23a55912c1e3b71954fe4179d1c338bf25be25f1e49fea8a1b0568dad13e4468

Sharing

Copy URL Twitter E-mail

General

Target

23a55912c1e3b71954fe4179d1c338bf25be25f1e49fea8a1b0568dad13e4468
Size

1.4MB
MD5

9cd22f633f7c80b582f9998a99676ac4
SHA1

5c2bca5cac7e905675a7e0f89a67f1cdee1a013f
SHA256

23a55912c1e3b71954fe4179d1c338bf25be25f1e49fea8a1b0568dad13e4468
SHA512

6cd176018ecfa1d84cc80abd5cd1a395e97f66bc0235695dd0e94c4e98f6d5893b61afbbe27a0c8ab29a554ad8760c20ee34636d716d9bdce3202e796908359b
SSDEEP

24576:+KHGhjRufKg4Am+Q054EgJ/35MhsvMhTQfX6fqFzB4vyiWEcum+nR53zlgk:+KHGhjRGIg4ph3YaMxQfGGaKMcD2j3z7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/wget.exe	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/grep254.exe
unpack001/instsrv.exe
unpack001/libiconv2.dll
unpack001/libintl3.dll
unpack001/pcre3.dll
unpack001/regex2.dll
unpack001/sleep.exe
unpack001/srvany.exe
unpack001/wget.exe

Files

23a55912c1e3b71954fe4179d1c338bf25be25f1e49fea8a1b0568dad13e4468
.zip
dynv6.bat
grep254.exe
.exe windows:4 windows x86

28a0f7f1ddf7638e14947a644f0e70c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libintl3

libintl_bindtextdomain
libintl_fprintf
libintl_gettext
libintl_printf
libintl_textdomain
libintl_vfprintf

pcre3

pcre_compile
pcre_exec
pcre_maketables
pcre_study
regcomp
regexec
regfree

regex2

re_compile_pattern
re_match
re_search
re_set_syntax

kernel32

ExitProcess
GetFileAttributesA
GetLastError
SetUnhandledExceptionFilter
VirtualProtect

msvcrt

_close
_isatty
_lseek
_open
_read
_setmode
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_filbuf
_findclose
_findfirst
_findnext
_flsbuf
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
_stati64
_stricmp
abort
atexit
calloc
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fread
free
fwrite
getenv
iswctype
malloc
memchr
memcpy
memmove
memset
realloc
setlocale
signal
strchr
strcmp
strcoll
strcpy
strerror
strlen
strncmp
strncpy
strrchr
tolower
toupper
towlower
towupper
wcscoll

msvcp60

mbrlen
mbrtowc
wcrtomb
wctype

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
install_server.bat
instsrv.exe
.exe windows:5 windows x86

53d338fb5ceeb033459bc873d466d86d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateServiceA
DeleteService
OpenServiceA
EnumServicesStatusA
OpenSCManagerA
CloseServiceHandle

kernel32

GetLastError
CreateFileA
GetDriveTypeA
lstrcmpiA
lstrlenA
lstrcpyA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
LoadLibraryA
Sleep
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetFilePointer
GetLocaleInfoA
VirtualProtect
GetSystemInfo
SetStdHandle
CloseHandle
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
libiconv2.dll
.dll windows:4 windows x86

ed8758776691be3ae1f6411e68b51715

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetACP
GetAtomNameA
GetModuleFileNameA
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte

msvcrt

_strdup
__dllonexit
__lc_codepage
__mb_cur_max
_assert
_errno
abort
fflush
free
malloc
memcpy
memset
qsort
sprintf
strchr
strcmp
strcpy
strncmp

Exports

Exports

DllGetVersion
_libiconv_version
aliases2_lookup
aliases_lookup
iconv_canonicalize
libiconv
libiconv_close
libiconv_open
libiconv_relocate
libiconv_set_relocation_prefix
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 883KB - Virtual size: 883KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 656B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 393B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libintl3.dll
.dll windows:4 windows x86

