New Compressed (zipped) Folder[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

New Compressed (zipped) Folder.zip
Size

7.0MB
MD5

3fd66dc82138d1427d43e70b36b4cd3a
SHA1

39fe86fbba36a06220c96f72f7aed0f2e0bd168d
SHA256

7549d4a121e1e7b5dc056cebe025d1af3d8c03440cad9bb23697c3f9bc6d07a9
SHA512

d036d2423eb28ea48f0a9d410c357b79f99371b8730dd19a38c8277b76b4f442762044e15efa361d4185d0648478b34b4f4957ba72aba6df71a334d033bc2253
SSDEEP

196608:wB83eQOA1B47Y0Az9MORof8EYFtDh+u1GBSDqRuJrHlU3s8YuW:MrQfqLABBBF7N17qRyHlEs8YuW

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/38e2e621598702cd37731440444d631ab9d799c6876765dbd418403033b94bf0.exe
unpack001/56776169335b8d2db22dba1ae47629f3e3e73a9a1d4f2c9cc6c7bcdd99b5fff8.exe
unpack001/5c72bdbde9604fe063ee6f9ff6dcb0ff0e67a85dea42ea9b6e1eca544fe95005.exe
unpack001/Global B seed calculator.exe
unpack001/a713b4f480f15ef37e9f69efbe6ce77c9a24db0176d4225091d6910ab4daf0f4.exe
unpack001/aeb663f8d0523fa21c265cc50ddb6eca80a8eb593d34520acd79c7da0cec02c6.exe
unpack001/ce7a72d2347fe2011815098caa7b5cb881a97780634ff1354194ab4865a6e0c4.exe

Files

New Compressed (zipped) Folder.zip
.zip
38e2e621598702cd37731440444d631ab9d799c6876765dbd418403033b94bf0.exe
.exe windows:1 windows x86

105093fc2cd4f6885d10a45bf3cecfc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetLocalTime
GetModuleHandleA
RtlUnwind
RtlZeroMemory

user32

SetWindowTextA
BeginPaint
EndPaint
UpdateWindow
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
UnregisterClassA
PostQuitMessage
GetSysColor
ShowWindow
CreateWindowExA
DefWindowProcA

gdi32

GetStockObject
SetPixel

crtdll

__GetMainArgs
exit
free
malloc
raise
signal
strchr

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 100B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
404967d9e5bf0c8c4158e88c8df50c913c334e62d54c9de0f1dbd1bf5da57497.ps1
4c09176981ccb4d6f7c48c6c88d4aad6ec13d5ad9b8afe41cdb40c749933f6b0.exe
.exe windows:6 windows x86

7ca2ada15fca9ba51b650e1414510d44

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07-10-2021 00:00

Not After

09-10-2024 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a2:a0:94:0e:a8:a1:67:c5:68:e0:12:31:44:35:cc:f4:72:0d:eb:55:56:1c:d8:c8:ab:58:3c:9e:8a:81:3d:13
Signer

Actual PE Digest

a2:a0:94:0e:a8:a1:67:c5:68:e0:12:31:44:35:cc:f4:72:0d:eb:55:56:1c:d8:c8:ab:58:3c:9e:8a:81:3d:13

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SystemTimeToFileTime
VerifyVersionInfoW
ReadConsoleA
SetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetEnvironmentVariableW
GetSystemTime
RemoveDirectoryW
GetFullPathNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
HeapReAlloc
GetTimeZoneInformation
SetStdHandle
SetConsoleCtrlHandler
SetFilePointerEx
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
HeapValidate
HeapSize
GetStdHandle
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
ExitProcess
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
FindResourceA
LocalFree
GlobalLock
GlobalUnlock
GlobalAlloc
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
OpenProcess
GetExitCodeProcess
GetCurrentProcess
SetLastError
GetACP
DeleteFileW
CreateDirectoryW
VerSetConditionMask
MulDiv
FreeLibrary
LoadLibraryA
GetProcAddress
Sleep
GetCurrentThreadId
DeviceIoControl
GetFileAttributesW
FindFirstFileW
FindClose
CreateFileW
MoveFileExW
GetModuleHandleA
GetTickCount
CreateFileA
LeaveCriticalSection
EnterCriticalSection
GetLastError
ProcessIdToSessionId
GetCurrentProcessId
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
GetCPInfo
DecodePointer
EncodePointer
OpenEventA
SetEvent
SetErrorMode
CloseHandle
RemoveDirectoryA
GetFileAttributesA
MultiByteToWideChar
OutputDebugStringA
WriteConsoleW
GetCurrentDirectoryA
GetCurrentDirectoryW
FindNextFileW
WideCharToMultiByte
GetModuleHandleW
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
FindFirstFileExW
FlushFileBuffers
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileAttributesExW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
SleepEx
GetSystemTimeAsFileTime
CopyFileW
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
GlobalFree
SetHandleInformation
VirtualProtect
VirtualQuery
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleExW
LocalAlloc
IsBadWritePtr
CreateIoCompletionPort
PostQueuedCompletionStatus
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
WaitForSingleObject
CreateEventA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineA
GetProcessHeap
HeapSetInformation
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
TerminateProcess
GlobalMemoryStatusEx
VirtualAlloc
IsDebuggerPresent
GetCommandLineW
RaiseException
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
SwitchToThread
CreateThread
GetCurrentThread
OpenThread
SetThreadPriority
TerminateThread
GetExitCodeThread
SuspendThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetThreadAffinityMask
SetEnvironmentVariableW
SetCurrentDirectoryW
OutputDebugStringW
CreateProcessW
GetSystemInfo
GetProcessAffinityMask
SetUnhandledExceptionFilter
DebugBreak
GetProcessHeaps
SetProcessAffinityMask
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW

user32

DispatchMessageW
TranslateMessage
GetMessageW
ReleaseDC
GetDC
PeekMessageW
GetWindowThreadProcessId
EnumWindows
SendMessageW
IsWindowVisible
GetProcessWindowStation
MonitorFromWindow
PostThreadMessageW
LoadIconW
LoadCursorW
EnumChildWindows
SetClassLongW
SetWindowLongW
GetWindowLongW
MapWindowPoints
MessageBoxW
GetWindowRect
SetWindowTextW
RedrawWindow
EndPaint
BeginPaint
UpdateWindow
KillTimer
UnregisterClassW
GetClassInfoExW
wsprintfA
DialogBoxParamA
EndDialog
GetDlgItem
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
OpenClipboard
MonitorFromPoint
SetClipboardData
EmptyClipboard
GetWindowTextLengthA
GetDesktopWindow
SetTimer
MsgWaitForMultipleObjects
SetWindowPos
MoveWindow
GetUserObjectInformationW
GetMonitorInfoW
AllowSetForegroundWindow
MessageBoxA
DestroyWindow
DefWindowProcW
RegisterClassExW
CreateWindowExW
CloseClipboard
ShowWindow

gdi32

DeleteObject
TextOutW
CreateDIBSection
SetTextColor
SetBkMode
SetBkColor
SelectObject
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
DeleteDC
CreateICW
CreateFontW
CreateCompatibleDC
SwapBuffers
SetPixelFormat
ChoosePixelFormat

advapi32

RegOpenKeyExA
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
ReportEventW
RegCreateKeyExA
RegCloseKey

shell32

SHGetFileInfoW
CommandLineToArgvW
ord680
SHGetKnownFolderPath

ole32

CoTaskMemFree

oleaut32

VariantClear

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW
GetProcessMemoryInfo
GetModuleInformation

version

VerQueryValueW

crypt32

CertGetCertificateChain
CertOpenStore
CertCloseStore
CertCreateCertificateContext
CertFreeCertificateContext
CertAddCertificateContextToStore
CertFreeCertificateChain

ws2_32

ntohl
ntohs
getaddrinfo
freeaddrinfo
closesocket
shutdown
socket
WSAStartup
WSAGetLastError
WSARecv
WSARecvFrom
WSASend
WSASendTo
htons
__WSAFDIsSet
select
WSASetLastError
WSACleanup
send
recv
connect
WSAIoctl
setsockopt
WSASocketA
htonl
getsockname
ioctlsocket
bind

wsock32

ord1142

bcrypt

BCryptGenRandom

Exports

Exports

CanSetClientBeta
ClientUpdateRunFrame
CreateInterface
ForceUpdateNextRestart
GetBootstrapperVersion
GetClientActualLauncherType
GetClientBootstrapMetrics
GetClientLauncherType
GetClientUpdateBytesDownloaded
GetClientUpdateBytesToDownload
GetCurrentClientBeta
IsCheckingForUpdates
IsClientUpdateAvailable
IsClientUpdateOutOfDiskSpace
IsUpdateSuppressed
PermitDownloadClientUpdates
SetClientBeta
StartCheckingForUpdates
SteamBootstrapper_GetBaseUserDir
SteamBootstrapper_GetEUniverse
SteamBootstrapper_GetForwardedCommandLine
SteamBootstrapper_GetInstallDir
SteamBootstrapper_GetLoggingDir
SteamBootstrapper_SetCommandLineToRunOnExit
g_dwDllEntryThreadId

