7df95982654e14465057f47c4e9bff7b1bfee0499352f501ba8bc7ce1dfd2f96

Sharing

Copy URL

Twitter E-mail

General

Target

7df95982654e14465057f47c4e9bff7b1bfee0499352f501ba8bc7ce1dfd2f96
Size

8.0MB
MD5

8766bfddaba81ba4596309d380b5f08f
SHA1

b0df026ab9087e562d9a54d9104ab7abc988741b
SHA256

7df95982654e14465057f47c4e9bff7b1bfee0499352f501ba8bc7ce1dfd2f96
SHA512

5978425457c9978589fa1d5de67266fa551ecc80369a73e50f63413f6642bdb8f557d5e19b1e906ca81cd53384aa5680bac3dde9b7e383171a5cac7297c79a0a
SSDEEP

196608:OgePKR45E8pTw7JiXUBmgVJ5K/ypoxFX5wK2WNxYh:GPK4zpVXUBmgH5O5xFqWQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat ( ਭ ..)/indexdatgui.exe	upx
static1/unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! NetAnalysis 1.35.0054/Patch/patch.exe	upx
static1/unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! TimeLog v1.3/ ⠫   ᯨ/time2log.exe	upx
static1/unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! TimeLog v1.3/ ⠫   ᯨ/timelog.exe	upx
static1/unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace keygen/keygen.exe	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)// 2/  - Temporary.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Index.dat Analyzer v2.0/indexdat-setup.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat ( ਭ ..)/IndexDatNew3.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat ( ਭ ..)/indexdatgui.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat Suite 2_9_2 Beta/IDSuite.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat Suite 2_9_2 Beta/Update.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! NetAnalysis 1.35.0054/Patch/patch.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! NetAnalysis 1.35.0054/netanalysis.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! TimeLog v1.3/ ⠫   ᯨ/time2log.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! TimeLog v1.3/ ⠫   ᯨ/timelog.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Web Cache Illuminator v4.8.2 Datecode 08.04.2006/keygen/keygen.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Web Cache Illuminator v4.8.2 Datecode 08.04.2006/webcache.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace keygen/keygen.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace/setup.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace/trace.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! ஢ ६/DCode/DCode.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! ஢ ६/URL Times/urmodifieddecode/moddec.exe
unpack001/ 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/IndexDat.exe

