Quick_Unpack_2[.]2[.]Tool[.]tPORt[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Quick_Unpack_2.2.Tool.tPORt.rar
Size

1.0MB
MD5

35352d48a527f6135ca504fb7f050a1e
SHA1

07fe8da8aeed2e03e8ad60b564c0b3a95bf0d5f4
SHA256

de0d9350fb46da92d9a205a36b0017e31ab78e80918dd6c8eb66a89de02daf74
SHA512

b2b77f91cae21e7f1335b78462fdd5b451ff15f1480383de54bb6c8d4f2ab81c320270fd2496ee45a93488eb58e6be2a3c21e335934e3be4b24f5f1771dd18d8
SSDEEP

24576:oLLkNDINtQyRx1LFTltUd6ScOryNuDgDl3NHgtG:oLLUDINCy/1LF586ScOPDgZ3N0G

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Engine.sys
unpack001/ImportTracers/PECompactv2.x.dll
unpack001/OEPFinders/Force.dll
unpack001/OEPFinders/Human.dll
unpack001/OEPFinders/UsAr.dll
unpack001/OEPFinders/UsArdll.d11
unpack001/OEPFinders/deroko.dll
unpack001/OEPFinders/doer.sys
unpack001/OEPFinders/loaddll.exe
unpack001/PESniffer.dll
unpack001/PEiDll.dll
unpack001/Plugins/PluginEx.dll
unpack001/QUnpack.exe
unpack001/SelfScan.dll

Files

Quick_Unpack_2.2.Tool.tPORt.rar
.rar
Engine.sys
.dll windows x86

1fb225ebd9f2dcd267286077ced52344

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
ZwSetInformationThread
memmove
PsGetCurrentThreadId
ZwYieldExecution
PsGetCurrentProcessId
ZwQueryInformationProcess
KeNumberProcessors
RtlAppendUnicodeStringToString
IoDeleteDevice
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
IoCreateDevice
RtlIntegerToUnicodeString
ZwOpenKey
ZwCreateKey
RtlCopyUnicodeString
memcpy
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
ExQueueWorkItem
KeInitializeSpinLock
KeBugCheckEx
RtlInitUnicodeString
ZwClose
ExFreePoolWithTag
ZwQueryValueKey
ExAllocatePoolWithTag

hal

KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
KfLowerIrql

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 609B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.STL
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImportTracers/PECompactv2.x.dll
.dll windows x86

ff22697165d98bb65eb88dc24cc02224

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
MapViewOfFile
UnmapViewOfFile
CloseHandle

Exports

Exports

Trace

Sections

.text
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 234B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.txt
OEPFinders/Force.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetDllOEPNow
GetOEPNow
ShortFinderName

Sections

CODE
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OEPFinders/Human.dll
.dll windows x86

0b6541dc7f4b4c848d464514e3c244aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cadt

InstrDasm
MakeMnemonic
InstrDecode

comctl32

InitCommonControls

kernel32

CloseHandle
ContinueDebugEvent
CreateFileA
CreateProcessA
CreateToolhelp32Snapshot
DebugActiveProcessStop
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetThreadContext
GetThreadSelectorEntry
GlobalAlloc
GlobalFree
Process32First
Process32Next
ReadFile
ReadProcessMemory
SetThreadContext
TerminateProcess
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtectEx
WaitForDebugEvent
WriteFile
WriteProcessMemory
lstrcatA
lstrcpyA

user32

CheckDlgButton
DialogBoxParamA
EnableWindow
EndDialog
GetAsyncKeyState
GetDlgItem
GetDlgItemTextA
IsDlgButtonChecked
MessageBoxA
SendMessageA
SetDlgItemTextA
ShowWindow

Exports

Exports

GetDllOEPNow
GetOEPNow
ShortFinderName

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OEPFinders/UsAr.dll
.dll windows x86

ad7089228972aa8db4b8874d6136c560

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetExitCodeProcess
GetModuleFileNameA
GetProcAddress
GetStartupInfoA
GetThreadContext
LoadLibraryA
ResumeThread
SetThreadContext
VirtualAllocEx
WaitForSingleObject
WriteProcessMemory
lstrcatA
lstrcpyA

