1BAD[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1BAD.7z
Size

8.3MB
MD5

205c97769d9188a9a729a2d6c65e4cd4
SHA1

2664de172fd1c58c721b7ba66ce969ff66e19033
SHA256

086f45d70bd300ce542fcc1687a69cedb29c68974b8df72ee158116c9674c54f
SHA512

980ddb81d967a1e561a5a2c4987e564b586ce97a2337c997ed1e89f09ac875d6ca4698ebd81a6f94c47ad97926685fcadaa0e6e48d708ea83d9873af11f0fd04
SSDEEP

196608:DHFmvkWZc3pQNhh/iHCMG6UwEGZTu1sXmPb9cEIVRnu/vn:s8W8pe/fr6As2PJcEinY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sys.exe

Files

1BAD.7z
.7z

Password: infected
rclone.conf
sys.bat
sys.exe
.exe windows x64

Password: infected

ab82dd1ea7a2c9c499f1f919286d231a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
OpenProcess
PostQueuedCompletionStatus
ProcessIdToSessionId
QueryFullProcessImageNameA
QueryPerformanceCounter
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFile
__C_specific_handler
lstrlenA

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_errno
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Exports

Exports

_cgo_e4f666a8d790_Cfunc__Cmalloc
_cgo_e4f666a8d790_Cfunc_calloc
_cgo_e4f666a8d790_Cfunc_free
_cgo_e4f666a8d790_Cfunc_fuse_get_context
_cgo_e4f666a8d790_Cfunc_fuse_opt_free_args
_cgo_e4f666a8d790_Cfunc_hostAsgnCconninfo
_cgo_e4f666a8d790_Cfunc_hostAsgnCfileinfo
_cgo_e4f666a8d790_Cfunc_hostCstatFromFusestat
_cgo_e4f666a8d790_Cfunc_hostCstatvfsFromFusestatfs
_cgo_e4f666a8d790_Cfunc_hostFilldir
_cgo_e4f666a8d790_Cfunc_hostFuseInit
_cgo_e4f666a8d790_Cfunc_hostMount
_cgo_e4f666a8d790_Cfunc_hostOptParse
_cgo_e4f666a8d790_Cfunc_hostOptSet
_cgo_e4f666a8d790_Cfunc_hostStaticInit
_cgo_e4f666a8d790_Cfunc_hostUnmount
_cgo_get_context_function
_cgo_init
_cgo_is_runtime_initialized
_cgo_maybe_run_preinit
_cgo_notify_runtime_init_done
_cgo_panic
_cgo_preinit_init
_cgo_release_context
_cgo_sys_thread_start
_cgo_thread_start
_cgo_topofstack
_cgo_wait_runtime_init_done
_cgo_yield
_cgoexp_e4f666a8d790_go_hostAccess
_cgoexp_e4f666a8d790_go_hostChflags
_cgoexp_e4f666a8d790_go_hostChmod
_cgoexp_e4f666a8d790_go_hostChown
_cgoexp_e4f666a8d790_go_hostCreate
_cgoexp_e4f666a8d790_go_hostDestroy
_cgoexp_e4f666a8d790_go_hostFgetattr
_cgoexp_e4f666a8d790_go_hostFlush
_cgoexp_e4f666a8d790_go_hostFsync
_cgoexp_e4f666a8d790_go_hostFsyncdir
_cgoexp_e4f666a8d790_go_hostFtruncate
_cgoexp_e4f666a8d790_go_hostGetattr
_cgoexp_e4f666a8d790_go_hostGetxattr
_cgoexp_e4f666a8d790_go_hostInit
_cgoexp_e4f666a8d790_go_hostLink
_cgoexp_e4f666a8d790_go_hostListxattr
_cgoexp_e4f666a8d790_go_hostMkdir
_cgoexp_e4f666a8d790_go_hostMknod
_cgoexp_e4f666a8d790_go_hostOpen
_cgoexp_e4f666a8d790_go_hostOpendir
_cgoexp_e4f666a8d790_go_hostRead
_cgoexp_e4f666a8d790_go_hostReaddir
_cgoexp_e4f666a8d790_go_hostReadlink
_cgoexp_e4f666a8d790_go_hostRelease
_cgoexp_e4f666a8d790_go_hostReleasedir
_cgoexp_e4f666a8d790_go_hostRemovexattr
_cgoexp_e4f666a8d790_go_hostRename
