PayloadMBR_1[.]zip

Resubmissions

04/06/2023, 16:42

230604-t741psdd2s 8

Sharing

Copy URL Twitter E-mail

General

Target

PayloadMBR_1.zip
Size

10.4MB
MD5

a46d7b27be5bb6fd7c3a1f47347e57a6
SHA1

fc97d2822fbdf7e8c06b71201d661c0795383d77
SHA256

12780de16511e0e39868f46f72fdc8d4b48b5397b3f1707170d8069c2da381a3
SHA512

8dc1e47d29574dceaded8b906d7b4f06fe20faeb886ebc6038960c2ce9a1959fa3ed10819c11b74285f5aa3bd36dab4bda60ec6bc8afad790033eb861d382767
SSDEEP

196608:KvJg86S7TUoGBegQJ0xccbS5SvX5pTfFqZxmybwYqfR/BgAnGhWoS9RbUYxn+edG:oHTGBfQJ2BOEvnEGelI1clSXblz/o

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PayloadMBR/Programs/QEMU/SDL.dll
unpack001/PayloadMBR/Programs/QEMU/libcurl-4.dll
unpack001/PayloadMBR/Programs/QEMU/qemu.exe
unpack001/PayloadMBR/Programs/compress.exe
unpack001/PayloadMBR/Programs/nasm.exe
unpack001/PayloadMBR/Programs/png2bin.exe

Files

PayloadMBR_1.zip
.zip

Password: infected
PayloadMBR/Create.bat
PayloadMBR/Data/decompress.asm
PayloadMBR/Data/kernel.asm
PayloadMBR/Image/Custom.bin
PayloadMBR/Image/Custon.png
.png
PayloadMBR/Programs/QEMU/SDL.dll
.dll windows x86

Password: infected

07715dfbd2fb762d2b3fd8ef4273adc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

gdi32

BitBlt
ChoosePixelFormat
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreatePalette
DeleteDC
DeleteObject
DescribePixelFormat
GetDIBits
GetDeviceGammaRamp
GetSystemPaletteEntries
GetSystemPaletteUse
RealizePalette
SelectObject
SelectPalette
SetDIBColorTable
SetDeviceGammaRamp
SetPaletteEntries
SetPixelFormat
SetSystemPaletteUse
SwapBuffers
UnrealizeObject

kernel32

CloseHandle
CreateFileA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetACP
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentVariableA
GetLastError
GetLocaleInfoA
GetModuleHandleA
GetProcAddress
GetVersionExA
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ReleaseMutex
ReleaseSemaphore
SetEnvironmentVariableA
SetErrorMode
SetFilePointer
SetThreadPriority
Sleep
TerminateThread
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_strdup
__dllonexit
__lc_codepage
__mb_cur_max
_beginthreadex
_endthreadex
_errno
_iob
_isctype
_pctype
_stricmp
atof
atoi
fclose
fflush
fputc
fread
free
fseek
ftell
fwrite
getenv
localeconv
log
malloc
memcpy
memset
pow
qsort
raise
realloc
signal
sscanf
strchr
strlen
strstr
wcslen

user32

AdjustWindowRect
AdjustWindowRectEx
BeginPaint
CallWindowProcA
ChangeDisplaySettingsA
ClientToScreen
ClipCursor
CreateCursor
CreateIconFromResourceEx
CreateWindowExA
DefWindowProcA
DestroyCursor
DestroyIcon
DestroyWindow
DispatchMessageA
EndPaint
EnumDisplaySettingsA
GetClassInfoA
GetClientRect
GetCursor
GetCursorPos
GetDC
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardState
GetMenu
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsZoomed
KillTimer
LoadImageA
LoadKeyboardLayoutA
MapVirtualKeyExA
MapWindowPoints
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RegisterClassA
ReleaseCapture
ReleaseDC
SetCapture
SetClassLongA
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
ToAsciiEx
ToUnicode
TranslateMessage
UnregisterClassA
WindowFromPoint

winmm

joyGetDevCapsA
joyGetNumDevs
joyGetPosEx
mciGetErrorStringA
mciSendCommandA
timeBeginPeriod
timeEndPeriod
timeGetTime
timeKillEvent
timeSetEvent
waveOutClose
waveOutGetErrorTextA
waveOutOpen
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite

