3b92fa9ce434d001e96d2d06c5664686

Sharing

Copy URL Twitter E-mail

General

Target

3b92fa9ce434d001e96d2d06c5664686
Size

470KB
MD5

3b92fa9ce434d001e96d2d06c5664686
SHA1

57258b10f65a4844aaeb91dc11463da75f0fdd9c
SHA256

2c8eea05fbefb03aab5dd72a414b2e4cb1204b64ab8332562356a5bc75e84228
SHA512

4ea022ec2dff64aa5fb3e17210b674057fa30e9bfdb9ed19e98f73b6c0cbb0745f9d4f949cdb8f7632b8cecda4ea73f92fb8afd735abb4764d2f372979eab267
SSDEEP

12288:QAtX7Li71verMkqAVn2UL1sdnZ+p+UOgnWDgkv:QWXqpvioE2UxkZ+pFkv

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/modules/hook/hook.exe
unpack001/modules/psapi/psapi.exe
unpack001/modules/samples/hooksmpl/hooksmpl.exe
unpack001/modules/samples/message.box/message.box
unpack001/modules/samples/msgboxps/msgboxps.exe
unpack001/modules/samples/msgboxps2/msgboxps2.exe
unpack001/modules/samples/msgboxps3/msgboxps3.exe
unpack001/modules/samples/msgboxps4/msgboxps4.exe
unpack001/modules/samples/msgboxsi/msgboxsi.exe
unpack001/modules/samples/package - system information/message.box
unpack001/modules/samples/svcsmpl/svcsmpl.exe
unpack001/modules/svc/svc.exe
unpack001/modules/sysinfo/sysinfo.exe
unpack001/projects/Logoner/Logoner.exe
unpack001/projects/Logoner/Logoner.final.exe
unpack001/projects/Logoner/logdec.exe
unpack001/utils/converter/converter.exe

Files

3b92fa9ce434d001e96d2d06c5664686
.zip
attocode.c
attocode.h
common/cmdline.c
common/cmdline.h
common/linked_list.c
common/linked_list.h
common/mem.c
common/mem.h
docs/AttoCode.txt
engine/imports.c
engine/imports.h
engine/loader.c
engine/loader.h
engine/modules.h
log/log.c
log/log.h
m.bat
.bat .vbs
mall.bat
.bat .vbs
mlog.bat
.bat .vbs
mlogall.bat
.bat .vbs
modules/hook/hook
modules/hook/hook.c
modules/hook/hook.exe
.exe windows:4 windows x86 arch:x86

dc02cffd5b1ae8e88c732a670b3cd4bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CloseHandle
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetProcAddress
LoadLibraryA
OpenProcess
ReadProcessMemory
SetUnhandledExceptionFilter
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
WriteProcessMemory

msvcrt

_stricmp
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
signal

Exports

Exports

init

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/hook/hook.h
modules/hook/hook.o
modules/hook/lde32.lib
modules/hook/linked_list.o
modules/hook/m.bat
.bat .vbs
modules/hook/mem.o
modules/psapi/libntdll.a
modules/psapi/linked_list.o
modules/psapi/m.bat
.bat .vbs
modules/psapi/mem.o
modules/psapi/mod_psapi.c
modules/psapi/mod_psapi.h
modules/psapi/mod_psapi.o
modules/psapi/psapi
modules/psapi/psapi.exe
.exe windows:4 windows x86 arch:x86

5a0ed1364799396fe2f24193d6f7ffd8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CloseHandle
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcessId
GetCurrentThreadId
OpenProcess
ReadProcessMemory
ResumeThread
SetUnhandledExceptionFilter
SuspendThread
VirtualAlloc
VirtualFree

msvcrt

_wcsicmp
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
qsort
signal

ntdll

NtOpenThread
NtQuerySystemInformation
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString

Exports

Exports

init

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 144B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 65B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/samples/hooksmpl/hooksmpl
modules/samples/hooksmpl/hooksmpl.c
modules/samples/hooksmpl/hooksmpl.exe
.exe windows:4 windows x86 arch:x86

d2dc8ebef64d6798b3fb5c112ae16a49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CloseHandle
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcessId
GetTickCount
SetUnhandledExceptionFilter
Sleep

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
signal
sprintf

user32

MessageBoxA

Exports

Exports

init

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 68B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/samples/hooksmpl/hooksmpl.o
modules/samples/hooksmpl/m.bat
.bat .vbs
modules/samples/message.box/m.bat
.bat .vbs
modules/samples/message.box/message.box
.exe windows:4 windows x86 arch:x86

a51bb78a19583ab07d2265aa00ce97f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
signal

user32

MessageBoxA

Exports

Exports

init

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 67B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/samples/message.box/message.box.c
modules/samples/message.box/message.box.o
modules/samples/msgboxps/m.bat
.bat .vbs
modules/samples/msgboxps/mem.o
modules/samples/msgboxps/msgboxps
modules/samples/msgboxps/msgboxps.c
modules/samples/msgboxps/msgboxps.exe
.exe windows:4 windows x86 arch:x86

8b6765d49bbd5b1b0fee8e607e7c7712

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcessId
LocalAlloc
LocalFree
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
signal
sprintf

user32

MessageBoxA

Exports

Exports

init

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 68B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/samples/msgboxps/msgboxps.o
modules/samples/msgboxps2/m.bat
.bat .vbs
modules/samples/msgboxps2/mem.o
modules/samples/msgboxps2/msgboxps2
modules/samples/msgboxps2/msgboxps2.c
modules/samples/msgboxps2/msgboxps2.exe
.exe windows:4 windows x86 arch:x86

8b6765d49bbd5b1b0fee8e607e7c7712

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcessId
LocalAlloc
LocalFree
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
signal
sprintf

user32

MessageBoxA

Exports

Exports

init

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 69B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/samples/msgboxps2/msgboxps2.o
modules/samples/msgboxps3/m.bat
.bat .vbs
modules/samples/msgboxps3/mem.o
modules/samples/msgboxps3/msgboxps3
modules/samples/msgboxps3/msgboxps3.c
modules/samples/msgboxps3/msgboxps3.exe
.exe windows:4 windows x86 arch:x86

aaa0e226e4cb5d40ee024ec3b11835a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
LocalAlloc
LocalFree
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
signal
sprintf

user32

MessageBoxA

Exports

Exports

init

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 69B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/samples/msgboxps3/msgboxps3.o
modules/samples/msgboxps4/m.bat
.bat .vbs
modules/samples/msgboxps4/msgboxps4
modules/samples/msgboxps4/msgboxps4.c
modules/samples/msgboxps4/msgboxps4.exe
.exe windows:4 windows x86 arch:x86

92ee4d20a94d313666c2153827546ed4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
signal
sprintf
strchr

user32

MessageBoxA

Exports

Exports

init

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 69B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/samples/msgboxps4/msgboxps4.o
modules/samples/msgboxsi/m.bat
.bat .vbs
modules/samples/msgboxsi/mem.o
modules/samples/msgboxsi/msgboxsi
modules/samples/msgboxsi/msgboxsi.c
modules/samples/msgboxsi/msgboxsi.exe
.exe windows:4 windows x86 arch:x86

44921b6586476db4d7017d2071351be0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
LocalAlloc
LocalFree
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
memset
signal
sprintf
strchr