_cgoexp_e4f666a8d790_go_hostRmdir
_cgoexp_e4f666a8d790_go_hostSetchgtime
_cgoexp_e4f666a8d790_go_hostSetcrtime
_cgoexp_e4f666a8d790_go_hostSetxattr
_cgoexp_e4f666a8d790_go_hostStatfs
_cgoexp_e4f666a8d790_go_hostSymlink
_cgoexp_e4f666a8d790_go_hostTruncate
_cgoexp_e4f666a8d790_go_hostUnlink
_cgoexp_e4f666a8d790_go_hostUtimens
_cgoexp_e4f666a8d790_go_hostWrite
archive/zip.(*File).DataOffset
archive/zip.(*File).FileInfo
archive/zip.(*File).ModTime
archive/zip.(*File).Mode
archive/zip.(*File).Open
archive/zip.(*File).SetModTime
archive/zip.(*File).SetMode
archive/zip.(*File).findBodyOffset
archive/zip.(*File).findBodyOffset.stkobj
archive/zip.(*FileHeader).FileInfo
archive/zip.(*FileHeader).ModTime
archive/zip.(*FileHeader).Mode
archive/zip.(*FileHeader).SetModTime
archive/zip.(*FileHeader).SetModTime.stkobj
archive/zip.(*FileHeader).SetMode
archive/zip.(*ReadCloser).Close
archive/zip.(*ReadCloser).RegisterDecompressor
archive/zip.(*Reader).RegisterDecompressor
archive/zip.(*Reader).decompressor
archive/zip.(*Reader).init
archive/zip.(*checksumReader).Close
archive/zip.(*checksumReader).Read
archive/zip.(*headerFileInfo).IsDir
archive/zip.(*headerFileInfo).ModTime
archive/zip.(*headerFileInfo).Mode
archive/zip.(*headerFileInfo).Name
archive/zip.(*headerFileInfo).Size
archive/zip.(*headerFileInfo).Sys
archive/zip.(*nopCloser).Close
archive/zip.(*nopCloser).Write
archive/zip.(*pooledFlateReader).Close
archive/zip.(*pooledFlateReader).Read
archive/zip.(*pooledFlateWriter).Close
archive/zip.(*pooledFlateWriter).Write
archive/zip..inittask
archive/zip..stmp_0
archive/zip..stmp_1
archive/zip..stmp_2
archive/zip..stmp_3
archive/zip..stmp_4
archive/zip.ErrAlgorithm
archive/zip.ErrChecksum
archive/zip.ErrFormat
archive/zip.OpenReader
archive/zip.compressors
archive/zip.decompressors
archive/zip.detectUTF8
archive/zip.errLongExtra
archive/zip.errLongName
archive/zip.findDirectory64End
archive/zip.findDirectory64End.stkobj
archive/zip.findSignatureInBlock
archive/zip.flateReaderPool
archive/zip.flateWriterPool
archive/zip.headerFileInfo.IsDir
archive/zip.headerFileInfo.ModTime
archive/zip.headerFileInfo.ModTime.stkobj
archive/zip.headerFileInfo.Mode
archive/zip.headerFileInfo.Name
archive/zip.headerFileInfo.Size
archive/zip.headerFileInfo.Sys
archive/zip.init
archive/zip.init.0
archive/zip.init.0.func1
archive/zip.init.0.func2
archive/zip.msDosTimeToTime
archive/zip.newFlateReader
archive/zip.newFlateWriter
archive/zip.nopCloser.Close
archive/zip.nopCloser.Write
archive/zip.readDataDescriptor
archive/zip.readDataDescriptor.stkobj
archive/zip.readDirectory64End
archive/zip.readDirectory64End.stkobj
archive/zip.readDirectoryEnd
archive/zip.readDirectoryEnd.stkobj
archive/zip.readDirectoryHeader
archive/zip.readDirectoryHeader.stkobj
archive/zip.timeToMsDosTime
archive/zip.timeZone
bufio.(*ReadWriter).Available
