0fddfdea0e4f830012f35e3ce0bb004761b52e6276ecfeb2a41c6875571b451f[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

0fddfdea0e4f830012f35e3ce0bb004761b52e6276ecfeb2a41c6875571b451f.zip.zip
Size

871KB
MD5

2e25b5a36e766e2a13e977186470bd89
SHA1

a3fd31099e51a54343c7a23d6c4dca6e7ca8bed5
SHA256

d5ab54c78f95d027c2ac14879fe9d044b0524a7bcc2a1c59122ee5b67cba379a
SHA512

8b80b52bf818c97452b34f8f7b134a8386de22eaa7f5cb33557623abf9bf39c172abb5e93700badbc70e0d7f96bf3a789e3bcefc8a5e49dfed1ccd4300d29df3
SSDEEP

24576:4Fei83FbQraEP4A5jw9uZ5AZS/wInhIPRyNE:Mei83FS50HOnBNE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/Gccg/wget.exe	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Gccg/chmod.exe
unpack002/Gccg/cp.exe
unpack002/Gccg/gunzip.exe
unpack002/Gccg/ls.exe
unpack002/Gccg/mv.exe
unpack002/Gccg/perl.exe
unpack002/Gccg/perl58.dll
unpack002/Gccg/rm.exe
unpack002/Gccg/tar.exe
unpack002/Gccg/wget.exe

Files

0fddfdea0e4f830012f35e3ce0bb004761b52e6276ecfeb2a41c6875571b451f.zip.zip
.zip

Password: infected
0fddfdea0e4f830012f35e3ce0bb004761b52e6276ecfeb2a41c6875571b451f.zip
.zip
Gccg/COPYING
Gccg/Check Installed.bat
Gccg/Install LOTR Cards.bat
Gccg/Install LOTR.bat
Gccg/Install METW Cards deutsch.bat
Gccg/Install METW Cards.bat
Gccg/Install METW deutsch.bat
Gccg/Install METW.bat
Gccg/Install MTG Cards.bat
Gccg/Install MTG.bat
Gccg/Install Pokemon Cards.bat
Gccg/Install Pokemon.bat
Gccg/Install Source.bat
Gccg/Install.bat
Gccg/Metw_deu.bat
.bat .vbs
Gccg/Update Everything.bat
Gccg/chmod.exe
.exe windows:4 windows x86

f83e33ff9fc9deabe19c8b4aaa0647e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fprintf
strchr
getenv
bsearch
qsort
fclose
_pctype
_isctype
__mb_cur_max
fgets
fopen
tolower
putc
strerror
vfprintf
fflush
strncmp
calloc
realloc
_iob
malloc
_stat
_get_osfhandle
_fstat
exit
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
puts
free
_errno
setlocale
printf
_strlwr
strncpy
_mkdir
_chmod
_getcwd
_read
_close
_open
_umask
_access
_utime
_chsize

kernel32

FindClose
FindFirstFileA
FindNextFileA
GetFullPathNameA
CreateFileA
GetFileInformationByHandle
CloseHandle

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Gccg/cp.exe
.exe windows:4 windows x86

de4d72131a4bc73df8282d58fbd97329

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fopen
tolower
sprintf
strncmp
fgets
putc
strerror
vfprintf
fflush
getchar
calloc
strncpy
strrchr
_ftol
abort
_strlwr
_isctype
__mb_cur_max
_fstat
_mkdir
_exit
_XcptFilter
__p___initenv
_pctype
rename
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
realloc
fclose
qsort
bsearch
malloc
puts
strchr
_iob
fprintf
_get_osfhandle
_stat
_errno
_umask
_utime
_unlink
_chmod
_close
_lseek
_read
_open
_strdup
_getcwd
_access
_write
_chsize
free
setlocale
getenv
printf
exit
__getmainargs
_initterm

kernel32

LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
FindClose
FindFirstFileA
FindNextFileA
GetFileInformationByHandle
CreateFileA
GetFullPathNameA
MultiByteToWideChar
BackupWrite
CloseHandle
GetCurrentProcess
GetLastError
GetProcAddress

