New Compressed (zipped) Folder[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

New Compressed (zipped) Folder.zip
Size

2.1MB
MD5

2645477355e0f701caa6124ebf8224f9
SHA1

7b804d76dff0255919dac1acc8c4e5d8c2483981
SHA256

5f1e8444f493961b9e245b3f102ba972959f7ecab0f4a23314423754acca2213
SHA512

12e92a8b86be8fcf20cfe31b9950760401b7600922d0b973d45fd9709738c353d81717d5789aee08e0556b36b0dbb7e04deda476a4cd5ec8a3a6b8c003133c83
SSDEEP

49152:KALIrbnMEknkZzGw9lQLxpLT678/YjXIIeEa:XKknkRGwwxDEa

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/ec082b19afe88d9825cfc9b4c860ddfe40f1f46272fa13f46085b50612513b14.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ec082b19afe88d9825cfc9b4c860ddfe40f1f46272fa13f46085b50612513b14.dll	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1e22d8aa9ef11a057d19adcdf232485c9d063050860aef7866d92a5d82e72da5.dll
unpack001/386c2b30d0f46306b8691661a0b73163989f6412f903573012b5ba0c35525dcb.exe
unpack001/897d5d93eca5638c6cf435a904d8bbc54c2a49b7c95669152557d585adcc3d91.exe
unpack001/8c49a2ad3fa1c516d18fee4d9328afc76213c5de1473137f36d810da00ae6967.exe
unpack001/a59d10a317a779ae0c8f99b5e62719b1c150d7c3709d38764be50f450ccbcfbd.exe
unpack001/a5c2b18cb765726b1cfaaed30bce6cb8a34da6ddb7c3b3fe52f0a21235b9675f.exe
unpack001/e07f514577072b02a9713552dc73feceaaa7fd256495468e24e7942216cabb85.exe
unpack001/ec082b19afe88d9825cfc9b4c860ddfe40f1f46272fa13f46085b50612513b14.dll

Files

New Compressed (zipped) Folder.zip
.zip
1e22d8aa9ef11a057d19adcdf232485c9d063050860aef7866d92a5d82e72da5.dll
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.NUMEGAB
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
386c2b30d0f46306b8691661a0b73163989f6412f903573012b5ba0c35525dcb.exe
.exe windows:5 windows x86

231ae748dbc4fa94aca4a2ab6a3f3a91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateThread
lstrlenW
VirtualProtect
GetProcAddress
LoadLibraryA
VirtualAlloc
LockResource
WaitForSingleObject
SizeofResource
FindResourceW
GetModuleHandleW
GetLastError
CreateMutexA
GetModuleHandleA
EnumTimeFormatsW
FreeConsole
LoadResource
MoveFileA
GetCommandLineA
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

advapi32

RegDeleteKeyA

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ktqovk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
3b9628c3b4d0489c3691a9f57fd65da3565a420da4508f57ff1f41c0c9036c5a.py
5c6a1c095727a365b8af5f837fa7d15936b464464aa012d2b865334917465e9d.unknown
.html
8531edbd8fec4f6f9672b69736b6b47d530ce9a14e0dc2b6b92144b778361feb.elf
.elf linux arm
897d5d93eca5638c6cf435a904d8bbc54c2a49b7c95669152557d585adcc3d91.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.clam01
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clam02
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clam03
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clam04
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clam05
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8c49a2ad3fa1c516d18fee4d9328afc76213c5de1473137f36d810da00ae6967.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a59d10a317a779ae0c8f99b5e62719b1c150d7c3709d38764be50f450ccbcfbd.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.clam01
Size: 873KB - Virtual size: 873KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a5c2b18cb765726b1cfaaed30bce6cb8a34da6ddb7c3b3fe52f0a21235b9675f.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a93534a4e4b8d9ce1a4d0450c32e1d92260564d5de9124a7ad1c3dbe9b4fae14.exe
.exe windows:5 windows x86

959a6730bc071cd048c8e4c56109bff6

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:70:ef:4b:ad:5c:c4:4a:1c:2b:c3:d9:64:01:67:4c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/04/2020, 00:00

Not After

09/03/2023, 12:00

Subject

CN=Avast Software s.r.o.,OU=RE stapler cistodc,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:4b:e8:c3:98:91:01:a9:b2:c0:68:84:a6:bf:ed:3f:d7:fd:0a:fd:19:07:9c:e4:6d:14:14:34:d5:12:8f:3b
Signer