bufio.(*ReadWriter).Discard
bufio.(*ReadWriter).Flush
bufio.(*ReadWriter).Peek
bufio.(*ReadWriter).Read
bufio.(*ReadWriter).ReadByte
bufio.(*ReadWriter).ReadBytes
bufio.(*ReadWriter).ReadFrom
bufio.(*ReadWriter).ReadLine
bufio.(*ReadWriter).ReadRune
bufio.(*ReadWriter).ReadSlice
bufio.(*ReadWriter).ReadString
bufio.(*ReadWriter).UnreadByte
bufio.(*ReadWriter).UnreadRune
bufio.(*ReadWriter).Write
bufio.(*ReadWriter).WriteByte
bufio.(*ReadWriter).WriteRune
bufio.(*ReadWriter).WriteString
bufio.(*ReadWriter).WriteTo
bufio.(*Reader).Buffered
bufio.(*Reader).Discard
bufio.(*Reader).Peek
bufio.(*Reader).Read
bufio.(*Reader).ReadByte
bufio.(*Reader).ReadBytes
bufio.(*Reader).ReadLine
bufio.(*Reader).ReadRune
bufio.(*Reader).ReadSlice
bufio.(*Reader).ReadString
bufio.(*Reader).ReadString.stkobj
bufio.(*Reader).Reset
bufio.(*Reader).Size
bufio.(*Reader).UnreadByte
bufio.(*Reader).UnreadRune
bufio.(*Reader).WriteTo
bufio.(*Reader).collectFragments
bufio.(*Reader).fill
bufio.(*Reader).writeBuf
bufio.(*Scanner).Buffer
bufio.(*Scanner).Bytes
bufio.(*Scanner).Err
bufio.(*Scanner).Scan
bufio.(*Scanner).Split
bufio.(*Scanner).Text
bufio.(*Writer).Available
bufio.(*Writer).Buffered
bufio.(*Writer).Flush
bufio.(*Writer).ReadFrom
bufio.(*Writer).Reset
bufio.(*Writer).Size
bufio.(*Writer).Write
bufio.(*Writer).WriteByte
bufio.(*Writer).WriteRune
bufio.(*Writer).WriteString
bufio..inittask
bufio..stmp_0
bufio..stmp_1
bufio..stmp_3
bufio..stmp_4
bufio..stmp_5
bufio..stmp_6
bufio..stmp_7
bufio..stmp_8
bufio.ErrAdvanceTooFar
bufio.ErrBadReadCount
bufio.ErrBufferFull
bufio.ErrFinalToken
bufio.ErrInvalidUnreadByte
bufio.ErrInvalidUnreadRune
bufio.ErrNegativeAdvance
bufio.ErrNegativeCount
bufio.ErrTooLong
bufio.ReadWriter.Available
bufio.ReadWriter.Discard
bufio.ReadWriter.Flush
bufio.ReadWriter.Peek
bufio.ReadWriter.Read
bufio.ReadWriter.ReadByte
bufio.ReadWriter.ReadBytes
bufio.ReadWriter.ReadFrom
bufio.ReadWriter.ReadLine
bufio.ReadWriter.ReadRune
bufio.ReadWriter.ReadSlice
bufio.ReadWriter.ReadString
bufio.ReadWriter.UnreadByte
bufio.ReadWriter.UnreadRune
bufio.ReadWriter.Write
bufio.ReadWriter.WriteByte
bufio.ReadWriter.WriteRune
bufio.ReadWriter.WriteString
bufio.ReadWriter.WriteTo
bufio.ScanLines
bufio.errNegativeRead
bufio.errNegativeWrite
bufio.init
bytes.(*Buffer).Bytes
bytes.(*Buffer).Cap
bytes.(*Buffer).Grow
bytes.(*Buffer).Len
bytes.(*Buffer).Next
bytes.(*Buffer).Read
bytes.(*Buffer).ReadByte
bytes.(*Buffer).ReadBytes
bytes.(*Buffer).ReadFrom
bytes.(*Buffer).ReadRune
bytes.(*Buffer).ReadString
bytes.(*Buffer).Reset
bytes.(*Buffer).String
bytes.(*Buffer).Truncate
bytes.(*Buffer).UnreadByte
bytes.(*Buffer).UnreadRune
bytes.(*Buffer).Write
bytes.(*Buffer).WriteByte
bytes.(*Buffer).WriteRune
bytes.(*Buffer).WriteString
bytes.(*Buffer).WriteTo
bytes.(*Buffer).grow
bytes.(*Buffer).readSlice
bytes.(*Reader).Len
bytes.(*Reader).Read