11d4cea984db7aee4eb18d2031242a3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libiconv2

libiconv
libiconv_close
libiconv_open
libiconv_set_relocation_prefix

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

AddAtomA
AreFileApisANSI
CloseHandle
CreateDirectoryA
CreateFileA
DeviceIoControl
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetACP
GetAtomNameA
GetCurrentDirectoryA
GetDiskFreeSpaceA
GetDriveTypeA
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadLocale
GetTimeZoneInformation
GetVersion
GetVersionExA
GetVolumeInformationA
HeapAlloc
HeapFree
LoadLibraryA
MultiByteToWideChar
PeekNamedPipe
SearchPathA
SetErrorMode
UnlockFile
lstrcmpiA
lstrcpyA

msvcrt

_chmod
_close
_getpid
_open
_read
_strdup
_stricmp
__dllonexit
__mb_cur_max
_assert
_close
_errno
_fdopen
_filelengthi64
_flsbuf
_get_osfhandle
_getcwd
_iob
_isctype
_open
_pctype
_snprintf
_snwprintf
_stricmp
_vsnprintf
_vsnwprintf
abort
calloc
ctime
fclose
fflush
fgets
fopen
fprintf
fputwc
free
fwrite
getenv
isalpha
malloc
memcpy
printf
realloc
setlocale
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtoul
tolower
toupper
vfprintf
vfwprintf
vsprintf
wcschr

ole32

CoCreateInstance
CoUninitialize
OleInitialize

Exports

Exports

DllGetVersion
_nl_expand_alias
_nl_explode_name
_nl_find_domain
_nl_find_language
_nl_find_msg
_nl_free_domain_conv
_nl_init_domain_conv
_nl_language_preferences_default
_nl_load_domain
_nl_locale_name
_nl_locale_name_default
_nl_locale_name_posix
_nl_log_untranslated
_nl_make_l10nflist
_nl_msg_cat_cntr
_nl_normalize_codeset
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
libintl_asprintf
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcigettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_fprintf
libintl_fwprintf
libintl_gettext
libintl_gettext_extract_plural
libintl_gettext_free_exp
libintl_gettext_germanic_plural
libintl_gettextparse
libintl_ngettext
libintl_nl_current_default_domain
libintl_nl_default_default_domain
libintl_nl_default_dirname
libintl_nl_domain_bindings
libintl_printf
libintl_relocate
libintl_set_relocation_prefix
libintl_snprintf
libintl_sprintf
libintl_swprintf
libintl_textdomain
libintl_vasnprintf
libintl_vasnwprintf
libintl_vasprintf
libintl_vfprintf
libintl_vfwprintf
libintl_vprintf
libintl_vsnprintf
libintl_vsprintf
libintl_vswprintf
libintl_vwprintf
libintl_wprintf
locale_charset
ngettext
st_flags
textdomain

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pcre3.dll
.dll windows:4 windows x86

f867eaba1f47d94594c5bf1041b8c10b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

__dllonexit
__mb_cur_max
_assert
_errno
_isctype
_pctype
abort
fflush
free
malloc
memcpy
memmove
memset
sprintf
strchr
strcmp
strncmp
strncpy
tolower
toupper

Exports

Exports

DllGetVersion
pcre_callout
pcre_compile
pcre_compile2
pcre_config
pcre_copy_named_substring
pcre_copy_substring
pcre_dfa_exec
pcre_exec
pcre_free
pcre_free_substring
pcre_free_substring_list
pcre_fullinfo
pcre_get_named_substring
pcre_get_stringnumber
pcre_get_stringtable_entries
pcre_get_substring
pcre_get_substring_list
pcre_info
pcre_maketables
pcre_malloc
pcre_refcount
pcre_stack_free
pcre_stack_malloc
pcre_study
pcre_version
regcomp
regerror
regexec
regfree

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 817B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
regex2.dll
.dll windows:4 windows x86

034666ac012e8ddbed7c20dac60b4b4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