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Gccg/gccg_package
.sh .ps1 linux
Gccg/gunzip.exe
.exe windows:4 windows x86

f2e08216998da75136edb412ba778d0e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter

msvcrt

_write
_fileno
_fstat
_isatty
_chmod
_lseek
_open
_read
_close
_setmode
_stat
_unlink
_utime
_cexit
_errno
_fileno
_findclose
_findfirst
_findnext
_fmode
_fpreset
_iob
_setmode
_stat
__getmainargs
atexit
atoi
calloc
ctime
exit
fflush
fgets
fprintf
free
getenv
isupper
__p__environ
malloc
memcpy
perror
printf
putc
signal
strcat
strcmp
strcpy
strcspn
strncmp
strncpy
strrchr
strspn
__set_app_type

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 320KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Gccg/lib/perl5db.pl
.pl .ps1
Gccg/lib/strict.pm
Gccg/ls.exe
.exe windows:4 windows x86

16a7017ae546e61d4943e15248868268

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter

msvcrt

_fstat
_getcwd
_isatty
_open
_read
_close
_stat
_cexit
_errno
_fileno
_findclose
_findfirst
_findnext
_fmode
_fpreset
_iob
_setmode
_stat
__getmainargs
_stricmp
_strnicmp
_wcsicmp
abort
atexit
bsearch
calloc
exit
fclose
feof
fflush
fgets
fopen
fprintf
fputs
free
getenv
gmtime
isalnum
isalpha
isdigit
islower
isprint
isspace
isupper
__p__environ
localtime
malloc
printf
putc
putchar
puts
qsort
realloc
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strrchr
time
tolower
toupper
vfprintf
__set_app_type

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Gccg/mv.exe
.exe windows:4 windows x86

5fa4f1ae26265dbdc2694c40e4b2229d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

qsort
bsearch
strchr
fclose
fgets
fopen
tolower
realloc
sprintf
putc
getchar
malloc
fflush
strncpy
strrchr
_ftol
abort
strncmp
vfprintf
_get_osfhandle
_fstat
toupper
calloc
_mkdir
strerror
_pctype
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_isctype
__mb_cur_max
_iob
puts
_errno
_strlwr
_stat
free
_isatty
_unlink
_chmod
_utime
_close
_open
_strdup
_getcwd
_read
_write
_access
_chsize
fprintf
rename
printf
setlocale
getenv
_exit
exit
_XcptFilter

kernel32

LoadLibraryA
GetLastError
InterlockedExchange
LocalAlloc
RaiseException
FindClose
FindFirstFileA
GetFullPathNameA
CreateFileA
FindNextFileA
FreeLibrary
GetProcAddress
CloseHandle
GetFileInformationByHandle

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Gccg/perl.exe
.exe windows:4 windows x86

abeffe0303cb666bd26537f361389ce6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__fmode
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_exit
__set_app_type
_except_handler3
_controlfp

perl58

RunPerl

Sections

.text
Size: 4KB - Virtual size: 348B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Gccg/perl58.dll
.dll windows:4 windows x86

bb730e2e0cf1485d227f2727562afbd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsAlloc
WaitForMultipleObjects
GetProcAddress
LoadLibraryA
DeleteCriticalSection
FreeLibrary
InterlockedDecrement
InterlockedIncrement
FreeEnvironmentStringsA
GetEnvironmentStrings
GetLogicalDriveStringsA
GetLogicalDrives
SetCurrentDirectoryA
MultiByteToWideChar
GetFullPathNameA
SetCurrentDirectoryW
WideCharToMultiByte
GetFullPathNameW
GetFileAttributesA
GetFileAttributesW
CreateThread
GetCurrentThreadId
GetModuleFileNameA
TlsFree
DisableThreadLibraryCalls
GetModuleHandleA
GetVersionExA
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetTempFileNameA
GenerateConsoleCtrlEvent
TerminateProcess
OpenProcess
TerminateThread
GetVolumeInformationA
GetVolumeInformationW
GetFileInformationByHandle
CreateFileA
CreateFileW
GetEnvironmentVariableA
GetEnvironmentVariableW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessTimes
InitializeCriticalSection
CloseHandle
SetFileAttributesW
SetFileTime
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemInfo
GetComputerNameA
GetTickCount
GetExitCodeProcess
GetExitCodeThread
LockFileEx
UnlockFileEx
FormatMessageA
LocalFree
LocalAlloc
GetTempPathA
GetStdHandle
SetStdHandle
DeleteFileA
MoveFileExA
MoveFileExW
SetEndOfFile
SetFilePointer
ReadFile
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateProcessA
LoadLibraryExA
LoadLibraryExW
GetDriveTypeA
GetVersionExW
FormatMessageW
GetShortPathNameA
Sleep
CopyFileA
CopyFileW
SetConsoleCtrlHandler
GlobalFree
GetCommandLineW
TlsSetValue
TlsGetValue
WriteFile
DuplicateHandle
RaiseException
InterlockedExchange
SetLastError
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
SetFileAttributesA