Exports

Exports

SDL_AddTimer
SDL_AllocRW
SDL_AudioDriverName
SDL_AudioInit
SDL_AudioQuit
SDL_BuildAudioCVT
SDL_CDClose
SDL_CDEject
SDL_CDName
SDL_CDNumDrives
SDL_CDOpen
SDL_CDPause
SDL_CDPlay
SDL_CDPlayTracks
SDL_CDResume
SDL_CDStatus
SDL_CDStop
SDL_ClearError
SDL_CloseAudio
SDL_CondBroadcast
SDL_CondSignal
SDL_CondWait
SDL_CondWaitTimeout
SDL_ConvertAudio
SDL_ConvertSurface
SDL_CreateCond
SDL_CreateCursor
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateRGBSurfaceFrom
SDL_CreateSemaphore
SDL_CreateThread
SDL_CreateYUVOverlay
SDL_Delay
SDL_DestroyCond
SDL_DestroyMutex
SDL_DestroySemaphore
SDL_DisplayFormat
SDL_DisplayFormatAlpha
SDL_DisplayYUVOverlay
SDL_EnableKeyRepeat
SDL_EnableUNICODE
SDL_Error
SDL_EventState
SDL_FillRect
SDL_Flip
SDL_FreeCursor
SDL_FreeRW
SDL_FreeSurface
SDL_FreeWAV
SDL_FreeYUVOverlay
SDL_GL_GetAttribute
SDL_GL_GetProcAddress
SDL_GL_LoadLibrary
SDL_GL_Lock
SDL_GL_SetAttribute
SDL_GL_SwapBuffers
SDL_GL_Unlock
SDL_GL_UpdateRects
SDL_GetAppState
SDL_GetAudioStatus
SDL_GetClipRect
SDL_GetCursor
SDL_GetError
SDL_GetEventFilter
SDL_GetGammaRamp
SDL_GetKeyName
SDL_GetKeyRepeat
SDL_GetKeyState
SDL_GetModState
SDL_GetMouseState
SDL_GetRGB
SDL_GetRGBA
SDL_GetRelativeMouseState
SDL_GetThreadID
SDL_GetTicks
SDL_GetVideoInfo
SDL_GetVideoSurface
SDL_GetWMInfo
SDL_Has3DNow
SDL_Has3DNowExt
SDL_HasAltiVec
SDL_HasMMX
SDL_HasMMXExt
SDL_HasRDTSC
SDL_HasSSE
SDL_HasSSE2
SDL_Init
SDL_InitSubSystem
SDL_JoystickClose
SDL_JoystickEventState
SDL_JoystickGetAxis
SDL_JoystickGetBall
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickIndex
SDL_JoystickName
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_JoystickOpened
SDL_JoystickUpdate
SDL_KillThread
SDL_Linked_Version
SDL_ListModes
SDL_LoadBMP_RW
SDL_LoadFunction
SDL_LoadObject
SDL_LoadWAV_RW
SDL_LockAudio
SDL_LockSurface
SDL_LockYUVOverlay
SDL_LowerBlit
SDL_MapRGB
SDL_MapRGBA
SDL_MixAudio
SDL_NumJoysticks
SDL_OpenAudio
SDL_PauseAudio
SDL_PeepEvents
SDL_PollEvent
SDL_PumpEvents
SDL_PushEvent
SDL_Quit
SDL_QuitSubSystem
SDL_RWFromConstMem
SDL_RWFromFP
SDL_RWFromFile
SDL_RWFromMem
SDL_ReadBE16
SDL_ReadBE32
SDL_ReadBE64
SDL_ReadLE16
SDL_ReadLE32
SDL_ReadLE64
SDL_RegisterApp
SDL_RemoveTimer
SDL_SaveBMP_RW
SDL_SemPost
SDL_SemTryWait
SDL_SemValue
SDL_SemWait
SDL_SemWaitTimeout
SDL_SetAlpha
SDL_SetClipRect
SDL_SetColorKey
SDL_SetColors
SDL_SetCursor
SDL_SetError
SDL_SetEventFilter
SDL_SetGamma
SDL_SetGammaRamp
SDL_SetModState
SDL_SetModuleHandle
SDL_SetPalette
SDL_SetTimer
SDL_SetVideoMode
SDL_ShowCursor
SDL_SoftStretch
SDL_ThreadID
SDL_UnloadObject
SDL_UnlockAudio
SDL_UnlockSurface
SDL_UnlockYUVOverlay
SDL_UnregisterApp
SDL_UpdateRect
SDL_UpdateRects
SDL_UpperBlit
SDL_VideoDriverName
SDL_VideoInit
SDL_VideoModeOK
SDL_VideoQuit
SDL_WM_GetCaption
SDL_WM_GrabInput
SDL_WM_IconifyWindow
SDL_WM_SetCaption
SDL_WM_SetIcon
SDL_WM_ToggleFullScreen
SDL_WaitEvent
SDL_WaitThread
SDL_WarpMouse
SDL_WasInit
SDL_WriteBE16
SDL_WriteBE32
SDL_WriteBE64
SDL_WriteLE16
SDL_WriteLE32
SDL_WriteLE64
SDL_getenv
SDL_iconv
SDL_iconv_close
SDL_iconv_open
SDL_iconv_string
SDL_mutexP
SDL_mutexV
SDL_putenv
SDL_strlcat
SDL_strlcpy

