5dbe2f5323706034c02d81af00ab969e0f454dbc0724467a0447b6a2e7fd03d3[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

5dbe2f5323706034c02d81af00ab969e0f454dbc0724467a0447b6a2e7fd03d3.zip.zip
Size

33.4MB
MD5

91c21b65a6c8b97bd1eb55d431b6e680
SHA1

9e16edebb720d36a14d0baca6d7890ecc1447b35
SHA256

af236f91f2226080098f12f67ff0a042fc6d0f206d770c5714f74d8394420e7e
SHA512

d3446a0fe4998225482826305ecd2d137847a5e93dcb9919d50e83335e315b9b272f5c9c69edf5e4572e06561d2d7483636ab8e161756e2208d53b0624605a49
SSDEEP

786432:ZzCwWrDlpomdscwrt/W2PHqlJt0ktxtV6KoRgGzwMavtw:ZzmDlpIr59K50QtVrnDm

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack002/RegOrganizer4/Plugins/Advanced Tweak/advtweak.dll
unpack002/RegOrganizer4/Plugins/Security Settings/security.dll
unpack002/RegOrganizer4/Plugins/TweakSystem/DLL/tweak.dll
unpack002/RegOrganizer4/organizer.exe
unpack002/RegOrganizer4/organizer_orig.exe
unpack002/RegOrganizer4/unins000.exe

Files

5dbe2f5323706034c02d81af00ab969e0f454dbc0724467a0447b6a2e7fd03d3.zip.zip
.zip

Password: infected
5dbe2f5323706034c02d81af00ab969e0f454dbc0724467a0447b6a2e7fd03d3.zip
.zip
RegOrganizer4/File_id.diz
RegOrganizer4/Help/organizer.chm
.chm
RegOrganizer4/License.txt
RegOrganizer4/Plugins/Advanced Tweak/English.lng
RegOrganizer4/Plugins/Advanced Tweak/Russian.lng
RegOrganizer4/Plugins/Advanced Tweak/advtweak.dll
.dll windows:4 windows x86

8afbcc2773ba8e2e74eff06f846f12a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CompareStringA
CreateFileA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetThreadLocale
GetUserDefaultLCID
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedExchange
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
CharToOemA
DestroyWindow
EnumThreadWindows
GetKeyboardType
LoadStringA
MessageBoxA
wsprintfA
GetSystemMetrics

oleaut32

SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

Exports

Exports

_GetPluginInfo
_GetSettingValue
_GetTweakSettingsList
_SetSettingValue
___CPPdebugHook

Sections

.text
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegOrganizer4/Plugins/FluidWindows/FluidWindows.bpf
RegOrganizer4/Plugins/FluidWindows/FluidWindows.bpr
.xml
RegOrganizer4/Plugins/FluidWindows/FluidWindows.lib
RegOrganizer4/Plugins/FluidWindows/Unit1.cpp
RegOrganizer4/Plugins/FluidWindows/readme.txt
RegOrganizer4/Plugins/REGORGANIZER.H
RegOrganizer4/Plugins/Security Settings/English.lng
RegOrganizer4/Plugins/Security Settings/Russian.lng
RegOrganizer4/Plugins/Security Settings/security.dll
.dll windows:4 windows x86

8975db61acbc67bb688643b464432958

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LoadLibraryA
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

_GetPluginInfo
_GetSettingValue
_GetTweakSettingsList
_SetSettingValue
___CPPdebugHook

Sections

.text
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegOrganizer4/Plugins/TweakSystem/DLL/English.lng
RegOrganizer4/Plugins/TweakSystem/DLL/Russian.lng
RegOrganizer4/Plugins/TweakSystem/DLL/tweak.dll
.dll windows:4 windows x86

2fe7e1c2312a2de5e3d092ed12522a8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LoadLibraryA
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

_GetPluginInfo
_GetSettingValue
_GetTweakSettingsList
_SetSettingValue
___CPPdebugHook