user32

KillTimer
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
PeekMessageA
SetTimer
PostThreadMessageA
CharUpperA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupAccountNameA
GetUserNameA

msvcrt

exit
vprintf
fread
vfprintf
memcpy
memmove
strcmp
strchr
_errno
atoi
strcat
strlen
memset
strerror
strncmp
memcmp
_ftol
strcpy
localeconv
setlocale
toupper
tolower
_pctype
__mb_cur_max
_isctype
strxfrm
__p__environ
fflush
qsort
strrchr
_setjmp3
time
abort
longjmp
pow
fmod
floor
_isnan
atan2
sin
cos
rand
srand
exp
log
sqrt
modf
sprintf
gmtime
localtime
frexp
strftime
??3@YAXPAX@Z
wcscpy
wcslen
strncpy
wcscat
wcsncpy
fsetpos
fgetpos
tmpnam
_exit
??2@YAPAXI@Z
__CxxFrameHandler
bsearch
vsprintf
fclose
_iob
fgetc
ungetc
_getpid
_stati64
_wstati64
wcschr
clock
_wunlink
_wutime
_get_osfhandle
_sys_nerr
_adjust_fdiv
realloc
calloc
fwrite
fopen
_wfopen
_wfdopen
freopen
_wfreopen
fputs
fputc
getc
clearerr
_fstati64
_telli64
fseek
rewind
_pipe
_fmode
rename
_lseeki64
_wopen
__doserrno
__pioinfo
_wmkdir
_wrmdir
_wchdir
_waccess
_wchmod
perror
setbuf
setvbuf
fgets
gets
putc
puts
getchar
putchar
malloc
_fcloseall
_initterm
free
_open_osfhandle
_control87
signal
_fdopen
strstr
getenv
_strupr
_access
_getcwd
_isatty
_mktemp
_umask
_execl
_fileno
_close
_stricmp
_unlink
_utime
_mkdir
_wcsicmp
_setmode
_open
_eof
_dup
_dup2
_write
_rmdir
_chdir
_chmod
_execv
_spawnv
_execvp
_flushall

