2691af892b11dbea7138b80ac383bb10

Sharing

Copy URL Twitter E-mail

General

Target

2691af892b11dbea7138b80ac383bb10
Size

3.7MB
MD5

2691af892b11dbea7138b80ac383bb10
SHA1

fcf224ad43ccfe302c17b7fc52d72a4b4533a213
SHA256

8cd0e75f5e9ece2c851f7ce96897cebf492ed5c14066f804c6745fbcdca0101d
SHA512

27128a958c9d4743ef66da08ca5ce642bc7a0f7e7d652bc3bebb89a7d61285b7d0db354b81f33bc7f03647c009801f783d36a17071c96f00e055fb2b74995bbf
SSDEEP

98304:0N1o6bvm7v/6+Cbkl92Eb8BS5w6qQe8MHN7qfaD784Q2vNa:0cBrSkgEb95w67ez4faH8r2U

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wp507f/MPinj.dll
unpack001/wp507f/MiniProxer.exe
unpack001/wp507f/WP507F.exe
unpack001/wp507f/dll/source/tstdll0.dll
unpack001/wp507f/dll/source/tstdll5.dll
unpack001/wp507f/dll/tstdll0.dll
unpack001/wp507f/dll/tstdll5.dll

Files

2691af892b11dbea7138b80ac383bb10
.7z
wp507f/!readme.txt
wp507f/!wp505f.txt
.js
wp507f/!wp506f.txt
.js
wp507f/!wp507f.txt
wp507f/MPcfg.ini
wp507f/MPinj.dll
.dll windows:4 windows x86 arch:x86

99a40a60b0b306d46c112f27ae5034ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

wsock32

__WSAFDIsSet

Sections

CODE
Size: 9KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wp507f/MiniProxer.exe
.exe windows:4 windows x86 arch:x86

7926c3261c7df15783629dc05c3f5f08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

