download[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

download.zip
Size

50.9MB
MD5

a185ec7a20b19f15d08d67dc0a746afe
SHA1

2db11f332c23055c91c62ec94dcc8877bf1c8bd7
SHA256

70bdde791ffe4eb792ca2287a4e96ecaa905c5c4afb5df58160bb41d517fd363
SHA512

6ea1d3b0a1e010e9df4676de95bfa178894a9e462b9b6a06de0068857e60fe00df3f9e8c8110fd37d9287e44ee1a4a8004d1bc20676ca0cb4188f3f2dd10b1a4
SSDEEP

786432:wzSFaI8X6LCyogQD/39ybCwwSDhcKyC7ubMLZoUBSp5IlFgIR0XFyyiRDM/rzNpn:OSQIrxQNwwSDhcKrIWYzVRjiszH31rJ

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 5 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc	pyinstaller
static1/unpack001/6139d172182daf301df24db2c5a64d59e9bd04c6432ce96649ce1a8d15ae8503	pyinstaller
static1/unpack001/76a527155a11c14b8f6581edfeba14a83119e40d6ac43e9c357956a2583203d3	pyinstaller
static1/unpack001/7d58127aa8e157163799fa9180a5fa738df2d20619e1e27b09fa086401f10706	pyinstaller
static1/unpack001/b220327d84a3cb39d81da5310720fb489004fd7abb52cf2b6a8579284df8fb04	pyinstaller

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/09f66a6fd0e378e192d2bcb8d8f29cd9c4a637035df5e59e5f31b23b7bc0bef6
unpack001/0c9e63810ba631914946775c4f7be078bf5138bb93b874313785c6a89cd80060
unpack001/26262355280b3920b2aa5a6e1cdaaa9d673ebbf557398ffad98471856b5170a0
unpack001/2d0deae491d160121291da362fd3cea7826531d3177394266483b10177443815
unpack001/39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc
unpack001/4f4847bd80c68e91464b771de25a86535ee67b5a95b7b10311c55344beaade8b
unpack001/6139d172182daf301df24db2c5a64d59e9bd04c6432ce96649ce1a8d15ae8503
unpack001/76a527155a11c14b8f6581edfeba14a83119e40d6ac43e9c357956a2583203d3
unpack001/7d58127aa8e157163799fa9180a5fa738df2d20619e1e27b09fa086401f10706
unpack001/85e21c849f6ecaa7613a47de344682f3a442ca9af21bf012ae12b76e304316ef
unpack001/925b3acaa3252bf4d660eab22856fff155f3106c2fee7567711cb34374b499f3
unpack001/b220327d84a3cb39d81da5310720fb489004fd7abb52cf2b6a8579284df8fb04
unpack001/b52ee4deb39d4a6515529ead81f917afd7d2b65af111e1d412627fba025fbae0
unpack001/bf6087f66884d0b1747abbfde8a69ffc177520f70a77b8b291c285d88fb55466
unpack001/c003f82438ab403f4e55b6018eab9390b5bd940c36815a8c882e121d4cfc8964
unpack001/e4e9ae0de9f95d6e5334e6bb36c832dbcd172adfe521a7b04f889af2eda59880
unpack001/f55b8ae5055a53b6611b4fbf3cb2ee513ad8c823cccb298b29951a1cf23d6b51
unpack001/f9a647a6b8e2a922e086637ced33dbc68b24663976b62b1724524f1ab6aee555
unpack001/fdb8c7c1fa5b44419ae43679be83782f46cb40b422805c86c7cc4ffe72454f6f

Files

download.zip
.zip
09f66a6fd0e378e192d2bcb8d8f29cd9c4a637035df5e59e5f31b23b7bc0bef6
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 570KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0c9e63810ba631914946775c4f7be078bf5138bb93b874313785c6a89cd80060
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
26262355280b3920b2aa5a6e1cdaaa9d673ebbf557398ffad98471856b5170a0
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2d0deae491d160121291da362fd3cea7826531d3177394266483b10177443815
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc
.exe windows:4 windows x86 arch:x86

