elf linux x86
集群.exe
.exe windows x86

d1d5f966b653a61664e0a50f1c3f92af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
CreateProcessA
lstrcpyn
RtlMoveMemory
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
lstrcatA
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
WriteFile
LoadResource
SetFileAttributesA
Sleep
DeleteFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
DeleteCriticalSection
CreateThread
SizeofResource
FindResourceA
GetModuleHandleA
CreateFileA

user32

TranslateMessage
DispatchMessageA
wsprintfA
GetMessageA
MessageBoxA
CallWindowProcA
CopyImage
ShowWindow
IsWindowVisible
EnumChildWindows
GetWindowThreadProcessId
SetWindowTextA
PeekMessageA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

gdi32

DeleteObject

msvcrt

_strnicmp
sprintf
??3@YAXPAX@Z
atoi
_ftol
strncpy
strncmp
floor
_CIfmod
tolower
strrchr
strchr
modf
memmove
free
malloc
__CxxFrameHandler
calloc

shlwapi

PathFileExistsA

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

Password: infected

160ca90966867f92a1e8064697edb02d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 478KB - Virtual size: 477KB

.reloc Size: 7KB - Virtual size: 7KB

Password: infected

Password: infected

Headers

File Characteristics

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 52KB

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 704KB - Virtual size: 704KB

UPX2 Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 664KB - Virtual size: 661KB

.rdata Size: 112KB - Virtual size: 109KB

.data Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 8KB - Virtual size: 4KB

.reloc Size: 32KB - Virtual size: 28KB

Password: infected

Headers

File Characteristics

Sections

.nsp0 Size: - Virtual size: 148KB

.nsp1 Size: 29KB - Virtual size: 32KB

.nsp2 Size: - Virtual size: 2KB

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

.text Size: - Virtual size: 36KB

.rdata Size: 13KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 4KB

Password: infected

423f01e9d2b066cd1b31541d1211d4ba

Headers

File Characteristics

Imports

advapi32

user32

kernel32

Sections

.text Size: 14KB - Virtual size: 14KB

.itext Size: 1KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 10KB

.idata Size: 1KB - Virtual size: 1KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 478KB - Virtual size: 477KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 52KB

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 704KB - Virtual size: 704KB

UPX2
Size: 4KB - Virtual size: 8KB

.text
Size: 664KB - Virtual size: 661KB

.rdata
Size: 112KB - Virtual size: 109KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 8KB - Virtual size: 4KB

.reloc
Size: 32KB - Virtual size: 28KB

.nsp0
Size: - Virtual size: 148KB

.nsp1
Size: 29KB - Virtual size: 32KB

.nsp2
Size: - Virtual size: 2KB

.text
Size: - Virtual size: 36KB

.rdata
Size: 13KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 4KB

.text
Size: 14KB - Virtual size: 14KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 10KB

.idata
Size: 1KB - Virtual size: 1KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 11KB

UPX0
Size: - Virtual size: 724KB

UPX1
Size: 413KB - Virtual size: 416KB

.rsrc
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 480KB

UPX1
Size: 176KB - Virtual size: 176KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 223KB - Virtual size: 223KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 15KB - Virtual size: 15KB

.lif
Size: 1KB - Virtual size: 4KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 112KB - Virtual size: 109KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 44KB - Virtual size: 44KB

mmoluwc
Size: - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 5KB