wininet

InternetOpenUrlA

wsock32

inet_ntoa

Sections

CODE
Size: 267KB - Virtual size: 800KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wp507f/ScriptTester.txt
wp507f/WP507F.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 568KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 19KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.x01
Size: 55KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SauEye
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wp507f/custom/ColonelMia-12042017-112634.log
wp507f/custom/ColonelMia-12042017-113653.log
wp507f/custom/ColonelMia-12042017-124756.log
wp507f/custom/ColonelMia-12042017-141326.log
wp507f/custom/ColonelMia-12042017-154157.log
wp507f/custom/ColonelMia-12042017-162613.log
wp507f/custom/ColonelMia-12052017-143519.log
wp507f/custom/ColonelMia-13042017-135125.log
wp507f/custom/ColonelMia-13042017-164916.log
wp507f/custom/ColonelMia-14042017-160016.log
wp507f/custom/Compass-27092012-153951.log
wp507f/custom/DickSlayer-06122013-113454.log
wp507f/custom/DickSlayer-08112013-120234.log
wp507f/custom/DickSlayer-22062015-164837.log
wp507f/custom/FurySouL-06042017-162535.log
wp507f/custom/FurySouL-12042017-121320.log
wp507f/custom/FurySouL-12042017-135410.log
wp507f/custom/FurySouL-12042017-153522.log
wp507f/custom/FurySouL-18082016-162905.log
wp507f/custom/FurySouL-18082016-163728.log
wp507f/custom/FurySouL-26082015-165125.log
wp507f/custom/FurySouL-27082015-113458.log
wp507f/custom/FurySouL-27082015-124437.log
wp507f/custom/NotFeaR-01102013-111030.log
wp507f/custom/NotFeaR-04102013-125920.log
wp507f/custom/NotFeaR-06112013-083039.log
wp507f/custom/NotFeaR-10102013-161447.log
wp507f/custom/NotFeaR-12102015-122519.log
wp507f/custom/NotFeaR-12112013-091628.log
wp507f/custom/NotFeaR-13122013-115834.log
wp507f/custom/NotFeaR-14112013-160905.log
wp507f/custom/NotFeaR-15102013-164254.log
wp507f/custom/NotFeaR-27112013-103407.log
wp507f/custom/NotFeaR-28112013-133940.log
wp507f/custom/Puppy-30092016-152543.log
wp507f/custom/Puppy-30092016-183835.log
wp507f/custom/SweetyAss-01092016-152545.log
wp507f/custom/SweetyAss-01092016-162940.log
wp507f/custom/SweetyAss-05102016-151434.log
wp507f/custom/SweetyAss-05102016-162440.log
wp507f/custom/SweetyAss-06042017-162707.log
wp507f/custom/SweetyAss-06042017-162829.log
wp507f/custom/SweetyAss-12042017-112619.log
wp507f/custom/SweetyAss-12042017-113656.log
wp507f/custom/SweetyAss-12042017-120822.log
wp507f/custom/SweetyAss-12042017-124751.log
wp507f/custom/SweetyAss-12042017-141209.log
wp507f/custom/SweetyAss-12042017-162626.log
wp507f/custom/SweetyAss-13042017-135137.log
wp507f/custom/SweetyAss-13042017-164911.log
wp507f/custom/SweetyAss-14042017-160019.log
wp507f/custom/SweetyAss-17052017-140227.log
wp507f/custom/SweetyAss-18082016-154354.log
wp507f/custom/SweetyAss-18082016-162907.log
wp507f/custom/SweetyAss-18082016-163723.log
wp507f/custom/SweetyAss-24082016-142448.log
wp507f/custom/SweetyAss-24082016-145934.log
wp507f/custom/SweetyAss-24082016-155828.log
wp507f/custom/SweetyAss-26082015-165116.log
wp507f/custom/SweetyAss-26082016-154251.log
wp507f/custom/SweetyAss-26082016-160617.log
wp507f/custom/SweetyAss-27082015-113454.log
wp507f/custom/SweetyAss-27082015-122555.log
wp507f/custom/SweetyAss-27082015-124428.log
wp507f/custom/ThinkDifferent-01072015-170015.log
wp507f/custom/ThinkDifferent-02072015-170348.log
wp507f/custom/ThinkDifferent-03072015-135934.log
wp507f/custom/ThinkDifferent-03072015-163616.log
wp507f/custom/ThinkDifferent-06072015-165707.log
wp507f/custom/ThinkDifferent-07072015-170234.log
wp507f/custom/ThinkDifferent-07092015-162516.log
wp507f/custom/ThinkDifferent-08072015-170205.log
wp507f/custom/ThinkDifferent-10072015-165325.log
wp507f/custom/ThinkDifferent-10082015-163728.log
wp507f/custom/ThinkDifferent-11102012-161704.log
wp507f/custom/ThinkDifferent-13072015-141153.log
wp507f/custom/ThinkDifferent-13072015-165539.log
wp507f/custom/ThinkDifferent-21082015-142819.log
wp507f/custom/ThinkDifferent-27092012-145051.log
wp507f/custom/ThinkDifferent-29062015-091411.log
wp507f/custom/ThinkDifferent-29062015-092503.log
wp507f/custom/ThinkDifferent-29062015-093153.log
wp507f/custom/ThinkDifferent-29062015-170251.log
wp507f/custom/ThinkDifferent-31082015-165359.log
wp507f/custom/i_m_not_a_bot.log
wp507f/data/filter.ini
wp507f/data/packets/T2ItemsID.ini
wp507f/data/packets/T2SkillsID.ini
wp507f/data/packets/T2SysMsgID.ini
wp507f/data/packets/T2misc.ini
wp507f/data/packets/T2packets.fsc
wp507f/data/packets/T2packets.xml
.xml
wp507f/data/packets/T2packetsC4.ini
wp507f/data/packets/T2packetsC5.ini
wp507f/data/packets/T2packetsCI.ini
wp507f/data/packets/T3packets.fsc
wp507f/data/packets/T3packets.ini
wp507f/data/packets/pckinfo.ini
wp507f/data/shost.ini
wp507f/data/shost.ini~
wp507f/data/sipn.dat
wp507f/data/slist.ini
wp507f/data/slist.ini~
wp507f/dll/FastMM4.pas
.js
wp507f/dll/FastMM4Messages.pas
wp507f/dll/FastMM4Options.inc
wp507f/dll/FastMM4_FAQ.txt
wp507f/dll/FastMM4_Readme.txt
wp507f/dll/gDLL-ex1.fsc
wp507f/dll/source/tstdll0.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FuncTst1
FuncTst2
FuncTst3
FuncTst4

Sections

CODE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wp507f/dll/source/tstdll0.dpr
wp507f/dll/source/tstdll5.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DeXorGS
EnXorGS
Trafic_Detector

Sections

CODE
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wp507f/dll/source/tstdll5.dpr
.js
wp507f/dll/tstdll0.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FuncTst1
FuncTst2
FuncTst3
FuncTst4