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegOrganizer4/Plugins/TweakSystem/Unit1.cpp
.js
RegOrganizer4/Plugins/TweakSystem/tweak.bpf
RegOrganizer4/Plugins/TweakSystem/tweak.bpr
.xml
RegOrganizer4/Plugins/plugins.chm
.chm
RegOrganizer4/Plugins/plugins_rus.chm
.chm
RegOrganizer4/Readme.txt
RegOrganizer4/UninstallInfo/Comparison/1HKCR.reg
RegOrganizer4/UninstallInfo/Comparison/1HKCU.reg
RegOrganizer4/UninstallInfo/Comparison/1HKLM.reg
RegOrganizer4/UninstallInfo/Comparison/2HKCR.reg
RegOrganizer4/UninstallInfo/Comparison/2HKCU.reg
RegOrganizer4/UninstallInfo/Comparison/2HKLM.reg
RegOrganizer4/UninstallInfo/NewApplication/1HKCC.reg
RegOrganizer4/UninstallInfo/NewApplication/1HKCU.reg
RegOrganizer4/UninstallInfo/NewApplication/1HKLM.reg
RegOrganizer4/UninstallInfo/NewApplication/1HKU.reg
RegOrganizer4/UninstallInfo/NewApplication/2HKCC.reg
RegOrganizer4/UninstallInfo/NewApplication/2HKCU.reg
RegOrganizer4/UninstallInfo/NewApplication/2HKLM.reg
RegOrganizer4/UninstallInfo/NewApplication/2HKU.reg
RegOrganizer4/UninstallInfo/NewApplication/crtd_list12.tmp
RegOrganizer4/UninstallInfo/NewApplication/newfiles14.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds1.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds10.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds11.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds12.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds13.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds14.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds2.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds3.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds4.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds5.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds6.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds7.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds8.log
RegOrganizer4/UninstallInfo/NewApplication/newfolds9.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds1.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds10.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds11.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds12.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds13.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds14.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds2.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds3.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds4.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds5.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds6.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds7.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds8.log
RegOrganizer4/UninstallInfo/NewApplication/remfolds9.log
RegOrganizer4/UninstallInfo/NewApplication/remvd_list1.tmp
RegOrganizer4/UninstallInfo/NewApplication/remvd_list10.tmp
RegOrganizer4/UninstallInfo/NewApplication/remvd_list11.tmp
RegOrganizer4/UninstallInfo/NewApplication/remvd_list2.tmp
RegOrganizer4/UninstallInfo/NewApplication/remvd_list3.tmp
RegOrganizer4/UninstallInfo/NewApplication/remvd_list4.tmp
RegOrganizer4/UninstallInfo/NewApplication/remvd_list5.tmp
RegOrganizer4/UninstallInfo/NewApplication/remvd_list6.tmp
RegOrganizer4/UninstallInfo/NewApplication/remvd_list7.tmp
RegOrganizer4/UninstallInfo/NewApplication/remvd_list8.tmp
RegOrganizer4/UninstallInfo/NewApplication/remvd_list9.tmp
RegOrganizer4/UninstallInfo/NewApplication/selection.sel
RegOrganizer4/WhatsNew.txt
RegOrganizer4/cleanfolders.first
RegOrganizer4/default.rpf
RegOrganizer4/excluded.lst
.ps1
RegOrganizer4/filemasks.first
RegOrganizer4/ignore.first
RegOrganizer4/ignore_files.first
RegOrganizer4/optimization.log
RegOrganizer4/organizer.exe
.exe windows:4 windows x86

fbf4486c57818533cef17f805e1d0a12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

