ae46b99690a6f42a7050ce731f3ca4565b641660e56bceeb480d4a50c030e540[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ae46b99690a6f42a7050ce731f3ca4565b641660e56bceeb480d4a50c030e540.zip.zip
Size

866KB
MD5

90309ed1f962858a4b15732dc8ad25a6
SHA1

7be05a6a4ffbe44716527dedc9822a2a61f7d135
SHA256

1a9d986714af70821693e7829dd5a28f955a2e6b2a3572ce1a67b891a8e67c4c
SHA512

b89655766b2046927aa18064aefd31bb785a925ab8e778e771df4f95613d9258f126d1122575ed763ac6ee9081d721c541db5bd4b806373f465c49fe176e4302
SSDEEP

12288:ANLE8bHczAdtXwezZ4xmpchvnBq9l4Yi+SdLPjOPLWDBL7EXW5LoCE21fn2n6+:A9xprAe2Ep8qrilZKPLW97eCoCEA1+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/MauWi_1.0/MauWi V1.0.exe	upx
static1/unpack002/MauWi_1.0/bin/Settings.exe	upx
static1/unpack002/MauWi_1.0/bin/mkisofs.exe	upx
static1/unpack002/MauWi_1.0/bin/wget.exe	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack002/MauWi_1.0/MauWi V1.0.exe
unpack003/out.upx
unpack002/MauWi_1.0/bin/Settings.exe
unpack004/out.upx
unpack002/MauWi_1.0/bin/cygwinb19.dll
unpack002/MauWi_1.0/bin/mkisofs.exe
unpack002/MauWi_1.0/bin/ssed.exe
unpack002/MauWi_1.0/bin/tee.exe
unpack002/MauWi_1.0/bin/wget.exe
unpack006/out.upx

Files

ae46b99690a6f42a7050ce731f3ca4565b641660e56bceeb480d4a50c030e540.zip.zip
.zip

Password: infected
ae46b99690a6f42a7050ce731f3ca4565b641660e56bceeb480d4a50c030e540.zip
.zip
MauWi_1.0/MauWi V1.0.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MauWi_1.0/Source/MauWi V1.0.au3
MauWi_1.0/Source/Settings V1.0.au3
MauWi_1.0/bin/COPYING
MauWi_1.0/bin/Settings.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MauWi_1.0/bin/cygwinb19.dll
.dll windows:4 windows x86

d59a07cb21831cb60bbe53b4912f96fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
IsValidSecurityDescriptor
IsValidSid
LookupAccountNameA
LookupAccountSidA
LookupPrivilegeValueA
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterEventSourceA
ReportEventA
SetKernelObjectSecurity
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CreateProcessAsUserA
DeregisterEventSource
GetFileSecurityA
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSidSubAuthority
GetSidSubAuthorityCount
GetUserNameA
InitializeSecurityDescriptor

kernel32

Beep
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FreeEnvironmentStringsA
FreeLibrary
GetCommState
GetCommTimeouts
GetCommandLineA
GetComputerNameA
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleA
ClearCommBreak
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetEnvironmentStringsA
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
CloseHandle
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetNumberOfConsoleInputEvents
GetPriorityClass
GetProcAddress
GetProcessHeap
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetThreadContext
GetTickCount
GetTimeZoneInformation
GetVersion
GetVolumeInformationA
GetWindowsDirectoryA
HeapAlloc
CopyFileA
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
CreateDirectoryA
LeaveCriticalSection
LoadLibraryA
LockFile
LockFileEx
MapViewOfFile
MapViewOfFileEx
MoveFileA
MoveFileExA
OpenEventA
OpenFileMappingA
CreateEventA
OpenProcess
OpenSemaphoreA
PeekConsoleInputA
PeekNamedPipe
PulseEvent
PurgeComm
CreateFileA
ReadConsoleInputA
CreateFileMappingA
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
ResetEvent
ResumeThread
ScrollConsoleScreenBufferA
SetCommBreak
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
CreateMutexA
SetEvent
SetFileApisToOEM
SetFileAttributesA
SetFilePointer
SetFileTime
SetLastError
SetPriorityClass
SetStdHandle
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
CreatePipe
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TransmitCommChar
CreateProcessA
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
CreateSemaphoreA
WriteConsoleInputA
WriteFile
BackupRead
WriteProcessMemory
CreateThread
DeleteFileA
BackupSeek
DuplicateHandle
EnterCriticalSection
BackupWrite
EscapeCommFunction
ExitProcess
ExitThread

