frozenbot6[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

frozenbot6.rar
Size

889KB
MD5

94569dfd1e3c39b0887b15602d1282b4
SHA1

af08375d3ee32787fce75a97f44f00b350442292
SHA256

54b9496d81f182b37f522051eb518a73bbf4846559ce14d5d6f7cc4b7dd4c422
SHA512

c2966ff2d446b27159d9b217ed2186b45ea7af1b483583f8c812419294b25902c2525e6afafa8d4aad44fdcc37b79d84e381486fe71cea4748e64b583d6f3274
SSDEEP

24576:wnVHAQ9/8ZQ5Rpf0Cc/GPi4S4bl8uQTBiQyyC/KIBpbYVI:wtvy6YQ/bl8VEQyyC/ZjEO

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/TaskUsage.dll	acprotect

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SMSConfig.exe	upx
static1/unpack001/TaskUsage.dll	upx
static1/unpack001/ame.exe	upx
static1/unpack001/officed.exe	upx
static1/unpack001/psexec.exe	upx
static1/unpack001/scon.exe	upx

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SMSConfig.exe
unpack001/TaskUsage.dll
unpack003/out.upx
unpack001/ame.exe
unpack004/out.upx
unpack001/control.dll
unpack001/dlldate.exe
unpack001/hot.dll
unpack001/kammi.exe
unpack001/mscmd.exe
unpack001/mws.exe
unpack001/officed.exe
unpack001/proxy.exe
unpack001/proxyload.exe
unpack001/psexec.exe
unpack001/scon.exe
unpack001/sys-mc.dll
unpack001/teal.dll
unpack001/winshutoff.dll

Files

frozenbot6.rar
.rar

Password: infected
SMSConfig.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 540KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jgd
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TaskUsage.dll
.dll windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CloseInput
DLLInfo
GetExitCode
GetProcess
ReadBinary
ReadText
ReleaseProcess
Remove
RunConsole
SetProcess
WriteBinary
WriteText

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aim.txt
alrm.dll
.js
ame.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qnk
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
control.dll
.dll windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

ExeS
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dlldate.exe
.exe windows x86

Password: infected

84c664ec2bcff1c373a02b58990f665d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetStdHandle
CloseHandle
SetFilePointer
GetOEMCP
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
IsBadWritePtr
IsBadReadPtr
HeapValidate
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
GetLastError
SetConsoleCtrlHandler
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
HeapAlloc
HeapReAlloc
VirtualAlloc
FlushFileBuffers
GetCPInfo
GetACP
SetEnvironmentVariableA

ws2_32

ntohs
inet_ntoa
sendto
htons
socket
inet_addr
gethostbyname
WSAStartup
WSACleanup

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.qnk
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fzed.bat
hot.dll
.dll windows x86

Password: infected

ba8d4380391477a4e0a0852acbbafb08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
ShowWindow

gdi32

CreateDCA
SelectObject
BitBlt
CreateCompatibleDC
GetDeviceCaps
CreateDIBSection
DeleteDC
DeleteObject
GetDIBColorTable

kernel32

CloseHandle
TerminateProcess
Process32Next
Process32First
CreateFileA
CreateToolhelp32Snapshot
OpenProcess
lstrcmpiA
lstrcpyA
WinExec
WriteFile

shell32

ShellExecuteA

Exports

Exports

Capture
Echo_byte
Echo_data
Hidemirc
KeyOff
MouseOff
ProcessGet
ProcessKill
Runhidden
Showmirc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 969B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kammi.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.spm
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
msbt.bat
mscmd.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@WndListDlg$qpvuiuil
@WndProc$qpvuiuil
__GetExceptDLLinfo

Sections

CODE
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tqn
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mws.exe
.exe windows x86

91afa2950fb9c03d392b295ce9394409

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

user32

CharUpperBuffA
MessageBoxA
WinHelpA

kernel32

CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
DosDateTimeToFileTime
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeConsole
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetTimeZoneInformation
GetVersionExA
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
OutputDebugStringA
ReadConsoleInputA
ReadFile
SearchPathA
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTitleA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

wsock32

WSAStartup
WSACleanup
gethostname
inet_addr
gethostbyname
gethostbyaddr
ioctlsocket
WSAGetLastError
send
recv
accept
select
listen
ntohs
getsockname
closesocket
bind
htonl
setsockopt
connect
socket
htons

Sections

AUTO
Size: 115KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 32KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 13KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
officed.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gda
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
proxy.exe
.exe windows x86

c99ff789911e3218b26917789e0b9f48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
DeleteDC
DeleteObject
GetObjectA
GetTextMetricsA
SelectObject
SetBkColor
SetTextColor