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE

/19
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_MEM_DISCARDABLE

/35
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_MEM_DISCARDABLE

/47
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_MEM_DISCARDABLE

/61
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_MEM_DISCARDABLE

/73
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_MEM_DISCARDABLE

/86
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_DISCARDABLE

/97
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_MEM_DISCARDABLE

/108
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_MEM_DISCARDABLE
PayloadMBR/Programs/QEMU/bios.bin
PayloadMBR/Programs/QEMU/libcurl-4.dll
.dll windows x86

Password: infected

591bfb96218654ea9677f9b7123d0d31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateMutexA
DuplicateHandle
ExpandEnvironmentStringsA
FindAtomA
FormatMessageA
FreeLibrary
GetAtomNameA
GetCurrentProcess
GetExitCodeThread
GetFileType
GetLastError
GetProcAddress
GetStdHandle
GetTickCount
LoadLibraryA
PeekNamedPipe
ReadFile
ReleaseMutex
SetEvent
SetLastError
Sleep
SleepEx
TerminateThread
WaitForMultipleObjects
WaitForSingleObject

msvcrt

_close
_open
_read
_strdup
_stricmp
__dllonexit
__mb_cur_max
_beginthreadex
_errno
_fstati64
_iob
_isctype
_lseeki64
_pctype
_stati64
_stricmp
_strnicmp
_sys_nerr
abort
atoi
calloc
fclose
fflush
fgets
fopen
fprintf
fputc
fread
free
fseek
fwrite
getenv
gmtime
malloc
mbstowcs
memchr
memcpy
memmove
memset
rand
realloc
setlocale
sprintf
srand
sscanf
strchr
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
time
tolower
wcstombs

wldap32

ber_free
ldap_err2stringA
ldap_first_attributeA
ldap_first_entry
ldap_get_dnA
ldap_get_values_lenA
ldap_initA
ldap_memfreeA
ldap_msgfree
ldap_next_attributeA
ldap_next_entry
ldap_search_sA
ldap_set_optionA
ldap_simple_bind_sA
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
getsockname
getsockopt
htons
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PayloadMBR/Programs/QEMU/pxe-e1000.bin
PayloadMBR/Programs/QEMU/qemu.exe
.exe windows x86