Actual PE Digest

14:4b:e8:c3:98:91:01:a9:b2:c0:68:84:a6:bf:ed:3f:d7:fd:0a:fd:19:07:9c:e4:6d:14:14:34:d5:12:8f:3b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
Sleep
GetFileSizeEx
WriteFile
SetEndOfFile
SetFilePointerEx
LocalFree
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
EnumResourceNamesW
GetWindowsDirectoryW
CreateDirectoryW
CreateFileW
CreateThread
GetSystemTimeAsFileTime
GetNativeSystemInfo
lstrcatA
lstrlenA
GetVersionExA
GetCurrentProcess
GetExitCodeProcess
ResumeThread
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateProcessW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetDiskFreeSpaceExW
CopyFileW
MoveFileExW
CreateHardLinkW
HeapAlloc
GetProcessHeap
HeapSetInformation
ExitProcess
IsProcessorFeaturePresent
lstrcpyW
GetModuleHandleW
GetSystemDirectoryW
SetDllDirectoryW
InterlockedExchange
LockResource
WriteConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
GetLastError
HeapFree
InterlockedExchangeAdd
GetVersionExW
FindResourceW
LoadLibraryW
SizeofResource
LoadResource
GlobalFree
GlobalUnlock
GlobalLock
FindFirstFileExW
FindClose
GlobalAlloc
FreeLibrary
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
DecodePointer
GetVersion
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
OutputDebugStringW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetCommandLineA
GetCommandLineW
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetACP
GetStringTypeW
GetFileType
GetProcAddress

user32

GetMessageW
TranslateMessage
DispatchMessageW
AllowSetForegroundWindow
PostMessageW
wsprintfA
LoadStringW
MessageBoxExW
wsprintfW
SystemParametersInfoW
IsDialogMessageW
LoadImageW
DestroyIcon
FindWindowW
FillRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetSystemMetrics
KillTimer
SetTimer
SetFocus
SetWindowPos
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
SendMessageW

gdi32

GetTextExtentPoint32W
GetObjectW
CreateDIBSection
SelectObject
CreateFontIndirectW
DeleteObject
CreateSolidBrush
CreatePatternBrush

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
GetSidSubAuthorityCount
GetSidSubAuthority
IsValidSid
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorA

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx

comctl32

ord17

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b849de1ae7d942f6adab50f5569180b69659afae6d26c7fd9fde0ebbd057912b.elf
.elf linux arm
c97349d6317318c2f61733219d4bfc007fef58e7f35ced05c9b12badb5f6754e.elf
.elf linux mipsbe
e07f514577072b02a9713552dc73feceaaa7fd256495468e24e7942216cabb85.exe
.exe windows:4 windows x86

e29216111be8758f004d4ae8b6c1fd97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

sndPlaySoundA
mciSendStringA

kernel32

QueryPerformanceCounter
VirtualQuery
VirtualProtect
GetLocaleInfoA
CreateFileA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
GetFileType
GetStdHandle
SetHandleCount
ReadFile
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
SetFilePointer
GetCurrentProcess
TerminateProcess
ExitProcess
WriteFile
CloseHandle
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetStartupInfoA
GetModuleHandleA
HeapReAlloc
CreateDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
GetLastError
GetFullPathNameA
GetCurrentDirectoryA
GetDriveTypeA
HeapAlloc
HeapFree
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrlenA
lstrcpyA
lstrcmpA
lstrcpynA
GetShortPathNameA
GetCommandLineA
GetModuleFileNameA
Sleep
RtlUnwind
FreeLibrary
LoadLibraryA
GetProcAddress
WinExec
GetTickCount
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
GetLocalTime
GetSystemInfo
GlobalMemoryStatus
GetVersion
GetComputerNameA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
SetEndOfFile
HeapSize
LCMapStringA