Exports

Exports

GetDllOEPNow
GetOEPNow
ShortFinderName

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OEPFinders/UsArdll.d11
.dll windows x86

de3d1493fd239db9691c78d2625aa169

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UnhookWindowsHookEx
TranslateAcceleratorA
ShowWindow
SetWindowsHookExA
SetWindowTextA
SetWindowLongA
SetLayeredWindowAttributes
SetDlgItemTextA
SetCursor
SendMessageA
MessageBoxA
LoadIconA
LoadCursorA
LoadAcceleratorsA
KillTimer
InflateRect
GetWindowTextA
GetWindowLongA
GetDlgItemTextA
GetDlgItem
GetDlgCtrlID
GetDC
GetClientRect
FrameRect
FillRect
EndDialog
DrawTextA
DialogBoxParamA
DestroyAcceleratorTable
CallWindowProcA
CallNextHookEx

kernel32

EnterCriticalSection
ExitProcess
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
InitializeCriticalSection
IsBadReadPtr
LeaveCriticalSection
VirtualProtect
lstrcatA

cadt

InstrDecode
MakeMnemonic
InstrDasm

gdi32

GetStockObject
GetObjectA
SelectObject
CreateSolidBrush
CreateFontIndirectA
CreateBrushIndirect
SetBkColor
SetBkMode
DeleteObject
SetTextColor

shell32

ShellExecuteA

Exports

Exports

GetOEPDLL
GetOEPEXE

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OEPFinders/cadt.dll
OEPFinders/deroko.dll
.dll windows x86

c1ea29cc3b75be6964a72d636b31bf5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cadt

MakeMnemonic
InstrDasm
InstrDecode

advapi32

DeleteService
StartServiceA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
CreateServiceA

comctl32

InitCommonControls

kernel32

CloseHandle
CreateFileA
CreateFileW
CreateProcessA
DebugActiveProcessStop
DeviceIoControl
GetExitCodeProcess
GetModuleFileNameA
GetModuleHandleA
GlobalAlloc
GlobalFree
ReadFile
ReadProcessMemory
ResumeThread
Sleep
SuspendThread
SwitchToThread
TerminateProcess
VirtualAlloc
VirtualFree
WriteFile
WriteProcessMemory
lstrcatA

user32

DialogBoxParamA
EnableWindow
EndDialog
GetDlgItem
GetDlgItemTextA
IsDlgButtonChecked
MessageBoxA
SendMessageA
SetDlgItemTextA

Exports

Exports

GetDllOEPNow
GetOEPNow
ShortFinderName

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OEPFinders/doer.sys
.exe windows x86

e8708ab10c74089bf834bf0c505c543e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
ObfDereferenceObject
KeDetachProcess
ProbeForRead
KeAttachProcess
PsLookupProcessByProcessId
DbgPrint
_except_handler3
ZwYieldExecution
PsGetCurrentProcessId
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
PsSetCreateProcessNotifyRoutine
KeSetAffinityThread
KeNumberProcessors
KeGetCurrentThread
KeTickCount
NtCreateFile

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 610B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OEPFinders/loaddll.exe
.exe windows x86

c27c11e5f9368ab12f6cfe42ba724009

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
lstrlenA
ExitProcess
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
lstrcatA
lstrcpyA

Sections

.text
Size: 1024B - Virtual size: 698B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 533B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PESniffer.dll
.dll windows x86

8e4121032692da8c5f65944d2b4c896a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetFileSize
lstrlenA
MapViewOfFile
UnmapViewOfFile
lstrcpynA
HeapAlloc
HeapFree
FlushViewOfFile
GetProcessHeap
ReadFile
lstrcatA
DisableThreadLibraryCalls
CreateFileMappingA
GetModuleFileNameA
CloseHandle
lstrcpyA
HeapReAlloc
IsBadReadPtr
LCMapStringW
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapSize
WriteFile
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA

user32

CharUpperA

imagehlp

ImageNtHeader

Exports

Exports

AnalyzeFile
GetTotalSignatures
IsDataBaseLoaded

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PEiDll.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FileEntropy
GetInternalDatabase
GetPEiDScanMode
MultiScanDir
PEiDLLVersion
PEiDVersion
ScanWithPEiD
Scan_Deep
Scan_Hard
Scan_Norm
SetPluginOptions
SetScanOptions

Sections

packerBY
Size: - Virtual size: 627KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bero^fr
Size: 225KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/PluginEx.dll
.dll windows x86

7e45ecb69f553c3cfb5bde11088a7f5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisableThreadLibraryCalls

user32

MessageBoxA

Exports

Exports

GetPluginName
StartPlugin

Sections

.data
Size: 512B - Virtual size: 371B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QU.ini
QUnpack.exe
.exe windows x86