Password: infected

9334847cc8edb5e7f67fbdf914c4dd65

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

sdl

SDL_CloseAudio
SDL_CreateCursor
SDL_CreateMutex
SDL_CreateRGBSurfaceFrom
SDL_CreateSemaphore
SDL_DestroyMutex
SDL_DestroySemaphore
SDL_EnableKeyRepeat
SDL_EnableUNICODE
SDL_FillRect
SDL_FreeCursor
SDL_FreeSurface
SDL_GetAppState
SDL_GetCursor
SDL_GetError
SDL_GetModState
SDL_GetMouseState
SDL_GetVideoInfo
SDL_Init
SDL_InitSubSystem
SDL_LoadBMP_RW
SDL_MapRGB
SDL_OpenAudio
SDL_PauseAudio
SDL_PollEvent
SDL_Quit
SDL_QuitSubSystem
SDL_RWFromFile
SDL_SemPost
SDL_SemWait
SDL_SetColorKey
SDL_SetCursor
SDL_SetModuleHandle
SDL_SetVideoMode
SDL_ShowCursor
SDL_UpdateRect
SDL_UpperBlit
SDL_WM_GrabInput
SDL_WM_SetCaption
SDL_WM_SetIcon
SDL_WarpMouse
SDL_mutexP
SDL_mutexV
SDL_strlcpy

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

libcurl-4

curl_easy_cleanup
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_global_init
curl_multi_add_handle
curl_multi_cleanup
curl_multi_info_read
curl_multi_init
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket_all

iphlpapi

GetNetworkParams

kernel32

AddAtomA
ChangeTimerQueueTimer
ClearCommError
CloseHandle
CommConfigDialogA
ConnectNamedPipe
CreateEventA
CreateFileA
CreateNamedPipeA
CreateSemaphoreA
CreateThread
CreateTimerQueueTimer
DeleteCriticalSection
DeleteTimerQueueTimer
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FindAtomA
FlushFileBuffers
FormatMessageA
FreeLibrary
GetAtomNameA
GetCommandLineA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetDefaultCommConfigA
GetDiskFreeSpaceExA
GetDriveTypeA
GetFileAttributesA
GetFileSize
GetLastError
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetOverlappedResult
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetVersion
GlobalAlloc
GlobalFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseSemaphore
ResetEvent
SetCommMask
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetProcessAffinityMask
SetUnhandledExceptionFilter
SetupComm
SignalObjectAndWait
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WriteFileEx
lstrlenA

msvcrt

_access
_close
_dup2
_fdopen
_fstat
_getpid
_mkdir
_open
_pclose
_popen
_putenv
_read
_rmdir
_stat
_strdup
_unlink
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_commit
_errno
_exit
_findclose
_findfirst
_findnext
_ftime
_fullpath
_get_osfhandle
_iob
_isctype
_lseeki64
_onexit
_pctype
_setjmp
_setmode
_stricmp
_strnicmp
abort
atan2
atexit
atoi
bsearch
calloc
ceil
clearerr
cos
exit
fclose
fflush
fgets
floor
fopen
fputc
fread
free
fseek
ftell
fwrite
getenv
gmtime
ldexp
localeconv
localtime
log
longjmp
malloc
memchr
memcpy
memmove
memset
mktime
modf
perror
pow
puts
qsort
rand
realloc
rename
setbuf
signal
sin
sqrt
srand
sscanf
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtol
strtoul
tan
time
tolower
toupper
wcslen

winmm

waveInAddBuffer
waveInClose
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutClose
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutUnprepareHeader
waveOutWrite

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 678KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PayloadMBR/Programs/QEMU/vgabios-cirrus.bin
PayloadMBR/Programs/compress.cpp
PayloadMBR/Programs/compress.exe
.exe windows x86

Password: infected

9468839a33cefa14b007ce8a0bd988e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
exit
fclose
fopen
fprintf
fread
free
fwrite
malloc
memcpy
memset
printf
signal
strlen
strncmp
system
vfprintf

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1012B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 307B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 1024B - Virtual size: 553B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PayloadMBR/Programs/nasm.exe
.exe windows x64

Password: infected

245fd5847db29ac01003e87f2fc0fe30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_chsize
_errno
_filelengthi64
_fileno
_fmode
_fullpath
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_onexit
_stat64
_stricmp
_strnicmp
_time64
_unlock
_vsnprintf
_write
abort
atoi
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getenv
isalnum
isalpha
isspace
isxdigit
malloc
memcmp
memcpy
memset
perror
printf
putc
puts
qsort
realloc
remove
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strtoul
tolower
toupper
ungetc
vfprintf
_fileno
_access

Sections

.text
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PayloadMBR/Programs/png2bin.exe
.exe windows x86