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
Shell_NotifyIconA

user32

BringWindowToTop
CharUpperA
CreateDialogIndirectParamA
CreateWindowExA
DefWindowProcA
DeleteMenu
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawIconEx
EnableWindow
EndDialog
FillRect
FindWindowA
GetClassNameA
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetIconInfo
GetMenuItemInfoA
GetMessageA
GetParent
GetSubMenu
GetSysColorBrush
GetWindowDC
GetWindowRect
GetWindowTextA
InsertMenuItemA
IsIconic
KillTimer
LoadCursorA
LoadIconA
LoadMenuA
MessageBoxA
PeekMessageA
PostQuitMessage
RegisterClassExA
RegisterHotKey
RegisterWindowMessageA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetDlgItemInt
SetDlgItemTextA
SetForegroundWindow
SetMenuItemInfoA
SetRect
SetTimer
SetWindowPos
SetWindowTextA
ShowWindow
TrackPopupMenu
TranslateMessage
UnregisterClassA
UnregisterHotKey

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
DeleteFileA
DosDateTimeToFileTime
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetWindowsDirectoryA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFileTimeToFileTime
MoveFileExA
MultiByteToWideChar
ReadConsoleInputA
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTitleA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetLastError
SetPriorityClass
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA

wsock32

WSACleanup
WSAStartup
gethostname
getservbyport
gethostbyname
gethostbyaddr
getpeername
getsockname
recv
send
ntohs
recvfrom
sendto
accept
listen
bind
connect
htons
shutdown
setsockopt
inet_ntoa
closesocket
socket
select
__WSAFDIsSet
WSAGetLastError

Sections

AUTO
Size: 102KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 29KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
proxyload.exe
.exe windows x86

1e58d462621108ad6bbac888e1507dd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
__vbaPut4
ord621
__vbaFreeObjList
ord516
_adj_fprem1
ord518
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaForEachCollObj
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord599
__vbaFpR4
ord520
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord631
__vbaVargVarMove
ord632
__vbaNextEachCollObj
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaPrintObj
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaR4Var
ord568
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
__vbaInputFile
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord531
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
ord535
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
ord648
ord570
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
ord579
__vbaI4Var
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaFpI4
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
__vbaCastObj
ord619
_allmul
_CItan
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaFreeObj
ord580

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
psexec.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heb
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rmw.ocx
.js
scon.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ifc
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
smsdb.ocx
sys-mc.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

do_ShowWindow

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
teal.dll
.dll windows x86

bc7b19e4d41d802dbc97ff4e8fbe48ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcessHeap
lstrlenA
lstrcpyA
HeapAlloc

user32

wsprintfA

Exports

Exports

DLLInfo
Decrypt
Encpass
Encrypt
LoadDll
UnloadDll

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 403B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wins.dll
winshutoff.dll
.dll windows x86

d54e96e5a8496030cd63c1e1e0bee000

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
RtlUnwind

crtdll

_fdopen
_open_osfhandle
atoi
fclose
_cexit
malloc
memcpy
printf
raise
rand
setbuf
strcpy
strlen

Exports

Exports

LibMain
b1ll
b1tch
bill
bitch
hex2raw
l1ck
lick
raw2hex
rnd
s3e
s4w
saw
see
symmetric

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 276B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 572B - Virtual size: 572B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 412B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 372B - Virtual size: 372B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 540KB - Virtual size: 544KB

.rsrc Size: 9KB - Virtual size: 12KB

.jgd Size: - Virtual size: 1B

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 20KB

UPX1 Size: 5KB - Virtual size: 8KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 1018B

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 434B

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 44KB

UPX1 Size: 23KB - Virtual size: 24KB

UPX2 Size: 512B - Virtual size: 4KB

.qnk Size: - Virtual size: 1B

Headers

File Characteristics

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 16KB - Virtual size: 20KB

Password: infected

Headers

File Characteristics

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 320B

.reloc Size: 512B - Virtual size: 332B

ExeS Size: 3KB - Virtual size: 8KB

Password: infected

84c664ec2bcff1c373a02b58990f665d

Headers

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.qnk Size: - Virtual size: 1B

Password: infected

ba8d4380391477a4e0a0852acbbafb08

Headers

File Characteristics

Imports

user32

gdi32

kernel32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 969B

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 540KB - Virtual size: 544KB

.rsrc
Size: 9KB - Virtual size: 12KB

.jgd
Size: - Virtual size: 1B

UPX0
Size: - Virtual size: 20KB

UPX1
Size: 5KB - Virtual size: 8KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 1018B

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 434B

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 23KB - Virtual size: 24KB

UPX2
Size: 512B - Virtual size: 4KB

.qnk
Size: - Virtual size: 1B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 20KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 320B

.reloc
Size: 512B - Virtual size: 332B

ExeS
Size: 3KB - Virtual size: 8KB

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 12KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB

.qnk
Size: - Virtual size: 1B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 969B

.data
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 224B

CODE
Size: 33KB - Virtual size: 33KB

DATA
Size: 1024B - Virtual size: 1000B

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

.spm
Size: - Virtual size: 1B

CODE
Size: 24KB - Virtual size: 28KB

DATA
Size: 5KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 4KB

.tqn
Size: - Virtual size: 1B

AUTO
Size: 115KB - Virtual size:

.idata
Size: 3KB - Virtual size:

DGROUP
Size: 32KB - Virtual size:

.bss
Size: 13KB - Virtual size:

.reloc
Size: 8KB - Virtual size:

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 4KB

.gda
Size: - Virtual size: 1B