ef0b7897938e5caa8f43b4926ed6e491

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

ImageNtHeader
ImageRvaToVa

psapi

GetModuleFileNameExA
GetMappedFileNameA

kernel32

FileTimeToLocalFileTime
SetErrorMode
WritePrivateProfileStringA
GetFileAttributesA
GetFileTime
GetTickCount
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
VirtualQuery
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetCurrentThreadId
CompareStringA
MultiByteToWideChar
CompareStringW
GetVersion
InterlockedExchange
lstrcpynA
GetPrivateProfileStructA
WritePrivateProfileStructA
HeapAlloc
HeapFree
IsBadReadPtr
GetProcessHeap
HeapReAlloc
MulDiv
FreeLibrary
FindClose
FindNextFileA
FindFirstFileA
TerminateThread
SetThreadPriority
lstrlenA
lstrcpyA
LocalReAlloc
ExitProcess
GlobalLock
GlobalAlloc
GlobalUnlock
SetCurrentDirectoryA
SetThreadAffinityMask
SetProcessAffinityMask
SwitchToThread
WriteProcessMemory
WriteFile
QueryDosDeviceA
GetLogicalDriveStringsA
GetExitCodeProcess
ResumeThread
VirtualQueryEx
VirtualFreeEx
VirtualAllocEx
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SetFilePointer
GetCurrentProcessId
VirtualFree
VirtualAlloc
GetFileSize
VirtualProtectEx
SetThreadContext
DeviceIoControl
GetCurrentThread
WaitForSingleObject
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
MapViewOfFile
CreateFileMappingA
OpenProcess
OpenThread
CreateProcessA
GetModuleHandleA
lstrcmpA
GetLastError
SetLastError
LockResource
CloseHandle
GetModuleFileNameA
CreateFileA
CreateThread
WideCharToMultiByte
GetThreadContext
DeleteFileA
ReadFile
Sleep
lstrcatA
LoadLibraryA
GetProcAddress
GetCurrentDirectoryA
TerminateProcess
ReadProcessMemory
SuspendThread
lstrcmpiA
GetVersionExA
FreeResource
LoadResource
SizeofResource
FindResourceA
GetACP
FileTimeToSystemTime
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
LCMapStringW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
CreatePipe
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetFileType
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
HeapDestroy
GetStringTypeW
FormatMessageA
LocalFree
_lopen
_lclose
_lread
_llseek
LocalAlloc
GlobalFree
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetModuleFileNameW
InterlockedDecrement
MoveFileA
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
GetStringTypeA

user32

GetMenuState
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EndDialog
GetNextDlgTabItem
IsWindowEnabled
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindowPlacement
DefWindowProcA
DeferWindowPos
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
GetMenuItemID
TrackPopupMenu
MapWindowPoints
PeekMessageA
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetLastActivePopup
GetWindowTextA
GetWindowTextLengthA
SetFocus
GetClassLongA
IsChild
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
GetMenuStringA
CheckMenuItem
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
GetWindowDC
BeginPaint
EndPaint
TranslateMessage
ShowOwnedPopups
GetWindowThreadProcessId
UnregisterClassA
MapDialogRect
SetWindowContextHelpId
DestroyMenu
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
BringWindowToTop
TranslateMDISysAccel
TranslateAcceleratorA
RedrawWindow
SetMenu
InsertMenuItemA
LoadAcceleratorsA
EnableMenuItem
ReuseDDElParam
UnpackDDElParam
SetRect
GetSysColorBrush
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
CheckDlgButton
LoadImageA
SetCapture
PtInRect
ReleaseCapture
CreatePopupMenu
KillTimer
AppendMenuA
SetTimer
IsIconic
SetWindowPos
GetSubMenu
CallNextHookEx
SetRectEmpty
GetForegroundWindow
GetSystemMenu
EqualRect
GetMenuItemInfoA
GetMenuItemCount
IsMenu
OffsetRect
IsWindowVisible
UnhookWindowsHookEx
SetWindowsHookExA
DrawStateA
GetMenuItemRect
GetClassNameA
DestroyIcon
SetMenuItemInfoA
SystemParametersInfoA
TabbedTextOutA
IsRectEmpty
ReleaseDC
PostMessageA
GetCursorPos
ScreenToClient
DispatchMessageA
GetMessageA
GetDlgCtrlID
GrayStringA
DrawTextExA
DrawTextA
ValidateRect
GetFocus
GetKeyState
GetWindow
InflateRect
CopyRect
CharUpperA
RemoveMenu
LoadBitmapA
MessageBoxExA
FillRect
GetDC
UnregisterHotKey
RegisterHotKey
GetSysColor
EmptyClipboard
OpenClipboard
CloseClipboard
LoadCursorA
SetCursor
GetParent
GetWindowLongA
SetPropA
GetPropA
CallWindowProcA
SetClipboardData
MessageBoxA
PostQuitMessage
WaitForInputIdle
GetClientRect
LoadIconA
DrawIcon
GetSystemMetrics
LoadMenuA
IntersectRect
EnableWindow
SetWindowLongA
RemovePropA
ClientToScreen
SendMessageA
GetDlgItem
GetCapture
GetAsyncKeyState
GetWindowRect
InvalidateRect
GetMenu
UpdateWindow
ModifyMenuA
wsprintfA
SetForegroundWindow

