4285199dd75402f4f53ab77f4f893d60

Sharing

Copy URL Twitter E-mail

General

Target

4285199dd75402f4f53ab77f4f893d60
Size

3.7MB
MD5

4285199dd75402f4f53ab77f4f893d60
SHA1

48c25d184256b839d10fe6a2f7b371bcfd7426ed
SHA256

793fd7bf3b9e13423bdf0fa3b08298d818cd47110ea023026ce64ddc677d567d
SHA512

b011d44a992a42c999f3ed8d7c37c474dba3332535e942c173640fe2f96ed576f8a53c4719dcd3c6bd1bbc23de36a5d707ca9e96445ffc926eb9618a66961d7c
SSDEEP

98304:T8PJ63OO34OO3i8PJ62BhUkFkA7lM627gCmrVRE7QP2Qv7IvbVpBMeu5bHWwx:4i5I5bRUk2cW62M5XvuVTtSbHWM

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/UnPackMe_ASPack2.12.exe	aspack_v212_v242

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack002/UnPackMe_ASPack2.12.exe
unpack002/UnPackMe_tElock0.98.exe
unpack002/bitarts_evaluation.c.exe
unpack003/UnPackMe_tElock0.98.exe
unpack003/bitarts_evaluation.c.exe
unpack004/UnPackMe_YodasCrypter1.3.e.exe
unpack004/unpackme- FSG 1.31 - dulek.exe
unpack006/Parcheado 4.EXE
unpack005/UnPackMe_PELock1.06.d.exe
unpack008/OllyScript.dll

Files

4285199dd75402f4f53ab77f4f893d60
.rar
Programas leccion 32.rar
.rar
UnPackMe_ASPack2.12.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IMPORTS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UnPackMe_tElock0.98.exe
.exe windows:4 windows x86 arch:x86

3c0e70bfa5f73f1f1cef484e2bcb5bf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

MessageBoxA

Sections

.teddy
Size: 161KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 12KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 5KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bitarts_evaluation.c.exe
.exe windows:4 windows x86 arch:x86

51392c83ec1bdd32eb1c60967577ff39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey

comctl32

ord17

comdlg32

CommDlgExtendedError

gdi32

GetClipBox

kernel32

LoadLibraryA

ole32

CoTaskMemAlloc

oleaut32

VariantClear

oledlg

ord8

shell32

DragQueryFileA

user32

ReleaseCapture

winmm

PlaySoundA

winspool.drv

EndDocPrinter

Sections

.text
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Programas leccion 36.rar
.rar
UnPackMe_tElock0.98.exe
.exe windows:4 windows x86 arch:x86

3c0e70bfa5f73f1f1cef484e2bcb5bf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

MessageBoxA

Sections

.teddy
Size: 161KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 12KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 5KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bitarts_evaluation.c.exe
.exe windows:4 windows x86 arch:x86

51392c83ec1bdd32eb1c60967577ff39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey

comctl32

ord17

comdlg32

CommDlgExtendedError

gdi32

GetClipBox

kernel32

LoadLibraryA

ole32

CoTaskMemAlloc

oleaut32

VariantClear

oledlg

ord8

shell32

DragQueryFileA

user32

ReleaseCapture

winmm

PlaySoundA

winspool.drv

EndDocPrinter

Sections

.text
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Programas leccion 37.rar
.rar
Programas leccion 38.rar
.rar
UnPackMe_YodasCrypter1.3.e.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 22KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

yC
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
unpackme- FSG 1.31 - dulek.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Programas leccion 39.rar
.rar
LEER.txt
Parcheado 4.rar
.rar
Parcheado 4.EXE
.exe windows:4 windows x86 arch:x86

601aae4d9b90819ecbda85f5864d7478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
ContinueDebugEvent
CreateDirectoryA
CreateFileA
CreateProcessA
DebugActiveProcess
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushInstructionCache
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetThreadContext
GetThreadPriority
GetThreadSelectorEntry
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
ResumeThread
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetPriorityClass
SetThreadContext
SetThreadLocale
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerLanguageNameA
VirtualAlloc
VirtualFree
VirtualProtect
WaitForDebugEvent
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
lstrcmpiW
lstrcpyA
lstrcpyW
lstrlenW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ord17

comdlg32

ChooseFontA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

AddFontResourceA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateFontIndirectA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesA
ExcludeClipRect
ExtTextOutA
ExtTextOutW
GetClipBox
GetDCOrgEx
GetNearestColor
GetObjectA
GetObjectType
GetStockObject
GetTextMetricsA
IntersectClipRect
LineTo
MoveToEx
RemoveFontResourceA
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetTextAlign
SetTextColor

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteA

user32

AdjustWindowRect
AppendMenuA
BeginPaint
CallWindowProcA
CheckDlgButton
CheckMenuItem
CheckRadioButton
ClientToScreen
CloseClipboard
CreateCaret
CreateDialogParamA
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCaret
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawMenuBar
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FrameRect
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemTextA
GetKeyState
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetParent
GetScrollPos
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InsertMenuA
IntersectRect
InvalidateRect
IsDlgButtonChecked
IsIconic
IsWindow
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MapDialogRect
MapVirtualKeyA
MessageBoxA
MoveWindow
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
RedrawWindow
RegisterClassA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowCaret
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnregisterClassA
UpdateWindow
WinHelpA
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Exports

Exports

_Addsorteddata
_Addtolist
_Analysecode
_Animate
_Assemble
_Attachtoactiveprocess
_Broadcast
_Browsefilename
_Calculatecrc
_Checkcondition
_Compress
_Createdumpwindow
_Createlistwindow
_Createpatchwindow
_Createprofilewindow
_Creatertracewindow
_Createsorteddata
_Createthreadwindow
_Createwatchwindow
_Createwinwindow
_Decodeaddress
_Decodeascii
_Decodecharacter
_Decodefullvarname
_Decodeknownargument
_Decodename
_Decoderange
_Decoderelativeoffset
_Decodethreadname
_Decodeunicode
_Decompress
_Defaultbar
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletehardwarebreakpoint
_Deletenamerange
_Deletenonconfirmedsorteddata
_Deleteruntrace
_Deletesorteddata
_Deletesorteddatarange
_Deletewatch
_Demanglename
_Destroysorteddata
_Disasm
_Disassembleback
_Disassembleforward
_Discardquicknames
_Dumpbackup
_Error
_Expression
_Findallcommands
_Findalldllcalls
_Findallsequences
_Finddecode
_Findfileoffset
_Findfixup
_Findhittrace
_Findimportbyname
_Findlabel
_Findlabelbyname
_Findmemory
_Findmodule
_Findname
_Findnextname
_Findnextproc
_Findnextruntraceip
_Findprevproc
_Findprevruntraceip
_Findprocbegin
_Findprocend
_Findreferences
_Findsorteddata
_Findsorteddataindex
_Findsorteddatarange
_Findstrings
_Findsymbolicname
_Findthread
_Findunknownfunction
_Flash
_Followcall
_Get3dnow
_Get3dnowxy
_Getaddressfromline
_Getasmfindmodel
_Getasmfindmodelxy
_Getbprelname
_Getbreakpointtype
_Getbreakpointtypecount
_Getcputhreadid
_Getdisassemblerrange
_Getfloat
_Getfloat10
_Getfloat10xy
_Getfloatxy
_Gethexstring
_Gethexstringxy
_Getline
_Getlinefromaddress
_Getlinexy
_Getlong
_Getlongxy
_Getmmx
_Getmmxxy
_Getnextbreakpoint
_Getoriginaldatasize
_Getproclimits
_Getregxy
_Getresourcestring
_Getruntraceprofile
_Getruntraceregisters
_Getsortedbyselection
_Getsourcefilelimits
_Getstatus
_Gettableselectionxy
_Gettext
_Gettextxy
_Getwatch
_Go
_Guardmemory
_Hardbreakpoints
_Havecopyofmemory
_Infoline
_Injectcode
_Insertname
_Insertwatch
_Isfilling
_Isprefix
_Isretaddr
_Issuspicious
_IstextA
_IstextW
_Listmemory
_Manualbreakpoint
_Mergequicknames
_Message
_Modifyhittrace
_Newtablewindow
_OpenEXEfile
_Painttable
_Plugingetvalue
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Pluginwritestringtoini
_Print3dnow
_Printfloat10
_Printfloat4
_Printfloat8
_Printsse
_Progress
_Quickinsertname
_Quicktablewindow
_Readcommand
_Readmemory
_Redrawdisassembler
_Registerotclass
_Registerpluginclass
_Restoreallthreads
_Runsinglethread
_Runtracesize
_Scrollruntracewindow
_Selectandscroll
_Sendshortcut
tracepauseoncommands
wsour
_Sortsorteddata
_Startruntrace
_Stringtotext
_Suspendprocess
_Tablefunction
_Tempbreakpoint
_Unregisterpluginclass
_Updatelist
_Walkreference
_Walkreferenceex
_Writememory
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 698KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UnPackMe_PELock1.06.d.exe
.exe windows:4 windows x86 arch:x86

a7333743ef063a68d1d860bbdf1c328e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
VirtualAlloc

Sections

.teddy
Size: 171KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 13KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 5KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teddy
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Programas leccion 40.rar
.rar .zip polyglot
HBP.txt
OllyScripts092.zip
.zip
OllyScript.dll
.dll windows:4 windows x86 arch:x86