Sections

CODE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wp507f/dll/tstdll0.dpr
wp507f/dll/tstdll5.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DeXorGS
EnXorGS
Trafic_Detector

Sections

CODE
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wp507f/dll/tstdll5.dpr
.js
wp507f/doc/!readme
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron.htm
.html .js polyglot
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/Sauron100x89.JPG
.jpg
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/aa.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/ac.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/banner-88x31-rambler-black2.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/btm_base.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/cat_top_ls.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/cat_top_rs.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/center_header.jpg
.jpg
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/collapse_thead.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/footer_ls.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/footer_rs.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/iSkin_Black_x.css
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/index.php
.js
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/left_header.jpg
.jpg
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/menu_open.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/mode_hybrid.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/mode_linear.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/mode_threaded.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_cal.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_cp.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_faq.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_home.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_ls.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_members.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_menu.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_rs.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_rs_end.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/nav_search.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/navbits_finallink.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/navbits_start.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/post_old.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/post_thanks.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/printer.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/rating_1.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/rating_2.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/rating_3.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/rating_4.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/rating_5.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/reputation.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/right_header.jpg
.jpg
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/sendtofriend.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/subscribe.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/threadclosed.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/top100.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/user_offline.gif
.gif
wp507f/doc/WP (Walker Patcher) - что и как (c) Sauron_files/wp8831.gif
.gif
wp507f/doc/[!] PPC User-Manual - 1.mht
.eml
- http://x33.ru/saur/for/index.php
- http://x33.ru/saur/for/showthread.php?t=1#
- http://x33.ru/saur/for/forumdisplay.php?f=1
- http://x33.ru/saur/for/forumdisplay.php?f=2
- http://x33.ru/saur/for/showthread.php?t=1
- http://x33.ru/saur/for/private.php
- http://x33.ru/saur/for/usercp.php
- http://x33.ru/saur/for/faq.php
- http://x33.ru/saur/for/memberlist.php
- http://x33.ru/saur/for/calendar.php
- http://x33.ru/saur/for/search.php?do=getnew
- http://x33.ru/saur/for/search.php
- http://x33.ru/saur/for/showthread.php?t=1&nojs=1#usercptools
- http://x33.ru/saur/for/login.php?do=logout&logouthash=cc0da30ded46ca86705a8ee991704023
- http://x33.ru/saur/for/search.php?do=getdaily
- http://x33.ru/saur/for/forumdisplay.php?do=markread
- http://x33.ru/saur/for/profile.php?do=editsignature
- http://x33.ru/saur/for/profile.php?do=editprofile
- http://x33.ru/saur/for/profile.php?do=editoptions
- http://x33.ru/saur/for/subscription.php
- http://x33.ru/saur/for/member.php?u=2
- http://x33.ru/saur/for/online.php
- http://x33.ru/saur/for/newreply.php?do=newreply&noquote=1&p=1
- http://x33.ru/saur/for/showthread.php?t=1&page=2
- http://x33.ru/saur/for/showthread.php?t=1&nojs=1#goto_threadtools
- http://x33.ru/saur/for/showthread.php?t=1&nojs=1#goto_threadsearch
- http://x33.ru/saur/for/showthread.php?t=1&nojs=1#goto_threadrating
- http://x33.ru/saur/for/showthread.php?t=1&nojs=1#goto_displaymodes
- http://x33.ru/saur/for/showpost.php?p=1&postcount=1
- http://x33.ru/saur/for/member.php?u=1
- http://allcheats.ru/showthread.php?t=22
- http://saur.x33.ru/