user32

MessageBoxA

Exports

Exports

init

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 68B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/samples/msgboxsi/msgboxsi.o
modules/samples/package - hook sample/convert.bat
.bat .vbs
modules/samples/package - hook sample/hook
modules/samples/package - hook sample/hooksmpl
modules/samples/package - hook sample/package.hook.sample
modules/samples/package - hook sample/psapi
modules/samples/package - hook sample/sysinfo
modules/samples/package - message box only/convert.bat
modules/samples/package - message box only/message.box
modules/samples/package - message box only/the.easiest.package
modules/samples/package - process list using psapi/convert.bat
.bat .vbs
modules/samples/package - process list using psapi/msgboxps3
modules/samples/package - process list using psapi/process.list.package
modules/samples/package - process list using psapi/psapi
modules/samples/package - process list using psapi/sysinfo
modules/samples/package - sample service/convert.bat
.bat .vbs
modules/samples/package - sample service/sample.service
modules/samples/package - sample service/svc
modules/samples/package - sample service/svcsmpl
modules/samples/package - system information/convert.bat
.bat .vbs
modules/samples/package - system information/message.box
.exe windows:4 windows x86 arch:x86

a51bb78a19583ab07d2265aa00ce97f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
signal

user32

MessageBoxA

Exports

Exports

init

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 67B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/samples/package - system information/msgboxps
modules/samples/package - system information/msgboxps2
modules/samples/package - system information/msgboxps3
modules/samples/package - system information/msgboxsi
modules/samples/package - system information/package
modules/samples/package - system information/psapi
modules/samples/package - system information/sysinfo
modules/samples/package - using sysinfo and psapi/convert.bat
modules/samples/package - using sysinfo and psapi/msgboxps2
modules/samples/package - using sysinfo and psapi/psapi
modules/samples/package - using sysinfo and psapi/sysinfo
modules/samples/package - using sysinfo and psapi/sysinfo.psapi.usage.package
modules/samples/package/convert.bat
.bat .vbs
modules/samples/svcsmpl/cmdline.o
modules/samples/svcsmpl/m.bat
.bat .vbs
modules/samples/svcsmpl/svcsmpl
modules/samples/svcsmpl/svcsmpl.c
modules/samples/svcsmpl/svcsmpl.exe
.exe windows:4 windows x86 arch:x86

d73b3b93ab5d9aa760c0a53d26341055

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CloseHandle
CreateEventA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetModuleFileNameA
SetEvent
SetUnhandledExceptionFilter
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
signal
strchr

user32

MessageBoxA

Exports

Exports

init

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 976B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 67B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/samples/svcsmpl/svcsmpl.o
modules/svc/linked_list.o
modules/svc/log.o
modules/svc/m.bat
.bat .vbs
modules/svc/mem.o
modules/svc/svc
modules/svc/svc.c
modules/svc/svc.exe
.exe windows:4 windows x86 arch:x86

65a262e0bbac103ae65c36ab6d9a59a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

ChangeServiceConfigA
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateThread
ExitProcess
FindAtomA
GetAtomNameA
GetLastError
GetProcAddress
LoadLibraryA
SetEvent
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
signal

Exports

Exports

init

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 63B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/svc/svc.h
modules/svc/svc.o
modules/sysinfo/linked_list.o
modules/sysinfo/m.bat
.bat .vbs
modules/sysinfo/mem.o
modules/sysinfo/sysinfo
modules/sysinfo/sysinfo.c
modules/sysinfo/sysinfo.exe
.exe windows:4 windows x86 arch:x86

c8bacd1763e7714d1eaf94df7289f199

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

gdi32

GetDeviceCaps

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
GetComputerNameA
GetDiskFreeSpaceA
GetDriveTypeA
GetLogicalDrives
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemInfo
GetTempPathA
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
VirtualAlloc
VirtualFree
WideCharToMultiByte

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
atoi
free
malloc
signal
strchr
wcslen

user32

GetDC
GetSystemMetrics
ReleaseDC
SystemParametersInfoA

Exports

Exports

init

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 67B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
modules/sysinfo/sysinfo.h
modules/sysinfo/sysinfo.o
projects/Logoner/Logoner
projects/Logoner/Logoner.exe
.exe windows:4 windows x86 arch:x86

0a0496431b2cee3109340a16648db681

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

AddAtomA
CloseHandle
CreateEventA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
SetEvent
SetUnhandledExceptionFilter
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
WaitForSingleObject
WriteProcessMemory

msvcrt

_stricmp
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
free
malloc
signal
sprintf
strchr
wcslen