Exports

Exports

PL_AMG_names
PL_check
PL_fold
PL_fold_locale
PL_freq
PL_no_aelem
PL_no_dir_func
PL_no_func
PL_no_helem
PL_no_mem
PL_no_modify
PL_no_myglob
PL_no_security
PL_no_sock_func
PL_no_symref
PL_no_usym
PL_no_wrongref
PL_op_desc
PL_op_name
PL_opargs
PL_ppaddr
PL_regkind
PL_sig_name
PL_sig_num
PL_simple
PL_utf8skip
PL_uuemap
PL_varies
PL_vtbl_amagic
PL_vtbl_amagicelem
PL_vtbl_arylen
PL_vtbl_bm
PL_vtbl_collxfrm
PL_vtbl_dbline
PL_vtbl_defelem
PL_vtbl_env
PL_vtbl_envelem
PL_vtbl_fm
PL_vtbl_glob
PL_vtbl_isa
PL_vtbl_isaelem
PL_vtbl_mglob
PL_vtbl_nkeys
PL_vtbl_pack
PL_vtbl_packelem
PL_vtbl_pos
PL_vtbl_regdata
PL_vtbl_regdatum
PL_vtbl_regexp
PL_vtbl_sig
PL_vtbl_sigelem
PL_vtbl_substr
PL_vtbl_sv
PL_vtbl_taint
PL_vtbl_uvar
PL_vtbl_vec
PL_warn_nl
PL_warn_nosemi
PL_warn_reserved
PL_warn_uninit
PerlIOBase_binmode
PerlIOBase_clearerr
PerlIOBase_close
PerlIOBase_dup
PerlIOBase_eof
PerlIOBase_error
PerlIOBase_fileno
PerlIOBase_popped
PerlIOBase_pushed
PerlIOBase_read
PerlIOBase_setlinebuf
PerlIOBase_unread
PerlIOBuf_bufsiz
PerlIOBuf_fill
PerlIOBuf_flush
PerlIOBuf_get_base
PerlIOBuf_get_cnt
PerlIOBuf_get_ptr
PerlIOBuf_open
PerlIOBuf_popped
PerlIOBuf_pushed
PerlIOBuf_read
PerlIOBuf_seek
PerlIOBuf_set_ptrcnt
PerlIOBuf_tell
PerlIOBuf_unread
PerlIOBuf_write
PerlIO_allocate
PerlIO_apply_layera
PerlIO_apply_layers
PerlIO_arg_fetch
PerlIO_binmode
PerlIO_byte
PerlIO_canset_cnt
PerlIO_crlf
PerlIO_debug
PerlIO_define_layer
PerlIO_exportFILE
PerlIO_fast_gets
PerlIO_fdopen
PerlIO_findFILE
PerlIO_getc
PerlIO_getname
PerlIO_getpos
PerlIO_has_base
PerlIO_has_cntptr
PerlIO_importFILE
PerlIO_init
PerlIO_layer_fetch
PerlIO_list_free
PerlIO_modestr
PerlIO_open
PerlIO_parse_layers
PerlIO_pending
PerlIO_perlio
PerlIO_pop
PerlIO_printf
PerlIO_push
PerlIO_putc
PerlIO_puts
PerlIO_raw
PerlIO_releaseFILE
PerlIO_reopen
PerlIO_rewind
PerlIO_setpos
PerlIO_sprintf
PerlIO_stdio
PerlIO_stdoutf
PerlIO_sv_dup
PerlIO_tmpfile
PerlIO_ungetc
PerlIO_unix
PerlIO_utf8
PerlIO_vprintf
PerlIO_vsprintf
PerlIO_win32
Perl_GNo_ptr
Perl_GYes_ptr
Perl_Gcurinterp_ptr
Perl_Gdo_undump_ptr
Perl_Ghexdigit_ptr
Perl_Glockhook_ptr
Perl_Gop_mutex_ptr
Perl_Gpatleave_ptr
Perl_Grunops_dbg_ptr
Perl_Grunops_std_ptr
Perl_Gsharehook_ptr
Perl_Gthr_key_ptr
Perl_Gthreadhook_ptr
Perl_Gunlockhook_ptr
Perl_Gv_AMupdate
Perl_IArgv_ptr
Perl_ICmd_ptr
Perl_IDBgv_ptr