bytes.(*Reader).ReadAt
bytes.(*Reader).ReadByte
bytes.(*Reader).ReadRune
bytes.(*Reader).Reset
bytes.(*Reader).Seek
bytes.(*Reader).Size
bytes.(*Reader).UnreadByte
bytes.(*Reader).UnreadRune
bytes.(*Reader).WriteTo
bytes..inittask
bytes..stmp_0
bytes..stmp_1
bytes..stmp_2
bytes..stmp_3
bytes..stmp_4
bytes..stmp_5
bytes.Count
bytes.EqualFold
bytes.ErrTooLarge
bytes.Index
bytes.IndexAny
bytes.IndexRune
bytes.LastIndexByte
bytes.Map
bytes.NewReader
bytes.Repeat
bytes.Replace
bytes.Runes
bytes.ToLower
bytes.ToUpper
bytes.TrimFunc
bytes.TrimLeft
bytes.TrimRight
bytes.TrimRightFunc
bytes.TrimSpace
bytes.asciiSpace
bytes.errNegativeRead
bytes.errUnreadByte
bytes.explode
bytes.genSplit
bytes.indexFunc
bytes.init
bytes.lastIndexFunc
bytes.makeASCIISet
bytes.makeCutsetFunc
bytes.makeCutsetFunc.func1
bytes.makeCutsetFunc.func2
bytes.makeCutsetFunc.func3
bytes.makeSlice
bytes.makeSlice.func1
cloud.google.com/go/compute/metadata.(*Client).getETag
cloud.google.com/go/compute/metadata.(*Client).getTrimmed
cloud.google.com/go/compute/metadata.(*Error).Error
cloud.google.com/go/compute/metadata.(*Error).Error.stkobj
cloud.google.com/go/compute/metadata.(*NotDefinedError).Error
cloud.google.com/go/compute/metadata.(*NotDefinedError).Error.stkobj
cloud.google.com/go/compute/metadata.(*cachedValue).get
cloud.google.com/go/compute/metadata..inittask
cloud.google.com/go/compute/metadata..stmp_0
cloud.google.com/go/compute/metadata..stmp_1
cloud.google.com/go/compute/metadata..stmp_2
cloud.google.com/go/compute/metadata..stmp_3
cloud.google.com/go/compute/metadata..stmp_6
cloud.google.com/go/compute/metadata..stmp_7
cloud.google.com/go/compute/metadata..stmp_8
cloud.google.com/go/compute/metadata.Get
cloud.google.com/go/compute/metadata.NotDefinedError.Error
cloud.google.com/go/compute/metadata.NotDefinedError.Error.stkobj
cloud.google.com/go/compute/metadata.ProjectID
cloud.google.com/go/compute/metadata.defaultClient
cloud.google.com/go/compute/metadata.init
cloud.google.com/go/compute/metadata.initOnGCE
cloud.google.com/go/compute/metadata.onGCE
cloud.google.com/go/compute/metadata.onGCEOnce
cloud.google.com/go/compute/metadata.projID
cloud.google.com/go/compute/metadata.strsContains
cloud.google.com/go/compute/metadata.testOnGCE
cloud.google.com/go/compute/metadata.testOnGCE.func1
cloud.google.com/go/compute/metadata.testOnGCE.func2
compress/flate.(*CorruptInputError).Error
compress/flate.(*InternalError).Error
compress/flate.(*Writer).Close
compress/flate.(*Writer).Flush
compress/flate.(*Writer).Reset
compress/flate.(*Writer).Write
compress/flate.(*byFreq).Len
compress/flate.(*byFreq).Less
compress/flate.(*byFreq).Swap
compress/flate.(*byLiteral).Len
compress/flate.(*byLiteral).Less
compress/flate.(*byLiteral).Swap
compress/flate.(*compressor).close
compress/flate.(*compressor).deflate
compress/flate.(*compressor).encSpeed