- http://saur.x33.ru/upload/sc32r240.exe
- http://www.satspace.ru/uploaded/permeo.security.driver.v.4.2.6.rar
- http://x33.ru/saur/for/report.php?p=1
- http://x33.ru/saur/for/newreply.php?do=newreply&p=1
- http://x33.ru/saur/for/private.php?do=newpm&u=1
- http://x33.ru/saur/for/search.php?do=finduser&u=1
- http://x33.ru/saur/for/profile.php?do=addlist&userlist=buddy&u=1
- http://x33.ru/saur/for/showpost.php?p=2&postcount=2
- http://x33.ru/saur/for/report.php?p=2
- http://x33.ru/saur/for/newreply.php?do=newreply&p=2
- http://x33.ru/saur/for/showpost.php?p=3&postcount=3
- http://x33.ru/saur/for/report.php?p=3
- http://x33.ru/saur/for/newreply.php?do=newreply&p=3
- http://x33.ru/saur/for/showpost.php?p=4&postcount=4
- http://x33.ru/saur/for/report.php?p=4
- http://x33.ru/saur/for/newreply.php?do=newreply&p=4
- http://x33.ru/saur/for/showpost.php?p=5&postcount=5
- http://allcheats.ru/showpost.php?p=12245&postcount=18
- http://x33.ru/saur/for/report.php?p=5
- http://x33.ru/saur/for/newreply.php?do=newreply&p=5
- http://x33.ru/saur/for/showpost.php?p=6&postcount=6
- http://x33.ru/saur/for/report.php?p=6
- http://x33.ru/saur/for/newreply.php?do=newreply&p=6
- http://x33.ru/saur/for/showpost.php?p=7&postcount=7
- http://x33.ru/saur/for/report.php?p=7
- http://x33.ru/saur/for/newreply.php?do=newreply&p=7
- http://x33.ru/saur/for/showpost.php?p=8&postcount=8
- http://x33.ru/saur/for/report.php?p=8
- http://x33.ru/saur/for/newreply.php?do=newreply&p=8
- http://x33.ru/saur/for/showpost.php?p=9&postcount=9
- http://x33.ru/saur/for/report.php?p=9
- http://x33.ru/saur/for/newreply.php?do=newreply&p=9
- http://x33.ru/saur/for/showpost.php?p=10&postcount=10
- http://x33.ru/saur/for/report.php?p=10
- http://x33.ru/saur/for/newreply.php?do=newreply&p=10
- http://x33.ru/saur/for/newreply.php?do=newreply&noquote=1&p=10
- http://x33.ru/saur/for/showthread.php?t=1&goto=nextoldest
- http://x33.ru/saur/for/showthread.php?t=1&goto=nextnewest
- http://x33.ru/saur/for/showthread.php?t=1#top
- http://x33.ru/saur/for/printthread.php?t=1
- http://x33.ru/saur/for/sendmessage.php?do=sendtofriend&t=1
- http://x33.ru/saur/for/subscription.php?do=addsubscription&t=1
- http://x33.ru/saur/for/showthread.php?mode=hybrid&t=1
- http://x33.ru/saur/for/showthread.php?p=1&mode=threaded#post1
- http://x33.ru/saur/for/search.php?searchthreadid=1
- http://x33.ru/saur/for/misc.php?do=bbcode
- http://x33.ru/saur/for/misc.php?do=showsmilies
- http://x33.ru/saur/for/misc.php?do=bbcode#imgcode
- http://x33.ru/saur/for/sendmessage.php
- http://x33.ru/
- http://x33.ru/saur/for/archive/index.php
- http://www.vbulletin.net.ru/
- http://www.ruscript.net/
- http://www.zcarot.com/
- Show all
attachment-10
.gif
attachment-11
.gif
attachment-12
.gif
attachment-13
.gif
attachment-14
.gif
attachment-15
.gif
attachment-16
.gif
attachment-17
.gif
attachment-18
.gif
attachment-19
.gif
attachment-2
.gif
attachment-20
.gif
attachment-21
.gif
attachment-22
.gif
attachment-23
.gif
attachment-24
.gif
attachment-25
.gif
attachment-26
.gif
attachment-27
attachment-28
.gif
attachment-29
.gif
attachment-3
.gif
attachment-30
.gif
attachment-31
.gif
attachment-32
.gif
attachment-33
.gif
attachment-34
.gif
attachment-35
.gif
attachment-36
.gif
attachment-37
.gif
attachment-38
.gif
attachment-39
.gif
attachment-4
.gif
attachment-40
.gif
attachment-41
.gif
attachment-42
.gif
attachment-43
.gif
attachment-44
.gif
attachment-45
.gif
attachment-46
.gif
attachment-47
.gif
attachment-48
.gif
attachment-49
.gif
attachment-5
.gif
attachment-50
.gif
attachment-51
.gif
attachment-52
.gif
attachment-53
.gif
attachment-54
.gif
attachment-55
.gif
attachment-56
.gif
attachment-57
.gif
attachment-58
attachment-59
.js
attachment-6
.gif
attachment-60
.js
attachment-61
.js
attachment-62
.js
attachment-63
.js
attachment-64
.js
attachment-65
.js
attachment-66
.js
attachment-7
attachment-8
.gif
attachment-9
.gif
email-html-1.txt
.html .js polyglot
wp507f/doc/[!] PPC User-Manual - 2.mht
.eml .js polyglot
wp507f/doc/[] Гайд про Wp Ppc (самое начало) - Forums.mht
.eml .js polyglot
wp507f/doc/[] Пакетный уровень RF Online для новичков - x33 Forums.mht
.eml .js polyglot
wp507f/doc/k12.gif
wp507f/doc/k13.gif
.gif
wp507f/logs/autolog.dat
wp507f/logs/syslog.txt
wp507f/logs/wpvs.log
wp507f/token.wp
wp507f/token.~wp
wp507f/wpcfg.ini
wp507f/wpcfg.ini~
wp507f/wpinfo.dat
wp507f/wpsc/DEMO/LA2/!LS1em.xml.txt
wp507f/wpsc/DEMO/LA2/LS1em.xml
.xml
wp507f/wpsc/DEMO/LA2/demo1.sc
wp507f/wpsc/DEMO/LA2/demo2.sc
wp507f/wpsc/DEMO/LA2/demo3.sc
wp507f/wpsc/DEMO/LA2/demoFS2.fsc
wp507f/wpsc/DEMO/LA2/demoReklam.fsc
wp507f/wpsc/DEMO/LA2/demo_la2-endecGS-4.fsc
.js
wp507f/wpsc/DEMO/LA2/demo_la2-endecGS-5.fsc
wp507f/wpsc/DEMO/LA2/dropitem1.sc
wp507f/wpsc/DEMO/LA2/fs-demochat1.fsc
wp507f/wpsc/DEMO/LA2/target_attacker.sc
wp507f/wpsc/DEMO/LA2/target_radar.sc
wp507f/wpsc/DEMO/RFO/RFO-GetChars-1.fsc
wp507f/wpsc/DEMO/d5-delay.sc
wp507f/wpsc/DEMO/demoFS1.fsc
wp507f/wpsc/DEMO/gDLL-ex1.fsc
wp507f/wpsc/DEMO/socks5.sc
wp507f/wpsc/fulllogin.fsc
wp507f/wpstr.ini