64396bbdb5c627bbaf0d0a7c8d690e5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

ord124
ord101
ord2
ord73
ord53
ord60
ord172
ord109
ord117
ord75
ord3
ord45
ord114
ord90
ord93
ord13
ord33
ord157
ord44
ord4
ord88
ord161
ord174
ord108
ord169
ord79
ord25
ord106
ord23
ord5

kernel32

EnterCriticalSection
SetEndOfFile
GetLocaleInfoW
SetStdHandle
GetOEMCP
GetACP
GetSystemInfo
VirtualProtect
IsBadCodePtr
IsBadReadPtr
HeapSize
VirtualQuery
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
HeapFree
CloseHandle
ReadFile
HeapAlloc
HeapCreate
GetFileSize
CreateFileA
WriteFile
SetFilePointer
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
GetThreadContext
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
FlushFileBuffers
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetCPInfo
LCMapStringA
MultiByteToWideChar
GetLastError
LCMapStringW
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue

user32

SetFocus
GetDlgItem
SetDlgItemTextA
EndDialog
GetDlgItemTextA
MessageBoxA
PostMessageA
wsprintfA
DialogBoxParamA

comdlg32

GetOpenFileNameA

Exports

Exports

ExecuteScript
_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UPX.osc
readme.txt
telock098.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 8KB

.text Size: 2KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 36KB

IMPORTS Size: 512B - Virtual size: 4KB

.teddy Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

3c0e70bfa5f73f1f1cef484e2bcb5bf8

Headers

File Characteristics

Imports

kernel32

user32

Sections

.teddy Size: 161KB - Virtual size: 296KB

.teddy Size: 12KB - Virtual size: 48KB

.teddy Size: 5KB - Virtual size: 36KB

.teddy Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 8KB

.teddy Size: 13KB - Virtual size: 16KB

51392c83ec1bdd32eb1c60967577ff39

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

ole32

oleaut32

oledlg

shell32

user32

winmm

winspool.drv

Sections

.text Size: - Virtual size: 296KB

.rdata Size: - Virtual size: 48KB

.data Size: - Virtual size: 34KB

.idata Size: - Virtual size: 12KB

.rsrc Size: 30KB - Virtual size: 32KB

.edata Size: 286KB - Virtual size: 285KB

3c0e70bfa5f73f1f1cef484e2bcb5bf8

Headers

File Characteristics

Imports

kernel32

user32

Sections

.teddy Size: 161KB - Virtual size: 296KB

.teddy Size: 12KB - Virtual size: 48KB

.teddy Size: 5KB - Virtual size: 36KB

.teddy Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 8KB

.teddy Size: 13KB - Virtual size: 16KB

51392c83ec1bdd32eb1c60967577ff39

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

ole32

oleaut32

oledlg

shell32

user32

winmm

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 8KB

.text
Size: 2KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 36KB

IMPORTS
Size: 512B - Virtual size: 4KB

.teddy
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

.teddy
Size: 161KB - Virtual size: 296KB

.teddy
Size: 12KB - Virtual size: 48KB

.teddy
Size: 5KB - Virtual size: 36KB

.teddy
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 8KB

.teddy
Size: 13KB - Virtual size: 16KB

.text
Size: - Virtual size: 296KB

.rdata
Size: - Virtual size: 48KB

.data
Size: - Virtual size: 34KB

.idata
Size: - Virtual size: 12KB

.rsrc
Size: 30KB - Virtual size: 32KB

.edata
Size: 286KB - Virtual size: 285KB

.teddy
Size: 161KB - Virtual size: 296KB

.teddy
Size: 12KB - Virtual size: 48KB

.teddy
Size: 5KB - Virtual size: 36KB

.teddy
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 8KB

.teddy
Size: 13KB - Virtual size: 16KB

.text
Size: - Virtual size: 296KB

.rdata
Size: - Virtual size: 48KB

.data
Size: - Virtual size: 34KB

.idata
Size: - Virtual size: 12KB

.rsrc
Size: 30KB - Virtual size: 32KB

.edata
Size: 286KB - Virtual size: 285KB

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 22KB - Virtual size: 34KB

.idata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 5KB - Virtual size: 5KB

yC
Size: 3KB - Virtual size: 8KB

.text
Size: 698KB - Virtual size: 700KB

.data
Size: 116KB - Virtual size: 364KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 7KB - Virtual size: 8KB

.edata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 214KB - Virtual size: 216KB

.reloc
Size: 47KB - Virtual size: 48KB

.teddy
Size: 171KB - Virtual size: 296KB

.teddy
Size: 13KB - Virtual size: 48KB

.teddy
Size: 5KB - Virtual size: 36KB

.teddy
Size: 4KB - Virtual size: 12KB

.teddy
Size: 30KB - Virtual size: 32KB

.teddy
Size: 38KB - Virtual size: 40KB