05a03ed18d2e75f8c4f1c5bcf287ac56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FormatMessageA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__argc
__dllonexit
__lconv_init
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_findclose
_fileno
_fmode
_fullpath
_get_osfhandle
_getpid
_initterm
_iob
_lock
_onexit
_setmode
_stat
_strdup
_unlock
_vsnprintf
_vsnwprintf
_wcmdln
_wfindfirst
_wfindnext
_wfopen
_wmkdir
_wremove
_wrmdir
_wstat
_wtempnam
abort
calloc
clearerr
exit
fclose
feof
ferror
fflush
fprintf
fread
free
fseek
ftell
fwrite
getenv
malloc
mbstowcs
memcpy
setbuf
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strtok
vfprintf
wcscat
wcscmp
wcscpy
wcslen

user32

MessageBoxA

ws2_32

ntohl

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Kirk.real.pyc
4f4847bd80c68e91464b771de25a86535ee67b5a95b7b10311c55344beaade8b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 711KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6139d172182daf301df24db2c5a64d59e9bd04c6432ce96649ce1a8d15ae8503
.exe windows:4 windows x64 arch:x64

2c9e98790fd9f920c8aca8d84943961f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FormatMessageA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

__argc
__dllonexit
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_fileno
_findclose
_fmode
_fullpath
_get_osfhandle
_getpid
_initterm
_lock
_onexit
_setmode
_stat64
_strdup
_unlock
_vsnprintf
_vsnwprintf
_wcmdln
_wfindfirst64
_wfindnext64
_wfopen
_wmkdir
_wremove
_wrmdir
_wstat64
_wtempnam
abort
calloc
clearerr
exit
fclose
feof
ferror
fflush
fprintf
fread
free
fseek
ftell
fwrite
getenv
malloc
mbstowcs
memcpy
memset
setbuf
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strtok
vfprintf
wcscat
wcscmp
wcscpy
wcslen

ws2_32

ntohl

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Ransomware.pyc
76a527155a11c14b8f6581edfeba14a83119e40d6ac43e9c357956a2583203d3
.exe windows:4 windows x64 arch:x64

2c9e98790fd9f920c8aca8d84943961f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FormatMessageA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

__argc
__dllonexit
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_fileno
_findclose
_fmode
_fullpath
_get_osfhandle
_getpid
_initterm
_lock
_onexit
_setmode
_stat64
_strdup
_unlock
_vsnprintf
_vsnwprintf
_wcmdln
_wfindfirst64
_wfindnext64
_wfopen
_wmkdir
_wremove
_wrmdir
_wstat64
_wtempnam
abort
calloc
clearerr
exit
fclose
feof
ferror
fflush
fprintf
fread
free
fseek
ftell
fwrite
getenv
malloc
mbstowcs
memcpy
memset
setbuf
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strtok
vfprintf
wcscat
wcscmp
wcscpy
wcslen

ws2_32

ntohl

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Ransomware.pyc
7d58127aa8e157163799fa9180a5fa738df2d20619e1e27b09fa086401f10706
.exe windows:4 windows x64 arch:x64

2c9e98790fd9f920c8aca8d84943961f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FormatMessageA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

__argc
__dllonexit
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_fileno
_findclose
_fmode
_fullpath
_get_osfhandle
_getpid
_initterm
_lock
_onexit
_setmode
_stat64
_strdup
_unlock
_vsnprintf
_vsnwprintf
_wcmdln
_wfindfirst64
_wfindnext64
_wfopen
_wmkdir
_wremove
_wrmdir
_wstat64
_wtempnam
abort
calloc
clearerr
exit
fclose
feof
ferror
fflush
fprintf
fread
free
fseek
ftell
fwrite
getenv
malloc
mbstowcs
memcpy
memset
setbuf
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strtok
vfprintf
wcscat
wcscmp
wcscpy
wcslen

ws2_32

ntohl

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
encrypter.pyc
85e21c849f6ecaa7613a47de344682f3a442ca9af21bf012ae12b76e304316ef
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
925b3acaa3252bf4d660eab22856fff155f3106c2fee7567711cb34374b499f3
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b220327d84a3cb39d81da5310720fb489004fd7abb52cf2b6a8579284df8fb04
.exe windows:4 windows x64 arch:x64