user32

DefWindowProcA
DispatchMessageA
FindWindowA
GetMessageA
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationA
KillTimer
CharToOemA
MessageBoxA
OemToCharW
PostQuitMessage
RegisterClassA
SendMessageA
SetTimer
SetUserObjectSecurity
CreateWindowExA

Exports

Exports

__assert
__assertfail
__cygwin32_exception_handler
__cygwin32_stack_trace
__cygwin_environ
__empty
__eprintf
__errno
__infinity
__main
__srget
__swbuf
__vc__10pinfo_listi
_abort
_abs
_access
_acos
_acosf
_acosh
_acoshf
_alarm
_alloca
_asctime
_asin
_asinf
_asinh
_asinhf
_atan
_atan2
_atan2f
_atanf
_atanh
_atanhf
_atexit
_atof
_atoff
_atoi
_atol
_bcmp
_bcopy
_bsearch
_bzero
_cabs
_cabsf
_calloc
_cbrt
_cbrtf
_ceil
_ceilf
_chdir
_chmod
_chown
_chroot
_clearerr
_clock
_close
_closedir
_closelog
_copysign
_copysignf
_cos
_cosf
_cosh
_coshf
_creat
_ctime
_cuserid
_cwait
_daylight
_difftime
_div
_drem
_dremf
_dup
_dup2
_ecvt
_ecvtbuf
_ecvtf
_endgrent
_endmntent
_endpwent
_erf
_erfc
_erfcf
_erff
_execl
_execle
_execlp
_execv
_execve
_execvp
_exit
_exp
_expf
_expm1
_expm1f
_fabs
_fabsf
_fchmod
_fclose
_fcntl
_fcvt
_fcvtbuf
_fcvtf
_fdopen
_feof
_ferror
_fflush
_ffs
_fgetc
_fgetpos
_fgets
_fileno
_finite
_finitef
_fiprintf
_floor
_floorf
_fmod
_fmodf
_fopen
_fork
_fprintf
_fputc
_fputs
_fread
_free
_freopen
_frexp
_frexpf
_fscanf
_fseek
_fsetpos
_fstat
_fstatfs
_fsync
_ftell
_ftime
_ftruncate
_fwrite
_gcvt
_gcvtf
_get_osfhandle
_getc
_getchar
_getcwd
_getdomainname
_getdtablesize
_getegid
_getenv
_geteuid
_getgid
_getgrent
_getgrgid
_getgrnam
_getgroups
_gethostname
_getlogin
_getmntent
_getpagesize
_getpass
_getpgrp
_getpid
_getppid
_getpwduid
_getpwent
_getpwnam
_getpwuid
_getrusage
_gets
_gettimeofday
_getuid
_getw
_getwd
_gmtime
_htonl
_htons
_hypot
_hypotf
_ilogb
_ilogbf
_index
_infinity
_infinityf
_ioctl
_iprintf
_isalnum
_isalpha
_isascii
_isatty
_iscntrl
_isdigit
_isgraph
_isinf
_isinff
_islower
_isnan
_isnanf
_isprint
_ispunct
_isspace
_isupper
_isxdigit
_kill
_labs
_ldexp
_ldexpf
_ldiv
_link
_localeconv
_localtime
_log
_log10
_log10f
_log1p
_log1pf
_logb
_logbf
_logf
_longjmp
_lseek
_lstat
_malloc
_matherr
_mblen
_mbstowcs
_mbtowc
_memccpy
_memchr
_memcmp
_memcpy
_memmove
_memset
_mkdir
_mknod
_mkstemp
_mktemp
_mktime
_modf
_modff
_mount
_nan
_nanf
_nextafter
_nextafterf
_nice
_ntohl
_ntohs
_open
_opendir
_openlog
_pathconf
_pclose
_perror
_pipe
_popen
_pow
_powf
_printf
_putc
_putchar
_putenv
_puts
_putw
_qsort
_raise
_rand
_read
_readdir
_readlink
_readv
_realloc
_regcomp
_regerror
_regexec
_regfree
_remainder
_remainderf
_remove
_rename
_rewind
_rewinddir
_rindex
_rint
_rintf
_rmdir
_sbrk
_scalb
_scalbf
_scalbn
_scalbnf
_scanf
_select
_setbuf
_setegid
_setenv
