gh0strat | 86c418096e2533418e79ec65ffd473c3

Sharing

Copy URL

Twitter E-mail

General

Target

86c418096e2533418e79ec65ffd473c3
Size

4.4MB
MD5

86c418096e2533418e79ec65ffd473c3
SHA1

0e8d2ebb599093b85e2d65e733d2d2083bdc35c7
SHA256

363f5a363ad3bc76480a844cd61806a73dd4ef88091a46fb0377aa2981d8970c
SHA512

7ef22ff44c2af43efea096a833797f5a5213d157268f6b0f1c90e2f3be7f08656abbb76314d5db8d0555fc7f275e1b4bd301eb90daa8079204ace547d174f2a0
SSDEEP

98304:IXyF1zqP99IVqotcasEo+FjdknYBPKY+6XJBlyBc:I9KokZ4HY+6XJPyBc

Score

10^/10

upx gh0strat mrblack

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/Stock.EXE	family_gh0strat

Gh0strat family
gh0strat

MrBlack trojan 2 IoCs

resource	yara_rule
static1/unpack001/nga88666	family_mrblack
static1/unpack001/ngb88666	family_mrblack

Mrblack family
mrblack

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Auto1433.exe	upx
static1/unpack001/Autoqq.exe	upx
static1/unpack001/auto.exe	upx
static1/unpack001/hf.exe	upx
static1/unpack001/hkwcxz	upx
static1/unpack001/wc.exe	upx
static1/unpack001/wcxz.exe	upx

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/48080.exe
unpack001/88666.exe
unpack001/Auto1433.exe
unpack001/Autoqq.exe
unpack001/Stock.EXE
unpack001/auto.exe
unpack001/conime.exe
unpack001/hf.exe
unpack001/wc.exe
unpack001/wcxz.exe
unpack001/xda.exe
unpack001/xda5.exe

Files

86c418096e2533418e79ec65ffd473c3
.rar
48080.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 84KB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wtq
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
88666.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.gda
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Auto1433.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.khe
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Autoqq.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jgd
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
NetSyst77.dll
Stock.EXE
.exe windows:4 windows x86 arch:x86

7ee64a6b09987b192c82177cf659fa41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_beginthreadex
_except_handler3
atoi
strncpy
atol
free
realloc
exit
strrchr
_mkdir
malloc
puts
??2@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler
strstr
_ftol
ceil
memmove
_setmbcp
_stricmp
_strcmpi
??3@YAXPAX@Z

mfc42

ord6376
ord3749
ord5064
ord1727
ord5248
ord2444
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3730
ord554
ord807
ord6215
ord6197
ord2080
ord5882
ord2012
ord4268
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5241
ord6374
ord5280
ord5065
ord5261
ord2446
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord2055
ord4613
ord1945
ord4273
ord4589
ord4899
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord5290
ord3748
ord1726
ord4432
ord560
ord813
ord5260
ord2535
ord4364
ord5082
ord1712
ord6053
ord3598
ord3619
ord809
ord800
ord642
ord860
ord556
ord540
ord327
ord3626
ord3663
ord2414
ord4235
ord3398
ord3733
ord2122
ord2123
ord567
ord1641
ord6199
ord6334
ord810
ord1146
ord1168
ord2864
ord2379
ord6209
ord3103
ord4299
ord6605
ord640
ord2405
ord6119
ord1640
ord323
ord3920
ord755
ord470
ord4133
ord4297
ord2567
ord2380
ord5788
ord472
ord5875
ord2860
ord1088
ord2431
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord2411
ord2023
ord4218
ord2578
ord4398
ord3402
ord3582
ord796
ord616
ord674
ord6491
ord529
ord366
ord620
ord3610
ord2575
ord4396
ord3574
ord6008
ord2818
ord4000
ord4284
ord6565
ord6619
ord2089
ord1200
ord2078
ord2087
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord609
ord656
ord5252
ord6069
ord2011
ord2820
ord3811
ord4413
ord3797
ord3287
ord2648
ord4441
ord4837
ord3798
ord5279
ord4353
ord6369
ord5163
ord2385
ord5234
ord4407
ord1776
ord4078
ord6055
ord1715
ord1710
ord5086
ord2389
ord4121
ord5471
ord4056
ord4366
ord2530
ord6154
ord3295
ord1576
ord4614

kernel32

RaiseException
LocalFree
GetStartupInfoA
GetModuleHandleA
GetCurrentThreadId
Process32First
Process32Next
lstrcmpiA
FreeLibrary
HeapFree
IsBadReadPtr
VirtualProtect
GetProcessHeap
HeapAlloc
CreateMutexA
GetLastError
SetErrorMode
OpenEventA
GetVersionExA
GetSystemInfo
GetDriveTypeA
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
lstrcatA
DeleteFileA
GetModuleFileNameA
GetTickCount
MoveFileA
MoveFileExA
TerminateThread
lstrcpyA
CreateProcessA
SetFilePointer
WriteFile
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
CreateFileA
GetFileSize
ReadFile
lstrlenA
LocalReAlloc
LocalAlloc
ResetEvent
Sleep
CancelIo
InterlockedExchange
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
GetTempPathA
LoadLibraryA
GetProcAddress
LocalSize

iphlpapi

GetIfTable

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
auto.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mjg
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
conime.exe
.exe windows:4 windows x86 arch:x86

b716fc21192a49814e52db9e8c0d33ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
CreateProcessA
GlobalMemoryStatusEx
GetSystemInfo
GetSystemDefaultUILanguage
lstrcpyA
WaitForSingleObject
GetModuleHandleA
GetStartupInfoA
GetCurrentProcess
SetProcessWorkingSetSize
LoadLibraryA
GetProcAddress
Sleep
CloseHandle
GetTickCount

user32

wsprintfA

advapi32

OpenSCManagerA
DeleteService
RegQueryValueExA
RegSetValueExA
RegCloseKey
OpenServiceA

ws2_32

sendto
gethostbyname
__WSAFDIsSet
recv
send
setsockopt
htonl
select
socket
htons
connect
closesocket
inet_addr

iphlpapi

GetIfTable

msvcrt

free
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
??3@YAXPAX@Z
_exit
_onexit
__dllonexit
rand
memset
memcpy
strcat
strcpy
??2@YAPAXI@Z
strlen
__CxxFrameHandler
_CxxThrowException
atoi
malloc
sprintf
strstr
exit
localtime
time
??1type_info@@UAE@XZ

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hf.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lif
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hkwcxz
.elf linux x86
nga88666
.elf linux x86
ngb88666
.elf linux x86
wc.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jgd
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wcxz.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wtq
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xda.exe
.exe windows:4 windows x86 arch:x86

3b8c4663b7a6414dc56fd7821ced6a79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFilePointer
WriteFile
CreateFileA
GetSystemTimeAsFileTime
Sleep
LoadLibraryA
GetTempPathA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent

user32

wsprintfA

msvcr80

__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
exit
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
memset
srand
rand
_adjust_fdiv

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xda5.exe
.exe windows:4 windows x86 arch:x86

9b89b73a2bd2f3c9338530bbd4a212f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
CompareFileTime
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
EnableWindow

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 84KB - Virtual size: 9.2MB

.wtq Size: 4KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 8KB - Virtual size: 8KB

.gda Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 37KB - Virtual size: 40KB

.rsrc Size: 3KB - Virtual size: 4KB

.khe Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 37KB - Virtual size: 40KB

.rsrc Size: 3KB - Virtual size: 4KB

.jgd Size: 1KB - Virtual size: 4KB

7ee64a6b09987b192c82177cf659fa41

Headers

File Characteristics

Imports

msvcrt

mfc42

kernel32

iphlpapi

Sections

.text Size: 76KB - Virtual size: 76KB

.data Size: 151KB - Virtual size: 152KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 16KB

.reloc Size: 6KB - Virtual size: 5KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 37KB - Virtual size: 40KB

.rsrc Size: 3KB - Virtual size: 4KB

.mjg Size: 1KB - Virtual size: 4KB

b716fc21192a49814e52db9e8c0d33ff

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

msvcrt

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 2KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 37KB - Virtual size: 40KB

.rsrc Size: 3KB - Virtual size: 4KB

.lif Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 84KB - Virtual size: 9.2MB

.wtq
Size: 4KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 8KB - Virtual size: 8KB

.gda
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 37KB - Virtual size: 40KB

.rsrc
Size: 3KB - Virtual size: 4KB

.khe
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 37KB - Virtual size: 40KB

.rsrc
Size: 3KB - Virtual size: 4KB

.jgd
Size: 1KB - Virtual size: 4KB

.text
Size: 76KB - Virtual size: 76KB

.data
Size: 151KB - Virtual size: 152KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 16KB

.reloc
Size: 6KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 37KB - Virtual size: 40KB

.rsrc
Size: 3KB - Virtual size: 4KB

.mjg
Size: 1KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 37KB - Virtual size: 40KB

.rsrc
Size: 3KB - Virtual size: 4KB

.lif
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 4KB

.jgd
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 37KB - Virtual size: 40KB

.rsrc
Size: 3KB - Virtual size: 4KB

.wtq
Size: 1KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 256KB - Virtual size: 253KB

.rsrc
Size: 4KB - Virtual size: 428B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 264KB

.rsrc
Size: 15KB - Virtual size: 16KB