Password: infected

91ae93ed3ff0d6f8a4f22d2edd30a58e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxW
MessageBoxA

kernel32

SystemTimeToTzSpecificLocalTime
DecodePointer
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
GetShortPathNameW
FormatMessageW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileType
CloseHandle
PeekNamedPipe
RaiseException
FileTimeToSystemTime
GetFullPathNameW
GetFullPathNameA
CreateDirectoryW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW
GetTimeZoneInformation
HeapSize

ws2_32

ntohl

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PayloadMBR/Programs/png2bin.py
PayloadMBR/Programs/png2bin.spec
PayloadMBR/disk.img

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

07715dfbd2fb762d2b3fd8ef4273adc9

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

user32

winmm

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 228KB

.data Size: 512B - Virtual size: 292B

.rdata Size: 21KB - Virtual size: 20KB

.bss Size: - Virtual size: 25KB

.edata Size: 5KB - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 784B

.reloc Size: 7KB - Virtual size: 6KB

/4 Size: 2KB - Virtual size: 1KB

/19 Size: 9KB - Virtual size: 9KB

/35 Size: 370KB - Virtual size: 369KB

/47 Size: 33KB - Virtual size: 33KB

/61 Size: 40KB - Virtual size: 39KB

/73 Size: 20KB - Virtual size: 19KB

/86 Size: 8KB - Virtual size: 8KB

/97 Size: 180KB - Virtual size: 180KB

/108 Size: 14KB - Virtual size: 13KB

Password: infected

591bfb96218654ea9677f9b7123d0d31

Headers

File Characteristics

Imports

kernel32

msvcrt

wldap32

ws2_32

Exports

Exports

Sections

.text Size: 185KB - Virtual size: 185KB

.data Size: 512B - Virtual size: 144B

.rdata Size: 37KB - Virtual size: 37KB

.bss Size: - Virtual size: 512B

.edata Size: 2KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 6KB - Virtual size: 5KB

Password: infected

9334847cc8edb5e7f67fbdf914c4dd65

Headers

File Characteristics

Imports

sdl

advapi32

libcurl-4

iphlpapi

kernel32

msvcrt

winmm

ws2_32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.data Size: 142KB - Virtual size: 141KB

.rdata Size: 678KB - Virtual size: 677KB

.bss Size: - Virtual size: 6.0MB

.idata Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 884B

Password: infected

9468839a33cefa14b007ce8a0bd988e6

Headers

.text
Size: 228KB - Virtual size: 228KB

.data
Size: 512B - Virtual size: 292B

.rdata
Size: 21KB - Virtual size: 20KB

.bss
Size: - Virtual size: 25KB

.edata
Size: 5KB - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 784B

.reloc
Size: 7KB - Virtual size: 6KB

/4
Size: 2KB - Virtual size: 1KB

/19
Size: 9KB - Virtual size: 9KB

/35
Size: 370KB - Virtual size: 369KB

/47
Size: 33KB - Virtual size: 33KB

/61
Size: 40KB - Virtual size: 39KB

/73
Size: 20KB - Virtual size: 19KB

/86
Size: 8KB - Virtual size: 8KB

/97
Size: 180KB - Virtual size: 180KB

/108
Size: 14KB - Virtual size: 13KB

.text
Size: 185KB - Virtual size: 185KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 37KB - Virtual size: 37KB

.bss
Size: - Virtual size: 512B

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 142KB - Virtual size: 141KB

.rdata
Size: 678KB - Virtual size: 677KB

.bss
Size: - Virtual size: 6.0MB

.idata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 884B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 1024B - Virtual size: 928B

/4
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 1012B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

/14
Size: 512B - Virtual size: 56B

/29
Size: 8KB - Virtual size: 7KB

/41
Size: 512B - Virtual size: 307B

/55
Size: 1024B - Virtual size: 553B

/67
Size: 512B - Virtual size: 56B

.text
Size: 290KB - Virtual size: 289KB

.data
Size: 1024B - Virtual size: 552B

.rdata
Size: 876KB - Virtual size: 875KB

.pdata
Size: 6KB - Virtual size: 5KB

.xdata
Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 75KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 2KB - Virtual size: 57KB

.gfids
Size: 512B - Virtual size: 184B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 6KB - Virtual size: 5KB