2c9e98790fd9f920c8aca8d84943961f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FormatMessageA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

__argc
__dllonexit
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_fileno
_findclose
_fmode
_fullpath
_get_osfhandle
_getpid
_initterm
_lock
_onexit
_setmode
_stat64
_strdup
_unlock
_vsnprintf
_vsnwprintf
_wcmdln
_wfindfirst64
_wfindnext64
_wfopen
_wmkdir
_wremove
_wrmdir
_wstat64
_wtempnam
abort
calloc
clearerr
exit
fclose
feof
ferror
fflush
fprintf
fread
free
fseek
ftell
fwrite
getenv
malloc
mbstowcs
memcpy
memset
setbuf
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strtok
vfprintf
wcscat
wcscmp
wcscpy
wcslen

ws2_32

ntohl

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Ransomware.pyc
b52ee4deb39d4a6515529ead81f917afd7d2b65af111e1d412627fba025fbae0
.exe windows:5 windows x86 arch:x86

b82c68ca174a835e9c6cbbe3bf8d3c54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileSectionNamesW
GetFileSize
SetPriorityClass
WriteConsoleInputW
lstrlenA
GetModuleHandleExW
AddConsoleAliasW
GetComputerNameW
OpenSemaphoreA
CreateDirectoryExA
CallNamedPipeW
GetConsoleAliasesLengthA
EnumTimeFormatsA
FindActCtxSectionStringA
TlsSetValue
ActivateActCtx
FindResourceExA
AddRefActCtx
LoadLibraryW
ReadConsoleInputA
SetVolumeMountPointA
GetVersionExW
GetFileAttributesA
SetConsoleMode
WriteConsoleW
WritePrivateProfileSectionW
IsDBCSLeadByte
CompareStringW
SetThreadPriority
SetConsoleTitleA
VerifyVersionInfoW
ReleaseActCtx
SetCurrentDirectoryA
GetStdHandle
FillConsoleOutputCharacterW
FindFirstFileExA
GetHandleInformation
GetLastError
GetThreadLocale
GetProcessHeaps
MoveFileW
SetStdHandle
LoadLibraryA
OpenMutexA
LocalAlloc
DnsHostnameToComputerNameA
SetFileApisToANSI
WriteProfileSectionW
SetConsoleWindowInfo
AddAtomA
FindAtomA
WTSGetActiveConsoleSessionId
DebugSetProcessKillOnExit
ContinueDebugEvent
EnumResourceNamesA
BuildCommDCBA
VirtualProtect
CompareStringA
GetCurrentThreadId
SetProcessShutdownParameters
GetVersionExA
LocalSize
GetWindowsDirectoryW
ReadConsoleOutputCharacterW
OpenFileMappingA
GlobalReAlloc
CommConfigDialogW
GetVolumeInformationW
CloseHandle
CreateFileW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
DecodePointer
GetProcAddress
GetModuleHandleW
ExitProcess
MultiByteToWideChar
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
HeapValidate
IsBadReadPtr
InitializeCriticalSectionAndSpinCount
WriteFile
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsGetValue
TlsFree
SetLastError
RaiseException
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
OutputDebugStringA
OutputDebugStringW
IsProcessorFeaturePresent
HeapAlloc
GetModuleFileNameA
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
LCMapStringW
GetStringTypeW
FlushFileBuffers

user32

GetComboBoxInfo
GetListBoxInfo

Sections

.text
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bf6087f66884d0b1747abbfde8a69ffc177520f70a77b8b291c285d88fb55466
.exe windows:4 windows x86 arch:x86

77236fefd1182861762444fa50021531

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetThreadContext
GetThreadPriority
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetCriticalSectionSpinCount
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_fdopen
_read
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthreadex
_cexit
_endthreadex
_errno
_filelengthi64
_fstati64
_ftime
_iob
_lseeki64
_onexit
_setjmp
_setmode
abort
atexit
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getenv
getwc
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
rand
realloc
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strerror
strftime
strlen
strtod
strxfrm
system
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