Files

7df95982654e14465057f47c4e9bff7b1bfee0499352f501ba8bc7ce1dfd2f96
.zip
 1_4 (04) -   楫  㯠   ᠬ (4)// 1/  - index.zip
.zip
  - index/Documents and Settings/Default User.WINDOWS/Cookies/index.dat
  - index/Documents and Settings/Default User.WINDOWS/Local Settings/History/History.IE5/index.dat
  - index/Documents and Settings/Default User.WINDOWS/Local Settings/Temporary Internet Files/Content.IE5/index.dat
  - index/Documents and Settings/Default User/Cookies/index.dat
  - index/Documents and Settings/Default User/Local Settings/History/History.IE5/index.dat
  - index/Documents and Settings/Default User/Local Settings/Temporary Internet Files/Content.IE5/index.dat
  - index/Documents and Settings/LocalService.NT AUTHORITY/Cookies/index.dat
  - index/Documents and Settings/LocalService.NT AUTHORITY/Local Settings/History/History.IE5/index.dat
  - index/Documents and Settings/LocalService.NT AUTHORITY/Local Settings/Temporary Internet Files/Content.IE5/index.dat
  - index/Documents and Settings/LocalService/Cookies/index.dat
  - index/Documents and Settings/LocalService/Local Settings/History/History.IE5/index.dat
  - index/Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5/index.dat
  - index/Documents and Settings/help/Application Data/Microsoft/Office/᫥ 䠩/index.dat
  - index/Documents and Settings/help/Cookies/index.dat
  - index/Documents and Settings/help/Local Settings/History/History.IE5/MSHist012005051320050514/index.dat
  - index/Documents and Settings/help/Local Settings/History/History.IE5/MSHist012005051420050515/index.dat
  - index/Documents and Settings/help/Local Settings/History/History.IE5/index.dat
  - index/Documents and Settings/help/Local Settings/Temporary Internet Files/Content.IE5/index.dat
  - index/Documents and Settings//Cookies/index.dat
  - index/Documents and Settings//Local Settings/History/History.IE5/MSHist012005030720050308/index.dat
  - index/Documents and Settings//Local Settings/History/History.IE5/index.dat
  - index/Documents and Settings//Local Settings/Temporary Internet Files/Content.IE5/index.dat
  - index/Documents and Settings//Application Data/Microsoft/Office/᫥ 䠩/index.dat
  - index/Documents and Settings//Cookies/index.dat
  - index/Documents and Settings//Local Settings/History/History.IE5/MSHist012005050620050507/index.dat
  - index/Documents and Settings//Local Settings/History/History.IE5/MSHist012005050720050508/index.dat
  - index/Documents and Settings//Local Settings/History/History.IE5/index.dat
  - index/Documents and Settings//Local Settings/Temporary Internet Files/Content.IE5/index.dat
  - index/WINDOWS/pchealth/helpctr/OfflineCache/index.dat
  - index/WINDOWS/system32/config/systemprofile/Cookies/index.dat
  - index/WINDOWS/system32/config/systemprofile/Local Settings/History/History.IE5/MSHist012005051320050514/index.dat
  - index/WINDOWS/system32/config/systemprofile/Local Settings/History/History.IE5/index.dat
  - index/WINDOWS/system32/config/systemprofile/Local Settings/Temporary Internet Files/Content.IE5/index.dat
 1_4 (04) -   楫  㯠   ᠬ (4)// 2/  - Temporary.exe
.exe windows:4 windows x86

a6d1f237a38b6e7d3a48b606fa0d7939

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 1_4 (04) -   楫  㯠   ᠬ (4)/   ࠡ 1_4 .doc
.doc windows office2003
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Index.dat Analyzer v2.0/Read_me.txt
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Index.dat Analyzer v2.0/Screen.jpg
.jpg
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Index.dat Analyzer v2.0/indexdat-setup.exe
.exe windows:1 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat ( ਭ ..)/IndexDatNew3.exe
.exe windows:4 windows x86

dc342a12ddf4187bbfe356fcbcfc14b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
CreateFileA
RtlUnwind
ExitProcess
GetTimeFormatA
GetDateFormatA
HeapFree
TerminateProcess
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
SetEnvironmentVariableA
GetLocaleInfoW
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
GetModuleHandleA
GetProcAddress
lstrcpyA
GetCurrentThreadId
CloseHandle
GlobalFlags
lstrcmpA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
InterlockedExchange

user32

GetClientRect
GetMenu
PostMessageA
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowPos
SetWindowLongA
GetDlgItem
SetWindowsHookExA
DispatchMessageA
SetForegroundWindow
GetKeyState
PeekMessageA
ValidateRect
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetFocus
SetWindowTextA
GetClassNameA
GetWindowTextA
SendMessageA
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
PostQuitMessage
DestroyMenu
GrayStringA
GetSysColor
GetSysColorBrush
UnregisterClassA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
CallNextHookEx

gdi32

SetMapMode
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

oleaut32

VariantChangeType
VariantInit
VariantClear

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat ( ਭ ..)/indexdatgui.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat Suite 2_9_2 Beta/EULA.txt
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat Suite 2_9_2 Beta/IDSuite.exe
.exe windows:4 windows x86

fe7990ba8d0bedcb613839748882273f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord518
ord519
ord660
ord669
ord595
ord702
ord598
ord705
ord520
ord631
ord709
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord607
ord608
ord531
ord717
ProcCallEngine
ord537
ord644
ord645
ord648
ord571
ord685
ord100
ord612
ord616
ord617
ord618
ord619
ord650
ord546
ord581