user32

GetSystemMenu
AppendMenuA
TranslateMessage
PeekMessageA
FindWindowA
DestroyWindow
GetFocus
SetFocus
DispatchMessageA
GetMessageA
CharUpperA
SendMessageA
SetTimer
LoadIconA
RegisterClassA
UpdateWindow
SetScrollRange
ShowScrollBar
ScrollWindow
SetScrollPos
KillTimer
PostQuitMessage
DefWindowProcA
InvalidateRect
IsWindowEnabled
GetActiveWindow
ShowWindow
SetActiveWindow
SetWindowPos
GetAsyncKeyState
GetSysColor
ShowCursor
SetCursorPos
GetClientRect
GetDlgCtrlID
GetDlgItemTextA
GetWindowTextA
IsDlgButtonChecked
EnumDisplaySettingsA
ChangeDisplaySettingsA
GetCursorPos
MessageBoxA
wsprintfA
FillRect
LoadCursorA
SetCursor
BeginPaint
EndPaint
GetDC
ReleaseDC
GetSystemMetrics
MoveWindow
GetWindowRect
GetWindowLongA
SetWindowLongA
CallWindowProcA
CreateWindowExA
PostMessageA
GetMenu
SetWindowTextA

gdi32

SetPixel
GetPixel
SetStretchBltMode
StretchBlt
StretchDIBits
Rectangle
RealizePalette
BitBlt
DeleteDC
SelectPalette
SetDIBColorTable
CreatePalette
SetBkMode
LineTo
CreateSolidBrush
CreatePen
GetTextMetricsA
SelectObject
CreateFontIndirectA
DeleteObject
TextOutA
GetTextExtentPoint32A
GetTextExtentPointA
CreateCompatibleDC
CreateDIBSection
GetDeviceCaps
SetTextColor
GetStockObject
MoveToEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

advapi32

GetUserNameA

shell32

ShellExecuteA
ShellExecuteExA

Exports

Exports

_ll_callfunc@16

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e258fb05f2f84435c3aaa7a94eba75a117dc8b6decdd9fd7e0910351b9c6ee14.elf
.elf linux mipsel
ec082b19afe88d9825cfc9b4c860ddfe40f1f46272fa13f46085b50612513b14.dll
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 20KB - Virtual size: 20KB

.NUMEGAB Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

231ae748dbc4fa94aca4a2ab6a3f3a91

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 47KB - Virtual size: 46KB

.reloc Size: 2KB - Virtual size: 2KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 341KB - Virtual size: 341KB

.ktqovk Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.clam01 Size: 496KB - Virtual size: 496KB

.clam02 Size: 80KB - Virtual size: 80KB

.clam03 Size: 52KB - Virtual size: 52KB

.clam04 Size: 116KB - Virtual size: 116KB

.clam05 Size: 60KB - Virtual size: 60KB

Headers

File Characteristics

Sections

.text Size: 556KB - Virtual size: 556KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 84KB - Virtual size: 84KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.clam01 Size: 873KB - Virtual size: 873KB

Headers

File Characteristics

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 48KB - Virtual size: 48KB

.rsrc Size: 8KB - Virtual size: 8KB

959a6730bc071cd048c8e4c56109bff6

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:70:ef:4b:ad:5c:c4:4a:1c:2b:c3:d9:64:01:67:4cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

14:4b:e8:c3:98:91:01:a9:b2:c0:68:84:a6:bf:ed:3f:d7:fd:0a:fd:19:07:9c:e4:6d:14:14:34:d5:12:8f:3bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

.text
Size: 20KB - Virtual size: 20KB

.NUMEGAB
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 46KB

.reloc
Size: 2KB - Virtual size: 2KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 341KB - Virtual size: 341KB

.ktqovk
Size: 4KB - Virtual size: 4KB

.clam01
Size: 496KB - Virtual size: 496KB

.clam02
Size: 80KB - Virtual size: 80KB

.clam03
Size: 52KB - Virtual size: 52KB

.clam04
Size: 116KB - Virtual size: 116KB

.clam05
Size: 60KB - Virtual size: 60KB

.text
Size: 556KB - Virtual size: 556KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 84KB - Virtual size: 84KB

.rsrc
Size: 8KB - Virtual size: 8KB

.clam01
Size: 873KB - Virtual size: 873KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 8KB - Virtual size: 8KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:70:ef:4b:ad:5c:c4:4a:1c:2b:c3:d9:64:01:67:4c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

14:4b:e8:c3:98:91:01:a9:b2:c0:68:84:a6:bf:ed:3f:d7:fd:0a:fd:19:07:9c:e4:6d:14:14:34:d5:12:8f:3b
Signer

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 2KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 76B

.rsrc
Size: 69KB - Virtual size: 68KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 26KB

.rsrc
Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 83KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB