bat2exe-2[.]0[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

bat2exe-2.0.zip
Size

4.4MB
MD5

3f502b97c67b44f2ab2ef0990548e88d
SHA1

84d71baaff99e4064b6358087a788e083eb0a829
SHA256

c70c3f8d0ab9bcf20aa55cd26864a38b0a2e92169e704f5ce227caed08392d10
SHA512

cf8c0e8e6dba972862216d3ced9dfd3a5d86b3e04545ec7b9f37289d267cc2268e3055fdf08fcf3bd57756a94c45fede196cd1a059b95e9015e66c13c978a8a5
SSDEEP

98304:voja+DyRAGFf/CndjAjbtQ0z8m7coU8eZP4IhmxLYZ4XHOoBU7MUr0q9:F+hGFf/mFEKw79YZP4BxFBUz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/bat2exe-2.0/source/archiv/bat2exe_12.exe	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ResHacker.exe
unpack001/bat2exe-2.0/source/archiv/bat2exe_12.exe
unpack003/out.upx
unpack001/bat2exe-2.0/source/workspace/bin/7z.dll
unpack001/bat2exe-2.0/source/workspace/bin/7z.exe
unpack001/bat2exe-2.0/source/workspace/bin/7zSD.sfx
unpack001/bat2exe-2.0/source/workspace/bin/choice.exe
unpack001/bat2exe-2.0/source/workspace/bin/rcedit-x64.exe
unpack001/bat2exe-2.0/upload/bat2exe.exe

Files

bat2exe-2.0.zip
.zip
bat2exe-2.0/README.md
bat2exe-2.0/source/archiv/ResHacker.exe.zip
.zip
ResHacker.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 736KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
__MACOSX/._ResHacker.exe
bat2exe-2.0/source/archiv/bat2exe.bat
.bat .vbs
bat2exe-2.0/source/archiv/bat2exe_12.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bat2exe-2.0/source/archiv/bat2exe_drs.bat
.bat .vbs
bat2exe-2.0/source/archiv/bat2exe_drs.comment.txt
bat2exe-2.0/source/changelog.txt
bat2exe-2.0/source/dev_readme.txt
bat2exe-2.0/source/icons/bat2exe.ico
bat2exe-2.0/source/icons/bat2exe_2_square.png
.png
bat2exe-2.0/source/icons/bat2exe_2_square.psd
bat2exe-2.0/source/icons/bat2exe_48.png
.png
bat2exe-2.0/source/manifest.xml
.xml
bat2exe-2.0/source/readme.txt
bat2exe-2.0/source/release_notes.txt
bat2exe-2.0/source/todo.txt
bat2exe-2.0/source/version_info.txt
bat2exe-2.0/source/workspace/bat2exe.cmd
.cmd .vbs
bat2exe-2.0/source/workspace/bin/7z.dll
.dll windows:4 windows x64

59ef176afc4bbbde44ead881d98fd4e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

VariantClear
SysAllocString
SysAllocStringByteLen
SysFreeString
VariantCopy

user32

CharUpperW
CharPrevExA
CharLowerW
CharNextA

msvcrt

memcmp
_purecall
strlen
free
realloc
__CxxFrameHandler
memmove
_CxxThrowException
memcpy
strcmp
memset
_beginthreadex
__C_specific_handler
__dllonexit
??1type_info@@UEAA@XZ
_onexit
?terminate@@YAXXZ
_initterm
malloc

kernel32

Sleep
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
GetModuleHandleW
GetProcAddress
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateFileW
SetFileAttributesW
DeleteFileW
GetTempPathW
GetTempFileNameW
GetLastError

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 911KB - Virtual size: 910KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bat2exe-2.0/source/workspace/bin/7z.exe
.exe windows:4 windows x64