gdi32

RestoreDC
SaveDC
GetTextMetricsA
Ellipse
GetClipBox
GetCurrentObject
ExtTextOutA
RectVisible
PtVisible
CreatePen
Escape
GetTextColor
GetStockObject
Rectangle
GetDeviceCaps
DeleteDC
BitBlt
TextOutA
CreateSolidBrush
GetTextExtentPoint32A
SetBkMode
SetBkColor
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetPixel
GetPixel
CreateFontA
DeleteObject
SetTextColor
CreateFontIndirectA
GetObjectA
SetMapMode
LineTo
MoveToEx
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetRgnBox
ExcludeClipRect
CreateBitmap

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CloseServiceHandle
CreateServiceA
StartServiceA
RegDeleteKeyA
RegSetValueA
RegCreateKeyA
DeleteService
ControlService
OpenServiceA
OpenSCManagerA

shell32

DragFinish
DragQueryFileA
ShellExecuteA
ShellExecuteExA

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleInitialize

oleaut32

SysFreeString
OleLoadPicture
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

comctl32

ImageList_GetIcon
ord17
ImageList_Draw

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
StrToIntA

oledlg

ord8

peidll

Scan_Deep
Scan_Hard
Scan_Norm

pesniffer

AnalyzeFile

oleacc

LresultFromObject
CreateStdAccessibleObject

winmm

waveOutClose
waveOutGetPosition
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetFileTitleA

Exports

Exports

luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlevel
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

CODE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Readme.eng.txt
Readme.rus.txt
Replace.ini
SDK/OEPFinders/UPack OEP Finder/UPackOEP.bdsproj
SDK/OEPFinders/UPack OEP Finder/UPackOEP.bdsproj.local
SDK/OEPFinders/UPack OEP Finder/UPackOEP.cfg
SDK/OEPFinders/UPack OEP Finder/UPackOEP.dpr
SDK/OEPFinders/UPack OEP Finder/pelib.dcu
SDK/OEPFinders/UPack OEP Finder/pelib.pas
SDK/Plugins/C++/PluginEx.cpp
SDK/Plugins/C++/PluginEx.def
SDK/Plugins/C++/PluginEx.dsp
SDK/Plugins/C++/PluginEx.dsw
SDK/Plugins/C++/PluginEx.h
SDK/Plugins/C++/PluginEx.sln
SDK/Plugins/C++/PluginEx.suo
SDK/Plugins/C++/PluginEx.vcproj
.xml
Scripts.eng.txt
Scripts.rus.txt
Scripts/2Processes.txt
Scripts/Lua Manual.html
.html .js
Scripts/OllyAttach.txt
Scripts/print.txt
SelfScan.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DetectPacker

Sections

CODE
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Signs.txt
russian.lng

Sharing

General

Malware Config

Signatures

Files

1fb225ebd9f2dcd267286077ced52344

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 609B

.CRT Size: 512B - Virtual size: 12B

.STL Size: 512B - Virtual size: 16B

PAGE Size: 2KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

ff22697165d98bb65eb88dc24cc02224

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 230B

.rdata Size: 512B - Virtual size: 234B

.reloc Size: 512B - Virtual size: 28B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 16KB - Virtual size: 16KB

DATA Size: 1024B - Virtual size: 556B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 119B

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 512B

0b6541dc7f4b4c848d464514e3c244aa

Headers

File Characteristics

Imports

cadt

comctl32

kernel32

user32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

ad7089228972aa8db4b8874d6136c560

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 598B

.data Size: 512B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 174B

de3d1493fd239db9691c78d2625aa169

Headers

File Characteristics

Imports

user32

kernel32

cadt

gdi32

shell32

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 609B

.CRT
Size: 512B - Virtual size: 12B

.STL
Size: 512B - Virtual size: 16B

PAGE
Size: 2KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 512B - Virtual size: 230B

.rdata
Size: 512B - Virtual size: 234B

.reloc
Size: 512B - Virtual size: 28B

CODE
Size: 16KB - Virtual size: 16KB

DATA
Size: 1024B - Virtual size: 556B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 119B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 512B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 598B

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 174B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 914B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 522B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 384B - Virtual size: 292B

.data
Size: 256B - Virtual size: 232B

INIT
Size: 640B - Virtual size: 610B

.reloc
Size: 384B - Virtual size: 358B

.text
Size: 1024B - Virtual size: 698B

.data
Size: 512B - Virtual size: 533B

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 5KB

packerBY
Size: - Virtual size: 627KB

bero^fr
Size: 225KB - Virtual size: 228KB

.rsrc
Size: 668B - Virtual size: 32KB