Perl_IDBline_ptr
Perl_IDBsignal_ptr
Perl_IDBsingle_ptr
Perl_IDBsub_ptr
Perl_IDBtrace_ptr
Perl_IDir_ptr
Perl_IEnv_ptr
Perl_ILIO_ptr
Perl_IMemParse_ptr
Perl_IMemShared_ptr
Perl_IMem_ptr
Perl_IOpPtr_ptr
Perl_IOpSlab_ptr
Perl_IOpSpace_ptr
Perl_IProc_ptr
Perl_ISock_ptr
Perl_IStdIO_ptr
Perl_Iamagic_generation_ptr
Perl_Ian_ptr
Perl_Iargvgv_ptr
Perl_Iargvout_stack_ptr
Perl_Iargvoutgv_ptr
Perl_Ibasetime_ptr
Perl_Ibeginav_ptr
Perl_Ibeginav_save_ptr
Perl_Ibitcount_ptr
Perl_Ibufend_ptr
Perl_Ibufptr_ptr
Perl_Icheckav_ptr
Perl_Icollation_ix_ptr
Perl_Icollation_name_ptr
Perl_Icollation_standard_ptr
Perl_Icollxfrm_base_ptr
Perl_Icollxfrm_mult_ptr
Perl_Icompcv_ptr
Perl_Icompiling_ptr
Perl_Icomppad_name_fill_ptr
Perl_Icomppad_name_floor_ptr
Perl_Icomppad_name_ptr
Perl_Icomppad_ptr
Perl_Icop_seqmax_ptr
Perl_Icopline_ptr
Perl_Icurcopdb_ptr
Perl_Icurstname_ptr
Perl_Icustom_op_descs_ptr
Perl_Icustom_op_names_ptr
Perl_Idbargs_ptr
Perl_Idebstash_ptr
Perl_Idebug_pad_ptr
Perl_Idebug_ptr
Perl_Idef_layerlist_ptr
Perl_Idefgv_ptr
Perl_Idiehook_ptr
Perl_Idoextract_ptr
Perl_Idoswitches_ptr
Perl_Idowarn_ptr
Perl_Ie_script_ptr
Perl_Iegid_ptr
Perl_Iencoding_ptr
Perl_Iendav_ptr
Perl_Ienvgv_ptr
Perl_Ierrgv_ptr
Perl_Ierror_count_ptr
Perl_Ieuid_ptr
Perl_Ieval_root_ptr
Perl_Ieval_start_ptr
Perl_Ievalseq_ptr
Perl_Iexit_flags_ptr
Perl_Iexitlist_ptr
Perl_Iexitlistlen_ptr
Perl_Iexpect_ptr
Perl_Ifdpid_ptr
Perl_Ifilemode_ptr
Perl_Iforkprocess_ptr
Perl_Iformfeed_ptr
Perl_Igensym_ptr
Perl_Igid_ptr
Perl_Iglob_index_ptr
Perl_Iglobalstash_ptr
Perl_Ihe_arenaroot_ptr
Perl_Ihe_root_ptr
Perl_Ihintgv_ptr
Perl_Ihints_ptr
Perl_Iin_clean_all_ptr
Perl_Iin_clean_objs_ptr
Perl_Iin_load_module_ptr
Perl_Iin_my_ptr
Perl_Iin_my_stash_ptr
Perl_Iincgv_ptr
Perl_Iinitav_ptr
Perl_Iinplace_ptr
Perl_Iknown_layers_ptr
Perl_Ilast_lop_op_ptr
Perl_Ilast_lop_ptr
Perl_Ilast_swash_hv_ptr
Perl_Ilast_swash_key_ptr
Perl_Ilast_swash_klen_ptr
Perl_Ilast_swash_slen_ptr
Perl_Ilast_swash_tmps_ptr
Perl_Ilast_uni_ptr
Perl_Ilastfd_ptr
Perl_Ilaststatval_ptr
Perl_Ilaststype_ptr
Perl_Ilex_brackets_ptr
Perl_Ilex_brackstack_ptr
Perl_Ilex_casemods_ptr
Perl_Ilex_casestack_ptr
Perl_Ilex_defer_ptr
Perl_Ilex_dojoin_ptr
Perl_Ilex_expect_ptr
Perl_Ilex_formbrack_ptr
Perl_Ilex_inpat_ptr
Perl_Ilex_inwhat_ptr
Perl_Ilex_op_ptr
Perl_Ilex_repl_ptr
Perl_Ilex_starts_ptr
Perl_Ilex_state_ptr