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat Suite 2_9_2 Beta/Index.dat_Suite.ini
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat Suite 2_9_2 Beta/Update.exe
.exe windows:4 windows x86

95172503ba7b262ebefd78fbb7c7bbff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarIndexLoadRefLock
ord669
__vbaForEachCollObj
ord300
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord306
__vbaStrFixstr
ord520
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
ord709
__vbaNextEachCollObj
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord608
ord531
__vbaFPException
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaR8Str
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
ord616
ord617
_CIatan
ord618
__vbaStrMove
ord619
_allmul
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat Suite 2_9_2 Beta/applog.log
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Indexdat Suite 2_9_2 Beta/readme.txt
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! NetAnalysis 1.35.0054/-=Heaven=--=NFO.Updated.31.MaY.2005=--=Read.Me=-.nfo
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! NetAnalysis 1.35.0054/DIGERATI.nfo
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! NetAnalysis 1.35.0054/Patch/patch.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! NetAnalysis 1.35.0054/Read_me.txt
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! NetAnalysis 1.35.0054/netanalysis.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! TimeLog v1.3/ ⠫   ᯨ/readme.txt
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! TimeLog v1.3/ ⠫   ᯨ/time2log.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! TimeLog v1.3/ ⠫   ᯨ/timelog.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 320KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Web Cache Illuminator v4.8.2 Datecode 08.04.2006/keygen/brd.nfo
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Web Cache Illuminator v4.8.2 Datecode 08.04.2006/keygen/file_id.diz
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Web Cache Illuminator v4.8.2 Datecode 08.04.2006/keygen/keygen.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Web Cache Illuminator v4.8.2 Datecode 08.04.2006/readme.txt
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Web Cache Illuminator v4.8.2 Datecode 08.04.2006/serial/digerati.nfo
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! Web Cache Illuminator v4.8.2 Datecode 08.04.2006/webcache.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace keygen/keygen.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX3
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace/external.dll
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace/file_id.diz
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace/language.dat
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace/setup.exe
.exe windows:1 windows x86

1b19ae4549e86847505db20f4577c299

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHBrowseForFolder
SHGetPathFromIDListA

kernel32

FormatMessageA
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetTickCount
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFree
GlobalLock
CopyFileA
GlobalUnlock
CreateDirectoryA
RtlUnwind
RtlZeroMemory
SetCurrentDirectoryA
WinExec
_lcreat
lstrcatA
lstrcmpiA
lstrcpyA
lstrlenA

user32

SetWindowTextA
GetWindowTextA
GetWindowRect
IsWindow
CheckDlgButton
IsDialogMessageA
BeginPaint
EndPaint
InvalidateRect
SetFocus
LoadCursorA
LoadIconA
RegisterClassA
MessageBoxA
SetCursor
GetMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
DrawTextA
GetWindowDC
ReleaseDC
FillRect
SendMessageA
wsprintfA
PostMessageA
PostQuitMessage
GetSystemMetrics
CreateWindowExA
SetWindowPos
MoveWindow
DefWindowProcA

gdi32

BitBlt
GetStockObject
RealizePalette
SelectObject
SelectPalette
SetBkMode
CreateCompatibleBitmap
SetTextColor
CreateCompatibleDC
StretchBlt
TextOutA
CreatePalette
GetObjectA
CreateFontA
CreateSolidBrush
DeleteDC
DeleteObject

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

crtdll

_itoa
__GetMainArgs
exit
raise
signal
strchr

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 896B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 924B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace/trace-d.cnt
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace/trace-d.hlp
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace/trace.cnt
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace/trace.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/X-Ways Trace/trace.hlp
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! X-Ways Trace/஫.txt
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! ஢ ६/DCode/DCode.exe
.exe windows:4 windows x86