AccessCheck

version

GetFileVersionInfoA

winspool.drv

ClosePrinter

comctl32

ImageList_Add

comdlg32

FindTextA

gdi32

BitBlt

msimg32

GradientFill

shell32

ExtractAssociatedIconA

user32

ActivateKeyboardLayout

ole32

CoCreateInstance

oleaut32

GetErrorInfo

shlwapi

SHDeleteKeyW

Sections

Size: 1.2MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RegOrganizer4/organizer_orig.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@@Highlighting@Finalize
@@Highlighting@Initialize
@@Ignorelistsunit@Finalize
@@Ignorelistsunit@Initialize
@@Isfilecannotberemovedunit@Finalize
@@Isfilecannotberemovedunit@Initialize
@@Mixedfunctions@Finalize
@@Mixedfunctions@Initialize
@@Mysplashform@Finalize
@@Mysplashform@Initialize
@@Newstartupentryunit@Finalize
@@Newstartupentryunit@Initialize
@@Optimizeregprogressunit@Finalize
@@Optimizeregprogressunit@Initialize
@@Optimizeregunit@Finalize
@@Optimizeregunit@Initialize
@@Progressunit@Finalize
@@Progressunit@Initialize
@@Purefunctions@Finalize
@@Purefunctions@Initialize
@@Registrationunit@Finalize
@@Registrationunit@Initialize
@@Retrievenewfilemenu@Finalize
@@Retrievenewfilemenu@Initialize
@@Retrieveopenwithmenu@Finalize
@@Retrieveopenwithmenu@Initialize
@@Searchmatchunit@Finalize
@@Searchmatchunit@Initialize
@@Subscriptionexpiredbadunit@Finalize
@@Subscriptionexpiredbadunit@Initialize
@@Subscriptionreminderunit@Finalize
@@Subscriptionreminderunit@Initialize
@@Unit10@Finalize
@@Unit10@Initialize
@@Unit11@Finalize
@@Unit11@Initialize
@@Unit12@Finalize
@@Unit12@Initialize
@@Unit13@Finalize
@@Unit13@Initialize
@@Unit14@Finalize
@@Unit14@Initialize
@@Unit15@Finalize
@@Unit15@Initialize
@@Unit16@Finalize
@@Unit16@Initialize
@@Unit17@Finalize
@@Unit17@Initialize
@@Unit18@Finalize
@@Unit18@Initialize
@@Unit20@Finalize
@@Unit20@Initialize
@@Unit21@Finalize
@@Unit21@Initialize
@@Unit22@Finalize
@@Unit22@Initialize
@@Unit23@Finalize
@@Unit23@Initialize
@@Unit24@Finalize
@@Unit24@Initialize
@@Unit25@Finalize
@@Unit25@Initialize
@@Unit26@Finalize
@@Unit26@Initialize
@@Unit27@Finalize
@@Unit27@Initialize
@@Unit28@Finalize
@@Unit28@Initialize
@@Unit29@Finalize
@@Unit29@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@@Unit30@Finalize
@@Unit30@Initialize
@@Unit31@Finalize
@@Unit31@Initialize
@@Unit32@Finalize
@@Unit32@Initialize
@@Unit33@Finalize
@@Unit33@Initialize
@@Unit34@Finalize
@@Unit34@Initialize
@@Unit35@Finalize
@@Unit35@Initialize
@@Unit36@Finalize
@@Unit36@Initialize
@@Unit37@Finalize
@@Unit37@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@@Unit42@Finalize
@@Unit42@Initialize
@@Unit43@Finalize
@@Unit43@Initialize
@@Unit44@Finalize
@@Unit44@Initialize
@@Unit46@Finalize
@@Unit46@Initialize
@@Unit47@Finalize
@@Unit47@Initialize
@@Unit4@Finalize
@@Unit4@Initialize
@@Unit50@Finalize
@@Unit50@Initialize
@@Unit51@Finalize
@@Unit51@Initialize
@@Unit52@Finalize
@@Unit52@Initialize
@@Unit53@Finalize
@@Unit53@Initialize
@@Unit56@Finalize
@@Unit56@Initialize
@@Unit57@Finalize
@@Unit57@Initialize
@@Unit58@Finalize
@@Unit58@Initialize
@@Unit5@Finalize
@@Unit5@Initialize
@@Unit6@Finalize
@@Unit6@Initialize
@@Unit7@Finalize
@@Unit7@Initialize
@@Unit8@Finalize
@@Unit8@Initialize
@@Unit9@Finalize
@@Unit9@Initialize
_Form10
_Form11
_Form12
_Form13
_Form15
_Form16
_Form17
_Form18
_Form2
_Form20
_Form21
_Form22
_Form24
_Form25
_Form26
_Form27
_Form28
_Form29
_Form3
_Form30
_Form31
_Form32
_Form33
_Form34
_Form35
_Form36
_Form37
_Form38
_Form4
_Form42
_Form43
_Form44
_Form46
_Form47
_Form5
_Form50
_Form51
_Form52
_Form53
_Form56
_Form57
_Form58
_Form6
_Form7
_Form8
_Form9
_GetMsg
_MySplashWnd
_NonVisual
_OptimizeRegForm
_OptimizeRegProgressForm
_ProgressForm
_RegistrationForm
_SearchMatchForm
_SplashForm
_SubscriptionExpiredBadForm
_SubscriptionReminderForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

Size: 700KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 77KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 231KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RegOrganizer4/selection.se1
RegOrganizer4/selection.se2
RegOrganizer4/selection.sel
RegOrganizer4/unins000.dat
RegOrganizer4/unins000.exe
.exe windows:1 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 575KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

8afbcc2773ba8e2e74eff06f846f12a3

Headers

File Characteristics

Imports

advapi32

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 152KB

.data Size: 29KB - Virtual size: 60KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 10KB - Virtual size: 12KB

8975db61acbc67bb688643b464432958

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 32KB

.data Size: 10KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

2fe7e1c2312a2de5e3d092ed12522a8e

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 11KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

fbf4486c57818533cef17f805e1d0a12

Headers

File Characteristics

Imports

kernel32

advapi32

version

winspool.drv

comctl32

comdlg32

gdi32

msimg32

shell32

user32

ole32

oleaut32

shlwapi

Sections

Size: 1.2MB - Virtual size: 6.1MB

.rsrc Size: 312KB - Virtual size: 316KB

Headers

File Characteristics

.text
Size: 150KB - Virtual size: 152KB

.data
Size: 29KB - Virtual size: 60KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 10KB - Virtual size: 12KB

.text
Size: 31KB - Virtual size: 32KB

.data
Size: 10KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 11KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 312KB - Virtual size: 316KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 231KB - Virtual size: 232KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 575KB - Virtual size: 575KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 33KB

.rsrc
Size: 78KB - Virtual size: 78KB