Perl_Ilex_stuff_ptr
Perl_Ilineary_ptr
Perl_Ilinestr_ptr
Perl_Ilocalpatches_ptr
Perl_Imain_cv_ptr
Perl_Imain_root_ptr
Perl_Imain_start_ptr
Perl_Imax_intro_pending_ptr
Perl_Imaxo_ptr
Perl_Imaxsysfd_ptr
Perl_Imess_sv_ptr
Perl_Imin_intro_pending_ptr
Perl_Iminus_F_ptr
Perl_Iminus_a_ptr
Perl_Iminus_c_ptr
Perl_Iminus_l_ptr
Perl_Iminus_n_ptr
Perl_Iminus_p_ptr
Perl_Imodglobal_ptr
Perl_Imulti_close_ptr
Perl_Imulti_end_ptr
Perl_Imulti_open_ptr
Perl_Imulti_start_ptr
Perl_Imultiline_ptr
Perl_Inexttoke_ptr
Perl_Inexttype_ptr
Perl_Inextval_ptr
Perl_Inice_chunk_ptr
Perl_Inice_chunk_size_ptr
Perl_Inomemok_ptr
Perl_Inullstash_ptr
Perl_Inumeric_compat1_ptr
Perl_Inumeric_local_ptr
Perl_Inumeric_name_ptr
Perl_Inumeric_radix_sv_ptr
Perl_Inumeric_standard_ptr
Perl_Iofmt_ptr
Perl_Ioldbufptr_ptr
Perl_Ioldname_ptr
Perl_Ioldoldbufptr_ptr
Perl_Iop_mask_ptr
Perl_Iop_seqmax_ptr
Perl_Iorigalen_ptr
Perl_Iorigargc_ptr
Perl_Iorigargv_ptr
Perl_Iorigenviron_ptr
Perl_Iorigfilename_ptr
Perl_Iors_sv_ptr
Perl_Iosname_ptr
Perl_Ipad_reset_pending_ptr
Perl_Ipadix_floor_ptr
Perl_Ipadix_ptr
Perl_Ipatchlevel_ptr
Perl_Iperl_destruct_level_ptr
Perl_Iperldb_ptr
Perl_Iperlio_ptr
Perl_Ipidstatus_ptr
Perl_Ipreambleav_ptr
Perl_Ipreambled_ptr
Perl_Ipreprocess_ptr
Perl_Iprofiledata_ptr
Perl_Ipsig_name_ptr
Perl_Ipsig_pend_ptr
Perl_Ipsig_ptr_ptr
Perl_Iptr_table_ptr
Perl_Iregex_pad_ptr
Perl_Iregex_padav_ptr
Perl_Ireplgv_ptr
Perl_Irsfp_filters_ptr
Perl_Irsfp_ptr
Perl_Irunops_ptr
Perl_Isavebegin_ptr
Perl_Isawampersand_ptr
Perl_Ish_path_ptr
Perl_Isig_pending_ptr
Perl_Isighandlerp_ptr
Perl_Isort_RealCmp_ptr
Perl_Isplitstr_ptr
Perl_Isrand_called_ptr
Perl_Istatusvalue_ptr
Perl_Istderrgv_ptr
Perl_Istdingv_ptr
Perl_Istrtab_ptr
Perl_Isub_generation_ptr
Perl_Isubline_ptr
Perl_Isubname_ptr
Perl_Isv_arenaroot_ptr
Perl_Isv_count_ptr
Perl_Isv_no_ptr
Perl_Isv_objcount_ptr
Perl_Isv_root_ptr
Perl_Isv_undef_ptr
Perl_Isv_yes_ptr
Perl_Isys_intern_ptr
Perl_Itaint_warn_ptr
Perl_Itainting_ptr
Perl_Itokenbuf_ptr
Perl_Iuid_ptr
Perl_Iunsafe_ptr
Perl_Iutf8_alnum_ptr
Perl_Iutf8_alnumc_ptr
Perl_Iutf8_alpha_ptr
Perl_Iutf8_ascii_ptr
Perl_Iutf8_cntrl_ptr
Perl_Iutf8_digit_ptr
Perl_Iutf8_graph_ptr
Perl_Iutf8_idcont_ptr
Perl_Iutf8_idstart_ptr
Perl_Iutf8_lower_ptr
Perl_Iutf8_mark_ptr
Perl_Iutf8_print_ptr
Perl_Iutf8_punct_ptr
Perl_Iutf8_space_ptr
Perl_Iutf8_tofold_ptr