_seteuid
_setgid
_setgrent
_setjmp
_setlocale
_setmntent
_setmode
_setpassent
_setpgid
_setpgrp
_setpwent
_setsid
_settimeofday
_setuid
_setvbuf
_sigaction
_sigaddset
_sigdelset
_sigemptyset
_sigfillset
_sigismember
_signal
_significand
_significandf
_sigpending
_sigprocmask
_sigsuspend
_sin
_sinf
_sinh
_sinhf
_siprintf
_sleep
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_sprintf
_sqrt
_sqrtf
_srand
_sscanf
_stat
_statfs
_strace_wm
_strcasecmp
_strcat
_strchr
_strcmp
_strcoll
_strcpy
_strcspn
_strdup
_strerror
_strftime
_strlen
_strlwr
_strncasecmp
_strncat
_strncmp
_strncpy
_strpbrk
_strrchr
_strsep
_strspn
_strstr
_strtod
_strtodf
_strtok
_strtol
_strtoul
_strupr
_strxfrm
_swab
_symlink
_sync
_sysconf
_syslog
_system
_tan
_tanf
_tanh
_tanhf
_tcdrain
_tcflow
_tcflush
_tcgetattr
_tcgetpgrp
_tcsendbreak
_tcsetattr
_tcsetpgrp
_tempnam
_time
_times
_timezone
_tmpfile
_tmpnam
_toascii
_tolower
_toupper
_ttyname
_tzname
_tzset
_umask
_umount
_uname
_ungetc
_unlink
_unsetenv
_usleep
_utime
_utimes
_vfiprintf
_vfork
_vfprintf
_vhangup
_vprintf
_vsprintf
_wait
_waitpid
_wcscmp
_wcslen
_wcstombs
_wctomb
_wprintf
_write
_writev
abort
abs
accept
access
acos
acosf
acosh
acoshf
alarm
asctime
asin
asinf
asinh
asinhf
atan
atan2
atan2f
atanf
atanh
atanhf
atexit
atof
atoff
atoi
atol
bcmp
bcopy
bind
bsearch
bzero
cabs
cabsf
calloc
cbrt
cbrtf
ceil
ceilf
cfgetispeed
cfgetospeed
cfsetispeed
cfsetospeed
chdir
chmod
chown
chroot
cleanup_glue
clearerr
clock
close
closedir
closelog
connect
copysign
copysignf
cos
cosf
cosh
coshf
creat
ctermid
ctime
cuserid
cwait
cygwin32_conv_to_full_posix_path
cygwin32_conv_to_full_win32_path
cygwin32_conv_to_posix_path
cygwin32_conv_to_win32_path
cygwin32_detach_dll
cygwin32_getshared
cygwin32_posix_path_list_p
cygwin32_posix_to_win32_path_list
cygwin32_posix_to_win32_path_list_buf_size
cygwin32_split_path

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MauWi_1.0/bin/mkisofs.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 124KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MauWi_1.0/bin/ssed.exe
.exe windows:4 windows x86

5766190a92b5a9f0f65e7344f58c63d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cygwinb19

__srget
__swbuf
calloc
dll_crt0__FP11per_process
dll_dllcrt0
exit
fclose
fflush
fileno
fopen
fprintf
fread
free
ftell
fwrite
getenv
isatty
malloc
memchr
__errno
memcpy
memmove
memset
printf
realloc
setlocale
sprintf
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strtoul
__main
ungetc
vfprintf
vsprintf

kernel32

GetModuleHandleA

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 352B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MauWi_1.0/bin/tee.exe
.exe windows:4 windows x86