319d7f6471d5cbc5b2256002cf87b18c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysStringByteLen
SysFreeString

user32

CharNextA
CharUpperW
CharUpperA

advapi32

AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW

msvcrt

_XcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UEAA@XZ
__C_specific_handler
_beginthreadex
_isatty
wcslen
fputc
fflush
_iob
_c_exit
fgetc
fclose
free
malloc
memmove
memcmp
memcpy
fprintf
strlen
fputs
memset
__CxxFrameHandler
_CxxThrowException
_exit
_cexit
exit
__getmainargs
__initenv
_initterm
__setusermatherr
_commode
_fmode
__set_app_type

kernel32

VirtualAlloc
VirtualFree
GetModuleHandleW
WaitForSingleObject
SetEvent
InitializeCriticalSection
SetConsoleMode
SetCurrentDirectoryW
GetProcAddress
GetProcessTimes
GetTickCount
UnmapViewOfFile
OpenEventW
MapViewOfFile
OpenFileMappingW
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
GlobalMemoryStatusEx
GetSystemInfo
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
DeviceIoControl
FindNextFileW
FindFirstFileW
FindClose
GetFullPathNameW
lstrlenW
GetTempFileNameW
GetTempPathW
SearchPathW
GetCurrentDirectoryW
DeleteFileW
CreateDirectoryW
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetCommandLineW
SetFileApisToOEM
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetConsoleMode
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
GetWindowsDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetLastError

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bat2exe-2.0/source/workspace/bin/7zSD.sfx
.exe windows:4 windows x86

12f12d364f5f6a801e52c9dce28d1965

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
SysAllocString

user32

SendMessageA
SetTimer
KillTimer
DialogBoxParamA
SetWindowLongA
GetWindowLongA
SetWindowTextW
SetWindowTextA
LoadIconA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
DestroyWindow
EndDialog
PostMessageA
ShowWindow
MessageBoxW
GetDlgItem
DialogBoxParamW

shell32

ShellExecuteExA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memcpy
free
malloc
_CxxThrowException
_purecall
memmove
__CxxFrameHandler
memcmp

kernel32

GetCommandLineW
GetStartupInfoA
GetModuleHandleA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventA
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetStdHandle
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
GetTempFileNameA
GetTempPathA
GetCurrentDirectoryA
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
RemoveDirectoryW
SetFileAttributesW
RemoveDirectoryA
SetFileAttributesA
SetLastError
CreateFileW
SetFileTime
GetWindowsDirectoryA
FormatMessageW
FormatMessageA
LocalFree
GetModuleFileNameW
GetModuleFileNameA
AreFileApisANSI
GetLastError
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
WaitForSingleObject
CloseHandle
CreateProcessA
SetCurrentDirectoryA
GetVersionExA
LeaveCriticalSection
EnterCriticalSection

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bat2exe-2.0/source/workspace/bin/browse.vbs
.vbs
bat2exe-2.0/source/workspace/bin/choice.exe
.exe windows:4 windows x86

7778a16b79032e1872dcec133df3391e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperA
wsprintfA
CharUpperBuffA

kernel32

TlsSetValue
TlsAlloc
ExitProcess
GetCommandLineA
lstrlenA
lstrcatA
WriteFile
Beep
ReadFile
WaitForSingleObject
FlushConsoleInputBuffer
SetConsoleMode
GetConsoleMode
lstrcpyA
CreateFileA
GetStdHandle
GetVersion
TerminateProcess
GetCurrentProcess
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId
LoadLibraryA
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
VirtualAlloc
GetProcAddress
GetStringTypeA
GetStringTypeW
SetFilePointer
FlushFileBuffers
SetStdHandle
CloseHandle
GetLocaleInfoA
GetLocaleInfoW
LCMapStringA
LCMapStringW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bat2exe-2.0/source/workspace/bin/rcedit-x64.exe
.exe windows:5 windows x64

02eb6c917f376ad581f4e045e3c6628a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DecodePointer
FreeResource
LockResource
FreeLibrary
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
ReadFile
SetFilePointer
CloseHandle
LoadLibraryExW
FindResourceW
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
OutputDebugStringW
SetEndOfFile
ReadConsoleW
GetCurrentDirectoryW
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetFullPathNameW
GetFullPathNameA
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
GetDriveTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringA
CreateThread
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetCurrentDirectoryW
RtlUnwind

user32

UnregisterClassW

Sections

.text
Size: 962KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bat2exe-2.0/upload/bat2exe.exe
.exe windows:4 windows x86