Perl_Iutf8_tolower_ptr
Perl_Iutf8_totitle_ptr
Perl_Iutf8_toupper_ptr
Perl_Iutf8_upper_ptr
Perl_Iutf8_xdigit_ptr
Perl_Iuudmap_ptr
Perl_Iwantutf8_ptr
Perl_Iwarnhook_ptr
Perl_Iwidesyscalls_ptr
Perl_Ixiv_arenaroot_ptr
Perl_Ixiv_root_ptr
Perl_Ixnv_arenaroot_ptr
Perl_Ixnv_root_ptr
Perl_Ixpv_arenaroot_ptr
Perl_Ixpv_root_ptr
Perl_Ixpvav_arenaroot_ptr
Perl_Ixpvav_root_ptr
Perl_Ixpvbm_arenaroot_ptr
Perl_Ixpvbm_root_ptr
Perl_Ixpvcv_arenaroot_ptr
Perl_Ixpvcv_root_ptr
Perl_Ixpvhv_arenaroot_ptr
Perl_Ixpvhv_root_ptr
Perl_Ixpviv_arenaroot_ptr
Perl_Ixpviv_root_ptr
Perl_Ixpvlv_arenaroot_ptr
Perl_Ixpvlv_root_ptr
Perl_Ixpvmg_arenaroot_ptr
Perl_Ixpvmg_root_ptr
Perl_Ixpvnv_arenaroot_ptr
Perl_Ixpvnv_root_ptr
Perl_Ixrv_arenaroot_ptr
Perl_Ixrv_root_ptr
Perl_Iyychar_ptr
Perl_Iyydebug_ptr
Perl_Iyyerrflag_ptr
Perl_Iyylval_ptr
Perl_Iyynerrs_ptr
Perl_Iyyval_ptr
Perl_PerlIO_clearerr
Perl_PerlIO_close
Perl_PerlIO_eof
Perl_PerlIO_error
Perl_PerlIO_fileno
Perl_PerlIO_fill
Perl_PerlIO_flush
Perl_PerlIO_get_base
Perl_PerlIO_get_bufsiz
Perl_PerlIO_get_cnt
Perl_PerlIO_get_ptr
Perl_PerlIO_read
Perl_PerlIO_seek
Perl_PerlIO_set_cnt
Perl_PerlIO_set_ptrcnt
Perl_PerlIO_setlinebuf
Perl_PerlIO_stderr
Perl_PerlIO_stdin
Perl_PerlIO_stdout
Perl_PerlIO_tell
Perl_PerlIO_unread
Perl_PerlIO_write
Perl_TSv_ptr
Perl_TXpv_ptr
Perl_Tav_fetch_sv_ptr
Perl_Tbodytarget_ptr
Perl_Tbostr_ptr
Perl_Tchopset_ptr
Perl_Tcolors_ptr
Perl_Tcolorset_ptr
Perl_Tcurcop_ptr
Perl_Tcurpad_ptr
Perl_Tcurpm_ptr
Perl_Tcurstack_ptr
Perl_Tcurstackinfo_ptr
Perl_Tcurstash_ptr
Perl_Tdefoutgv_ptr
Perl_Tdefstash_ptr
Perl_Tdelaymagic_ptr
Perl_Tdirty_ptr
Perl_Tdumpindent_ptr
Perl_Tefloatbuf_ptr
Perl_Tefloatsize_ptr
Perl_Terrors_ptr
Perl_Textralen_ptr
Perl_Tfirstgv_ptr
Perl_Tformtarget_ptr
Perl_Thv_fetch_ent_mh_ptr
Perl_Thv_fetch_sv_ptr
Perl_Tin_eval_ptr
Perl_Tlast_in_gv_ptr
Perl_Tlastscream_ptr
Perl_Tlocalizing_ptr
Perl_Tmainstack_ptr
Perl_Tmarkstack_max_ptr
Perl_Tmarkstack_ptr
Perl_Tmarkstack_ptr_ptr
Perl_Tmaxscream_ptr
Perl_Tna_ptr
Perl_Tnrs_ptr
Perl_Tofs_sv_ptr
Perl_Top_ptr
Perl_Tpeepp_ptr
Perl_Treg_call_cc_ptr
Perl_Treg_curpm_ptr
Perl_Treg_eval_set_ptr
Perl_Treg_flags_ptr
Perl_Treg_ganch_ptr
Perl_Treg_leftiter_ptr
Perl_Treg_magic_ptr
Perl_Treg_match_utf8_ptr
Perl_Treg_maxiter_ptr
Perl_Treg_oldcurpm_ptr
Perl_Treg_oldpos_ptr
Perl_Treg_oldsaved_ptr
Perl_Treg_oldsavedlen_ptr