154a3e3be799e1bcabf04dac8419cf6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostname

msvcrt

strncmp
strcmp
strlen
malloc
_sys_nerr
getenv
signal
calloc
realloc
strchr
strncpy
_strlwr
_stat
sprintf
_sys_errlist
_exit
_XcptFilter
__p___initenv
__getmainargs
fflush
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
putc
free
_iob
fprintf
exit
printf
_errno
_fstat
_get_osfhandle
_initterm
_write
_unlink
_close
_read
_open
_utime
_mktemp
_access
_chsize

kernel32

GetFileInformationByHandle
CreateFileA
CreateProcessA
GetCurrentProcessId
OpenProcess
TerminateProcess
CloseHandle
GetExitCodeProcess
GetVersion
GetFullPathNameA
Sleep

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MauWi_1.0/bin/wget.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MauWi_1.0/cmd/download.cmd
MauWi_1.0/cmd/postdownload.cmd
MauWi_1.0/static/exclude-list.txt
MauWi_1.0/static/msxsl_static.txt
MauWi_1.0/static/sucatalog_static.txt
MauWi_1.0/xslt/ExtractUrls_all.xsl
.xml
MauWi_1.0/xslt/ExtractUrls_apps.xsl
.xml
MauWi_1.0/xslt/ExtractUrls_dist.xsl
.xml
MauWi_1.0/xslt/ExtractUrls_intel.xsl
.xml
MauWi_1.0/xslt/ExtractUrls_ppc.xsl
.xml

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 300KB

UPX1 Size: 187KB - Virtual size: 188KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 340KB - Virtual size: 339KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 9KB - Virtual size: 75KB

.rsrc Size: 14KB - Virtual size: 16KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 300KB

UPX1 Size: 187KB - Virtual size: 188KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 340KB - Virtual size: 339KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 9KB - Virtual size: 75KB

.rsrc Size: 14KB - Virtual size: 16KB

d59a07cb21831cb60bbe53b4912f96fe

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 320KB - Virtual size: 319KB

.bss Size: - Virtual size: 6KB

.data Size: 14KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 7KB

.edata Size: 17KB - Virtual size: 16KB

.idata Size: 6KB - Virtual size: 6KB

.reloc Size: 19KB - Virtual size: 18KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 364KB

UPX1 Size: 124KB - Virtual size: 128KB

UPX2 Size: 512B - Virtual size: 4KB

5766190a92b5a9f0f65e7344f58c63d5

Headers

File Characteristics

Imports

cygwinb19

kernel32

Sections

.text Size: 74KB - Virtual size: 74KB

.bss Size: - Virtual size: 352B

.data Size: 1024B - Virtual size: 740B

.rdata Size: 512B - Virtual size: 20B

.idata Size: 1KB - Virtual size: 1KB

154a3e3be799e1bcabf04dac8419cf6f

Headers

File Characteristics

Imports

wsock32

msvcrt

kernel32

Sections

.text Size: 12KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 300KB

UPX1
Size: 187KB - Virtual size: 188KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 9KB - Virtual size: 75KB

.rsrc
Size: 14KB - Virtual size: 16KB

UPX0
Size: - Virtual size: 300KB

UPX1
Size: 187KB - Virtual size: 188KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 9KB - Virtual size: 75KB

.rsrc
Size: 14KB - Virtual size: 16KB

.text
Size: 320KB - Virtual size: 319KB

.bss
Size: - Virtual size: 6KB

.data
Size: 14KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 7KB

.edata
Size: 17KB - Virtual size: 16KB

.idata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 19KB - Virtual size: 18KB

UPX0
Size: - Virtual size: 364KB

UPX1
Size: 124KB - Virtual size: 128KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 74KB - Virtual size: 74KB

.bss
Size: - Virtual size: 352B

.data
Size: 1024B - Virtual size: 740B

.rdata
Size: 512B - Virtual size: 20B

.idata
Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 176KB

UPX1
Size: 73KB - Virtual size: 76KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 156KB - Virtual size: 154KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 44KB - Virtual size: 77KB