b95fcae457bd864a2de348bd2f489c19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
ord587
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
ord660
__vbaSetSystemError
ord661
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarCmpGe
__vbaStrBool
__vbaBoolStr
ord300
ord301
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord303
_adj_fdivr_m16i
ord306
ord307
ord521
ord309
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
ord528
__vbaStrCmp
__vbaVarTstEq
__vbaDateR8
ord561
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
ord608
__vbaVarCmpLe
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
__vbaR8Str
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaI4Var
ord689
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
ord616
__vbaFpI4
_CIatan
__vbaStrMove
ord618
ord650
_allmul
_CItan
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 480KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! ஢ ६/DCode/examples.txt
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! ஢ ६/DCode/readme.txt
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! ஢ ६/URL Times/urmodifieddecode/Form1.frm
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! ஢ ६/URL Times/urmodifieddecode/moddec.exe
.exe windows:4 windows x86

1b58be889c042897b4489b0363a420f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaFpI4
_CIatan
__vbaStrMove
ord650
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! ஢ ६/URL Times/urmodifieddecode/moddec.vbp
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/! ஢ ६/URL Times/urmodifieddecode/moddec.vbw
 1_4 (04) -   楫  㯠   ᠬ (4)/ணࠬ/IndexDat.exe
.exe windows:4 windows x86

dc342a12ddf4187bbfe356fcbcfc14b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
CreateFileA
RtlUnwind
ExitProcess
GetTimeFormatA
GetDateFormatA
HeapFree
TerminateProcess
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
SetEnvironmentVariableA
GetLocaleInfoW
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
GetModuleHandleA
GetProcAddress
lstrcpyA
GetCurrentThreadId
CloseHandle
GlobalFlags
lstrcmpA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
InterlockedExchange

user32

GetClientRect
GetMenu
PostMessageA
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowPos
SetWindowLongA
GetDlgItem
SetWindowsHookExA
DispatchMessageA
SetForegroundWindow
GetKeyState
PeekMessageA
ValidateRect
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetFocus
SetWindowTextA
GetClassNameA
GetWindowTextA
SendMessageA
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
PostQuitMessage
DestroyMenu
GrayStringA
GetSysColor
GetSysColorBrush
UnregisterClassA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
CallNextHookEx

gdi32

SetMapMode
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

oleaut32

VariantChangeType
VariantInit
VariantClear

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6d1f237a38b6e7d3a48b606fa0d7939

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

comdlg32

gdi32

shell32

user32

ole32

Sections

.text Size: 73KB - Virtual size: 76KB

.data Size: 2KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 16KB

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 36KB

DATA Size: 1024B - Virtual size: 584B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

dc342a12ddf4187bbfe356fcbcfc14b1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comctl32

oleaut32

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 20KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 20KB

UPX1 Size: 5KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

fe7990ba8d0bedcb613839748882273f

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 412KB - Virtual size: 409KB

.data Size: - Virtual size: 26KB

.rsrc Size: 8KB - Virtual size: 4KB

95172503ba7b262ebefd78fbb7c7bbff

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 64KB - Virtual size: 60KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 184KB

UPX1 Size: 39KB - Virtual size: 40KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

.text
Size: 73KB - Virtual size: 76KB

.data
Size: 2KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 16KB

CODE
Size: 36KB - Virtual size: 36KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 20KB

UPX0
Size: - Virtual size: 20KB

UPX1
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 412KB - Virtual size: 409KB

.data
Size: - Virtual size: 26KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 60KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 184KB

UPX1
Size: 39KB - Virtual size: 40KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 34KB - Virtual size: 34KB

DATA
Size: 1024B - Virtual size: 580B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 7KB - Virtual size: 8KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 320KB

UPX1
Size: 8KB - Virtual size: 12KB

UPX2
Size: 512B - Virtual size: 4KB

CODE
Size: 36KB - Virtual size: 35KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 112KB

UPX1
Size: 6KB - Virtual size: 8KB

UPX2
Size: 4KB - Virtual size: 4KB

UPX3
Size: 41KB - Virtual size: 44KB

.text
Size: 8KB - Virtual size: 8KB

.bss
Size: - Virtual size: 896B

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 924B - Virtual size: 924B