Sections

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gccg/rm.exe
.exe windows:4 windows x86

8e8f692dedbda0c38c3e9d64ad2c5793

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__mb_cur_max
_isctype
fopen
tolower
putc
_pctype
fgets
strerror
fflush
fclose
realloc
getchar
_ftol
abort
strncpy
vfprintf
calloc
_get_osfhandle
_fstat
_mkdir
_exit
_XcptFilter
strncmp
getenv
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
qsort
bsearch
puts
strchr
malloc
_strlwr
_stat
_errno
_isatty
_unlink
_rmdir
_strdup
_getcwd
_close
_read
_open
_access
_utime
_chsize
_chmod
_iob
fprintf
exit
setlocale
printf
__p___initenv
free
__getmainargs

kernel32

LoadLibraryA
GetLastError
InterlockedExchange
LocalAlloc
RaiseException
FindClose
FindFirstFileA
GetFullPathNameA
CreateFileA
FindNextFileA
FreeLibrary
GetProcAddress
GetFileInformationByHandle
CloseHandle

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Gccg/scripts/common.include
Gccg/tar.exe
.exe windows:4 windows x86

0e91ddeceb0d2f397a70c67d6655c406

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostname
WSAStartup

msvcrt

__mb_cur_max
_pctype
qsort
fputc
strncpy
_isctype
putc
localtime
atol
fwrite
strrchr
strstr
bsearch
realloc
rename
strerror
vfprintf
calloc
gmtime
mktime
strncmp
tolower
_get_osfhandle
_fstat
_mkdir
_dup
_pipe
signal
toupper
_ftol
_exit
_XcptFilter
fgets
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
system
fscanf
fclose
malloc
_errno
sprintf
time
abort
getenv
strchr
atoi
setlocale
_setmode
free
fputs
printf
exit
_iob
fopen
fprintf
fflush
getc
_stat
_strlwr
__p___initenv
_utime
_access
_chsize
_open
_creat
_write
_read
_close
_lseek
_spawnl
_mktemp
_chdir
_unlink
_umask
_chmod
_getcwd
_rmdir
_execl
_strdup

kernel32

InterlockedExchange
LoadLibraryA
LocalAlloc
FreeLibrary
GetProcAddress
GetVersion
FindClose
FindFirstFileA
FindNextFileA
GetFileInformationByHandle
CreateProcessA
GetCurrentProcessId
OpenProcess
TerminateProcess
Sleep
GetExitCodeProcess
FlushFileBuffers
FormatMessageA
LocalFree
CreateFileA
GetFullPathNameA
MultiByteToWideChar
BackupWrite
CloseHandle
GetLastError
GetCurrentProcess
RaiseException

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Gccg/term/ReadLine.pm
Gccg/wget.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 245KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Gccg/what.exe
Gccg/xml/gccg-game.dtd
Gccg/xml/gccg-set.dtd
Gccg/xml/installed.xml
.xml
Gccg/xml/modules.dtd

Sharing

General

Malware Config

Signatures

Files

Password: infected

f83e33ff9fc9deabe19c8b4aaa0647e6

Headers

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 2KB

de4d72131a4bc73df8282d58fbd97329

Headers

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 9KB

f2e08216998da75136edb412ba778d0e

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 320KB

.idata Size: 1KB - Virtual size: 1KB

16a7017ae546e61d4943e15248868268

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 53KB - Virtual size: 52KB

.data Size: 512B - Virtual size: 200B

.bss Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

5fa4f1ae26265dbdc2694c40e4b2229d

Headers

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 6KB

abeffe0303cb666bd26537f361389ce6

Headers

File Characteristics

Imports

msvcrt

perl58

Sections

.text Size: 4KB - Virtual size: 348B

.rdata Size: 4KB - Virtual size: 458B

.data Size: 4KB - Virtual size: 60B

.rsrc Size: 4KB - Virtual size: 2KB

bb730e2e0cf1485d227f2727562afbd1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 9KB

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 320KB

.idata
Size: 1KB - Virtual size: 1KB

.text
Size: 53KB - Virtual size: 52KB

.data
Size: 512B - Virtual size: 200B

.bss
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 6KB

.text
Size: 4KB - Virtual size: 348B

.rdata
Size: 4KB - Virtual size: 458B

.data
Size: 4KB - Virtual size: 60B

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 84KB - Virtual size: 92KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 5KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 24KB - Virtual size: 25KB

UPX0
Size: - Virtual size: 368KB

UPX1
Size: 245KB - Virtual size: 248KB

UPX2
Size: 512B - Virtual size: 4KB