Sharing

General

Malware Config

Signatures

Files

99a40a60b0b306d46c112f27ae5034ec

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wsock32

Sections

CODE Size: 9KB - Virtual size: 36KB

.rsrc Size: 3KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 512B

7926c3261c7df15783629dc05c3f5f08

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

wininet

wsock32

Sections

CODE Size: 267KB - Virtual size: 800KB

.rsrc Size: 17KB - Virtual size: 20KB

Headers

File Characteristics

Sections

Size: 568KB - Virtual size: 1.2MB

Size: 19KB - Virtual size: 36KB

Size: - Virtual size: 28KB

Size: 4KB - Virtual size: 12KB

Size: - Virtual size: 4KB

Size: 512B - Virtual size: 80KB

.rsrc Size: 7KB - Virtual size: 192KB

.x01 Size: 55KB - Virtual size: 192KB

SauEye Size: 12KB - Virtual size: 36KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 4KB - Virtual size: 4KB

DATA Size: 512B - Virtual size: 160B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 702B

.edata Size: 512B - Virtual size: 128B

.reloc Size: 512B - Virtual size: 432B

.rsrc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 38KB - Virtual size: 38KB

DATA Size: 3KB - Virtual size: 2KB

BSS Size: - Virtual size: 10KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 114B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 3KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 4KB - Virtual size: 4KB

DATA Size: 512B - Virtual size: 160B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 702B

CODE
Size: 9KB - Virtual size: 36KB

.rsrc
Size: 3KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B

CODE
Size: 267KB - Virtual size: 800KB

.rsrc
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 7KB - Virtual size: 192KB

.x01
Size: 55KB - Virtual size: 192KB

SauEye
Size: 12KB - Virtual size: 36KB

CODE
Size: 4KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 160B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 702B

.edata
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 432B

.rsrc
Size: 512B - Virtual size: 512B

CODE
Size: 38KB - Virtual size: 38KB

DATA
Size: 3KB - Virtual size: 2KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 114B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 3KB

CODE
Size: 4KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 160B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 702B

.edata
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 432B

.rsrc
Size: 512B - Virtual size: 512B

CODE
Size: 38KB - Virtual size: 38KB

DATA
Size: 3KB - Virtual size: 2KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 114B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 3KB