compress/flate.(*compressor).fillDeflate
compress/flate.(*compressor).fillStore
compress/flate.(*compressor).fillWindow
compress/flate.(*compressor).findMatch
compress/flate.(*compressor).init
compress/flate.(*compressor).init.stkobj
compress/flate.(*compressor).reset
compress/flate.(*compressor).store
compress/flate.(*compressor).storeHuff
compress/flate.(*compressor).syncFlush
compress/flate.(*compressor).write
compress/flate.(*compressor).writeBlock
compress/flate.(*compressor).writeStoredBlock
compress/flate.(*decompressor).Close
compress/flate.(*decompressor).Read
compress/flate.(*decompressor).Reset
compress/flate.(*decompressor).copyData
compress/flate.(*decompressor).dataBlock
compress/flate.(*decompressor).huffSym
compress/flate.(*decompressor).huffmanBlock
compress/flate.(*decompressor).moreBits
compress/flate.(*decompressor).nextBlock
compress/flate.(*decompressor).readHuffman
compress/flate.(*deflateFast).encode
compress/flate.(*deflateFast).matchLen
compress/flate.(*deflateFast).shiftOffsets
compress/flate.(*dictDecoder).writeCopy
compress/flate.(*dictWriter).Write
compress/flate.(*huffmanBitWriter).dynamicSize
compress/flate.(*huffmanBitWriter).fixedSize
compress/flate.(*huffmanBitWriter).flush
compress/flate.(*huffmanBitWriter).generateCodegen
compress/flate.(*huffmanBitWriter).indexTokens
compress/flate.(*huffmanBitWriter).writeBits
compress/flate.(*huffmanBitWriter).writeBlock
compress/flate.(*huffmanBitWriter).writeBlockDynamic
compress/flate.(*huffmanBitWriter).writeBlockHuff
compress/flate.(*huffmanBitWriter).writeBytes
compress/flate.(*huffmanBitWriter).writeCode
compress/flate.(*huffmanBitWriter).writeDynamicHeader
compress/flate.(*huffmanBitWriter).writeStoredHeader
compress/flate.(*huffmanBitWriter).writeTokens
compress/flate.(*huffmanDecoder).init
compress/flate.(*huffmanEncoder).assignEncodingAndSize
compress/flate.(*huffmanEncoder).bitCounts
compress/flate.(*huffmanEncoder).bitLength
compress/flate.(*huffmanEncoder).generate
compress/flate..inittask
compress/flate..stmp_0
compress/flate..stmp_1
compress/flate..stmp_10
compress/flate..stmp_11
compress/flate..stmp_12
compress/flate..stmp_13
compress/flate..stmp_3
compress/flate..stmp_4
compress/flate..stmp_5
compress/flate..stmp_6
compress/flate..stmp_8
compress/flate..stmp_9
compress/flate.CorruptInputError.Error
compress/flate.InternalError.Error
compress/flate.NewReader
compress/flate.NewWriter
compress/flate.bulkHash4
compress/flate.byFreq.Len
compress/flate.byFreq.Less
compress/flate.byFreq.Swap
compress/flate.byLiteral.Len
compress/flate.byLiteral.Less
compress/flate.byLiteral.Swap
compress/flate.codeOrder
compress/flate.codegenOrder
compress/flate.emitLiteral
compress/flate.fixedHuffmanDecoder
compress/flate.fixedHuffmanDecoderInit
compress/flate.fixedHuffmanDecoderInit.func1
compress/flate.fixedLiteralEncoding