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 919KB - Virtual size: 918KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
56776169335b8d2db22dba1ae47629f3e3e73a9a1d4f2c9cc6c7bcdd99b5fff8.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.clam01
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clam02
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clam03
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clam04
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5c72bdbde9604fe063ee6f9ff6dcb0ff0e67a85dea42ea9b6e1eca544fe95005.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
843c4407865ab4d809f0e3b8a581bab50a330ad98c926d0f10540f451b6611d5.pdf
.pdf
9859a4209ac3b00448b7552b993ff8120f0e7e7568b1c7ae55bf1f104889b3e7.bat
.bat .vbs
Global B seed calculator.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 1016KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a713b4f480f15ef37e9f69efbe6ce77c9a24db0176d4225091d6910ab4daf0f4.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a81f468164c352997b2b7f0f551150baa55b8d431a4fa3b5b8c9b48977d4045c.zip
.zip
aeb663f8d0523fa21c265cc50ddb6eca80a8eb593d34520acd79c7da0cec02c6.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b029b40badab029cbd916ab2e5147e9f01abd147e1bf9e5ed1564ee44a0d087f.msi
.msi
c98083c89ba696fdc10a9528722e8673f70b0b1872b52fbda472a38d4cfbf350.js
.js
ce7a72d2347fe2011815098caa7b5cb881a97780634ff1354194ab4865a6e0c4.exe
.exe windows:4 windows x86

3ede871f504dee75b485f08c01cf3ea1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetShortPathNameA
ResumeThread
WriteProcessMemory
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

user32

DefWindowProcA
AdjustWindowRectEx

Sections

0
Size: 724KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: - Virtual size: 64B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7
Size: - Virtual size: 89KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9
Size: 45KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

10
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

11
Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dc1bab58ae5af6a4b8051a148d96ae713f319327959225d1860ab910f27e2658.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

105093fc2cd4f6885d10a45bf3cecfc1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

crtdll

Sections

.text Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 100B

.data Size: 7KB - Virtual size: 7KB

.idata Size: 1KB - Virtual size: 1KB

7ca2ada15fca9ba51b650e1414510d44

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

a2:a0:94:0e:a8:a1:67:c5:68:e0:12:31:44:35:cc:f4:72:0d:eb:55:56:1c:d8:c8:ab:58:3c:9e:8a:81:3d:13Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

psapi

version

crypt32

ws2_32

wsock32

bcrypt

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 919KB - Virtual size: 918KB

.data Size: 56KB - Virtual size: 586KB

.rsrc Size: 219KB - Virtual size: 218KB

.reloc Size: 126KB - Virtual size: 126KB

Headers

File Characteristics

Sections

.clam01 Size: 500KB - Virtual size: 500KB

.clam02 Size: 92KB - Virtual size: 92KB

.clam03 Size: 264KB - Virtual size: 264KB

.clam04 Size: 24KB - Virtual size: 24KB

Headers

File Characteristics

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 68KB - Virtual size: 68KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

.text
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 100B

.data
Size: 7KB - Virtual size: 7KB

.idata
Size: 1KB - Virtual size: 1KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

a2:a0:94:0e:a8:a1:67:c5:68:e0:12:31:44:35:cc:f4:72:0d:eb:55:56:1c:d8:c8:ab:58:3c:9e:8a:81:3d:13
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 919KB - Virtual size: 918KB

.data
Size: 56KB - Virtual size: 586KB

.rsrc
Size: 219KB - Virtual size: 218KB

.reloc
Size: 126KB - Virtual size: 126KB

.clam01
Size: 500KB - Virtual size: 500KB

.clam02
Size: 92KB - Virtual size: 92KB

.clam03
Size: 264KB - Virtual size: 264KB

.clam04
Size: 24KB - Virtual size: 24KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 68KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.enigma1
Size: 1016KB - Virtual size: 8KB

.enigma2
Size: 280KB - Virtual size: 280KB

.text
Size: 76KB - Virtual size: 76KB

.data
Size: 28KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3.2MB - Virtual size: 3.2MB

.tls
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

0
Size: 724KB - Virtual size: 1.5MB

1
Size: 7KB - Virtual size: 18KB

2
Size: 27KB - Virtual size: 27KB

3
Size: - Virtual size: 1.5MB

4
Size: 5KB - Virtual size: 14KB

5
Size: - Virtual size: 64B

6
Size: 512B - Virtual size: 24B

7
Size: - Virtual size: 89KB

8
Size: 363KB - Virtual size: 363KB

9
Size: 45KB - Virtual size: 70KB

10
Size: 3KB - Virtual size: 3KB

11
Size: 7KB - Virtual size: 28KB