__dllonexit
__mb_cur_max
_assert
_errno
_isctype
_pctype
_stricmp
abort
calloc
fflush
free
getenv
malloc
memcpy
memmove
memset
realloc
strchr
tolower
toupper

Exports

Exports

DllGetVersion
re_comp
re_compile_fastmap
re_compile_pattern
re_exec
re_match
re_match_2
re_search
re_search_2
re_set_registers
re_set_syntax
re_syntax_options
regcomp
regerror
regexec
regfree

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 256B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 403B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
remove_server.bat
sleep.exe
.exe windows:5 windows x86

4071638676adce7efb5c1cade69124e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_exit
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_c_exit
_adjust_fdiv
printf

kernel32

Sleep
GlobalMemoryStatus

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
srvany.exe
.exe windows:5 windows x86

42cccb59fb52078015be74288575c424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
GetDesktopWindow

kernel32

GetLastError
ExitThread
Sleep
CreateProcessA
SetCurrentDirectoryA
ExitProcess
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
GetCurrentProcess
SetEvent
CloseHandle
TerminateProcess
GetSystemTimeAsFileTime

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__getmainargs
exit
_cexit
_XcptFilter
_exit
_c_exit
_open
_read
_lseek
_close
_except_handler3
strncmp
_stricmp
malloc
free
__initenv

advapi32

SetServiceStatus
RegCloseKey
RegQueryValueExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegOpenKeyExA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wget.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 542KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

28a0f7f1ddf7638e14947a644f0e70c3

Headers

File Characteristics

Imports

libintl3

pcre3

regex2

kernel32

msvcrt

msvcp60

Sections

.text Size: 75KB - Virtual size: 75KB

.data Size: 10KB - Virtual size: 10KB

.bss Size: - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

53d338fb5ceeb033459bc873d466d86d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.data Size: 2KB - Virtual size: 8KB

ed8758776691be3ae1f6411e68b51715

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 89KB

.data Size: 512B - Virtual size: 80B

.rdata Size: 883KB - Virtual size: 883KB

.bss Size: - Virtual size: 656B

.edata Size: 512B - Virtual size: 393B

.idata Size: 1024B - Virtual size: 808B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

11d4cea984db7aee4eb18d2031242a3e

Headers

File Characteristics

Imports

libiconv2

advapi32

kernel32

msvcrt

ole32

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 85KB

.data Size: 512B - Virtual size: 192B

.bss Size: - Virtual size: 1KB

.edata Size: 2KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

f867eaba1f47d94594c5bf1041b8c10b

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 84KB

.data Size: 25KB - Virtual size: 24KB

.rdata Size: 12KB - Virtual size: 11KB

.bss Size: - Virtual size: 224B

.text
Size: 75KB - Virtual size: 75KB

.data
Size: 10KB - Virtual size: 10KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 8KB

.text
Size: 90KB - Virtual size: 89KB

.data
Size: 512B - Virtual size: 80B

.rdata
Size: 883KB - Virtual size: 883KB

.bss
Size: - Virtual size: 656B

.edata
Size: 512B - Virtual size: 393B

.idata
Size: 1024B - Virtual size: 808B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 86KB - Virtual size: 85KB

.data
Size: 512B - Virtual size: 192B

.bss
Size: - Virtual size: 1KB

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 84KB - Virtual size: 84KB

.data
Size: 25KB - Virtual size: 24KB

.rdata
Size: 12KB - Virtual size: 11KB

.bss
Size: - Virtual size: 224B

.edata
Size: 1024B - Virtual size: 817B

.idata
Size: 1024B - Virtual size: 676B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 66KB - Virtual size: 66KB

.data
Size: 512B - Virtual size: 48B

.rdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 256B

.edata
Size: 512B - Virtual size: 403B

.idata
Size: 1024B - Virtual size: 676B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 36B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 132B

UPX0
Size: - Virtual size: 1.0MB

UPX1
Size: 542KB - Virtual size: 544KB

UPX2
Size: 512B - Virtual size: 4KB