compress/flate.fixedOffsetEncoding
compress/flate.fixedOnce
compress/flate.generateFixedLiteralEncoding
compress/flate.generateFixedOffsetEncoding
compress/flate.histogram
compress/flate.huffOffset
compress/flate.init
compress/flate.init.0
compress/flate.lengthBase
compress/flate.lengthCodes
compress/flate.lengthExtraBits
compress/flate.levels
compress/flate.matchLen
compress/flate.offsetBase
compress/flate.offsetCodes
compress/flate.offsetExtraBits
compress/gzip.(*Reader).Close
compress/gzip.(*Reader).Multistream
compress/gzip.(*Reader).Read
compress/gzip.(*Reader).Reset
compress/gzip.(*Reader).readHeader
compress/gzip.(*Reader).readString
compress/gzip.(*Writer).Close
compress/gzip.(*Writer).Flush
compress/gzip.(*Writer).Reset
compress/gzip.(*Writer).Write
compress/gzip.(*Writer).init
compress/gzip.(*Writer).writeBytes
compress/gzip.(*Writer).writeString
compress/gzip..inittask
compress/gzip.ErrChecksum
compress/gzip.ErrHeader
compress/gzip.NewReader
compress/gzip.NewWriterLevel
compress/gzip.NewWriterLevel.stkobj
compress/gzip.init
container/heap..inittask
container/heap.Fix
container/heap.Init
container/heap.Pop
container/heap.Push
container/heap.Remove
container/heap.down
container/heap.up
container/list.(*Element).Next
container/list.(*Element).Prev
container/list.(*List).Back
container/list.(*List).Front
container/list.(*List).Init
container/list.(*List).InsertAfter
container/list.(*List).InsertBefore
container/list.(*List).Len
container/list.(*List).MoveAfter
container/list.(*List).MoveBefore
container/list.(*List).MoveToBack
container/list.(*List).MoveToFront
container/list.(*List).PushBack
container/list.(*List).PushBackList
container/list.(*List).PushFront
container/list.(*List).PushFrontList
container/list.(*List).Remove
context.(*cancelCtx).Deadline

Sections

.text
Size: 18.1MB - Virtual size: 18.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16.8MB - Virtual size: 16.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 333KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 794KB - Virtual size: 793KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sys2.bat

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ab82dd1ea7a2c9c499f1f919286d231a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 18.1MB - Virtual size: 18.1MB

.data Size: 643KB - Virtual size: 643KB

.rdata Size: 16.8MB - Virtual size: 16.8MB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 333KB

.edata Size: 3.8MB - Virtual size: 3.8MB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 794KB - Virtual size: 793KB

.text
Size: 18.1MB - Virtual size: 18.1MB

.data
Size: 643KB - Virtual size: 643KB

.rdata
Size: 16.8MB - Virtual size: 16.8MB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 333KB

.edata
Size: 3.8MB - Virtual size: 3.8MB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 794KB - Virtual size: 793KB