Exports

Exports

init

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 976B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 67B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
projects/Logoner/Logoner.final.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

MEW
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 21KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
projects/Logoner/Logoner.o
projects/Logoner/cmdline.o
projects/Logoner/convert.bat
.bat .vbs
projects/Logoner/hook
projects/Logoner/log.o
projects/Logoner/logdec.c
projects/Logoner/logdec.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

MEW
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
projects/Logoner/logdec.o
projects/Logoner/logoner.c
projects/Logoner/logoner.h
projects/Logoner/logoner.package
projects/Logoner/logoner.txt
projects/Logoner/m.bat
.bat .vbs
projects/Logoner/mdec.bat
.bat .vbs
projects/Logoner/mem.o
projects/Logoner/mlog.bat
.bat .vbs
projects/Logoner/psapi
projects/Logoner/svc
projects/Logoner/sysinfo
utils/converter/converter.c
utils/converter/converter.exe
.exe windows:4 windows x86 arch:x86

82c80bd041dfe88307ff6584ddaa77bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CloseHandle
CreateFileA
ExitProcess
FindAtomA
GetAtomNameA
GetFileSize
ReadFile
SetUnhandledExceptionFilter
WriteFile

msvcrt

_stricmp
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_fileno
_iob
_onexit
_setmode
abort
atexit
exit
free
malloc
printf
puts
signal
strchr
strncpy
strrchr

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 144B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
utils/converter/converter.o
utils/converter/converter.txt
utils/converter/m.bat
.bat .vbs

Sharing

General

Malware Config

Signatures

Files

dc02cffd5b1ae8e88c732a670b3cd4bc

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 128B

.edata Size: 512B - Virtual size: 64B

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 300B

5a0ed1364799396fe2f24193d6f7ffd8

Headers

File Characteristics

Imports

kernel32

msvcrt

ntdll

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 112B

.bss Size: - Virtual size: 144B

.edata Size: 512B - Virtual size: 65B

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 304B

d2dc8ebef64d6798b3fb5c112ae16a49

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 112B

.bss Size: - Virtual size: 128B

.edata Size: 512B - Virtual size: 68B

.idata Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 248B

a51bb78a19583ab07d2265aa00ce97f2

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 112B

.bss Size: - Virtual size: 112B

.edata Size: 512B - Virtual size: 67B

.idata Size: 1024B - Virtual size: 688B

.reloc Size: 512B - Virtual size: 184B

8b6765d49bbd5b1b0fee8e607e7c7712

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 112B

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 128B

.edata
Size: 512B - Virtual size: 64B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 300B

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 112B

.bss
Size: - Virtual size: 144B

.edata
Size: 512B - Virtual size: 65B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 304B

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 112B

.bss
Size: - Virtual size: 128B

.edata
Size: 512B - Virtual size: 68B

.idata
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 248B

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 112B

.bss
Size: - Virtual size: 112B

.edata
Size: 512B - Virtual size: 67B

.idata
Size: 1024B - Virtual size: 688B

.reloc
Size: 512B - Virtual size: 184B

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 112B

.bss
Size: - Virtual size: 128B

.edata
Size: 512B - Virtual size: 68B

.idata
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 200B

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 112B

.bss
Size: - Virtual size: 128B

.edata
Size: 512B - Virtual size: 69B

.idata
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 236B

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 112B

.bss
Size: - Virtual size: 128B

.edata
Size: 512B - Virtual size: 69B

.idata
Size: 1024B - Virtual size: 820B

.reloc
Size: 512B - Virtual size: 224B

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 112B

.bss
Size: - Virtual size: 128B

.edata
Size: 512B - Virtual size: 69B

.idata
Size: 1024B - Virtual size: 736B

.reloc
Size: 512B - Virtual size: 204B

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 112B

.bss
Size: - Virtual size: 128B

.edata
Size: 512B - Virtual size: 68B

.idata
Size: 1024B - Virtual size: 868B

.reloc
Size: 512B - Virtual size: 324B