12f12d364f5f6a801e52c9dce28d1965

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
SysAllocString

user32

SendMessageA
SetTimer
KillTimer
DialogBoxParamA
SetWindowLongA
GetWindowLongA
SetWindowTextW
SetWindowTextA
LoadIconA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
DestroyWindow
EndDialog
PostMessageA
ShowWindow
MessageBoxW
GetDlgItem
DialogBoxParamW

shell32

ShellExecuteExA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memcpy
free
malloc
_CxxThrowException
_purecall
memmove
__CxxFrameHandler
memcmp

kernel32

GetCommandLineW
GetStartupInfoA
GetModuleHandleA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventA
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetStdHandle
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
GetTempFileNameA
GetTempPathA
GetCurrentDirectoryA
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
RemoveDirectoryW
SetFileAttributesW
RemoveDirectoryA
SetFileAttributesA
SetLastError
CreateFileW
SetFileTime
GetWindowsDirectoryA
FormatMessageW
FormatMessageA
LocalFree
GetModuleFileNameW
GetModuleFileNameA
AreFileApisANSI
GetLastError
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
WaitForSingleObject
CloseHandle
CreateProcessA
SetCurrentDirectoryA
GetVersionExA
LeaveCriticalSection
EnterCriticalSection

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 736KB - Virtual size: 736KB

DATA Size: 9KB - Virtual size: 9KB

BSS Size: - Virtual size: 9KB

.idata Size: 10KB - Virtual size: 9KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 38KB - Virtual size: 38KB

.rsrc Size: 201KB - Virtual size: 201KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 76KB

UPX1 Size: 52KB - Virtual size: 56KB

.rsrc Size: 17KB - Virtual size: 20KB

Headers

File Characteristics

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 17KB - Virtual size: 16KB

59ef176afc4bbbde44ead881d98fd4e4

Headers

File Characteristics

Imports

oleaut32

user32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 911KB - Virtual size: 910KB

.rdata Size: 281KB - Virtual size: 281KB

.data Size: 16KB - Virtual size: 38KB

.pdata Size: 74KB - Virtual size: 74KB

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 10KB - Virtual size: 9KB

319d7f6471d5cbc5b2256002cf87b18c

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 182KB - Virtual size: 181KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 2KB - Virtual size: 11KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 784B

12f12d364f5f6a801e52c9dce28d1965

Headers

File Characteristics

Imports

oleaut32

user32

shell32

msvcrt

kernel32

Sections

.text Size: 81KB - Virtual size: 80KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 10KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 17KB - Virtual size: 17KB

7778a16b79032e1872dcec133df3391e

Headers

File Characteristics

CODE
Size: 736KB - Virtual size: 736KB

DATA
Size: 9KB - Virtual size: 9KB

BSS
Size: - Virtual size: 9KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 38KB - Virtual size: 38KB

.rsrc
Size: 201KB - Virtual size: 201KB

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 52KB - Virtual size: 56KB

.rsrc
Size: 17KB - Virtual size: 20KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 911KB - Virtual size: 910KB

.rdata
Size: 281KB - Virtual size: 281KB

.data
Size: 16KB - Virtual size: 38KB

.pdata
Size: 74KB - Virtual size: 74KB

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 182KB - Virtual size: 181KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 2KB - Virtual size: 11KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 784B

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 10KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 17KB - Virtual size: 17KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 13KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 962KB - Virtual size: 961KB

.rdata
Size: 243KB - Virtual size: 242KB

.data
Size: 11KB - Virtual size: 21KB

.pdata
Size: 42KB - Virtual size: 42KB

.idata
Size: 5KB - Virtual size: 5KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 10KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 17KB - Virtual size: 17KB