Sections

.text
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c003f82438ab403f4e55b6018eab9390b5bd940c36815a8c882e121d4cfc8964
.exe windows:5 windows x86 arch:x86

e3aef300e6f7668a0ef86e5f780da623

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
VirtualAlloc
GetModuleHandleA
Sleep
GetProcAddress
DecodePointer
WriteConsoleW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwind
EncodePointer
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
GetFileType
SetConsoleCtrlHandler
OutputDebugStringA
OutputDebugStringW
CloseHandle
WaitForSingleObjectEx
CreateThread
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW

ole32

CoInitialize

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e4e9ae0de9f95d6e5334e6bb36c832dbcd172adfe521a7b04f889af2eda59880
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
efcf7da174d68e32dc2e592a8436b7682f398c0d0d60e1ae0d8f0c6bbe98bf89
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:ea:b7:a3:97:66:30:85:4b:ae:e8:ac:16:88:27:54
Certificate

Issuer

CN=FATHURFREAKZ\\FathurFreakz

Not Before

02/04/2017, 15:59

Not After

02/04/2018, 21:59

Subject

CN=FATHURFREAKZ\\FathurFreakz

cc:cf:a7:e1:bb:45:87:be:3e:1b:a5:ff:69:e0:3c:71:cf:e0:88:ce
Signer

Actual PE Digest

cc:cf:a7:e1:bb:45:87:be:3e:1b:a5:ff:69:e0:3c:71:cf:e0:88:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 972KB - Virtual size: 971KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f55b8ae5055a53b6611b4fbf3cb2ee513ad8c823cccb298b29951a1cf23d6b51
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f9a647a6b8e2a922e086637ced33dbc68b24663976b62b1724524f1ab6aee555
.exe windows:5 windows x86 arch:x86

94ba7e736181fb813316e7e50cb9c233

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
FindNextVolumeW
IsProcessorFeaturePresent
SetTimeZoneInformation
GetBinaryTypeA
IsBadWritePtr
EnumResourceLanguagesA
GetMailslotInfo
lstrcatA
QueryInformationJobObject
ExitThread
GetVolumePathNameA
lstrlenW
SetConsoleTitleA
VirtualUnlock
InterlockedExchange
GetCPInfoExW
FreeLibraryAndExitThread
SetLastError
GetThreadLocale
GetComputerNameExW
GlobalFree
GetSystemTimeAdjustment
LocalAlloc
DeleteTimerQueue
AddVectoredExceptionHandler
FindFirstVolumeMountPointW
GlobalMemoryStatusEx
GetCommMask
SetCommMask
CreateIoCompletionPort
FatalExit
EnumResourceNamesA
CreateMailslotA
BuildCommDCBA
VirtualProtect
CompareStringA
_lopen
GetDiskFreeSpaceExW
ReadConsoleInputW
LocalSize
GetWindowsDirectoryW
EnumResourceLanguagesW
GetPrivateProfileSectionW
SetSystemTimeAdjustment
GetPrivateProfileStructW
GetLocaleInfoW
GetConsoleCP
EnumResourceTypesA
FormatMessageA
OutputDebugStringW
SetTapeParameters
BackupSeek
GetProfileStringW
SetHandleInformation
SetDefaultCommConfigW
SetConsoleActiveScreenBuffer
GetCommState
MoveFileExW
DeleteVolumeMountPointA
MoveFileExA
GetConsoleAliasesLengthW
UnregisterWait
WriteConsoleOutputCharacterW
GetNativeSystemInfo
FindFirstFileW
HeapReAlloc
GetDiskFreeSpaceW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
ReadFile
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
VirtualAlloc
CloseHandle
CreateFileA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WideCharToMultiByte
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
HeapSize
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
SetEndOfFile
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA

advapi32

InitializeSid
CloseEventLog
RegSetValueExW
AdjustTokenPrivileges
ControlService
RegLoadKeyA
RegQueryValueA
SetKernelObjectSecurity
RegConnectRegistryW
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyW
RegSetValueExA
GetTokenInformation
LookupPrivilegeNameA
MapGenericMask
SetSecurityDescriptorControl
LogonUserW
OpenThreadToken
DeleteService
ObjectOpenAuditAlarmA
GetSidSubAuthority
OpenServiceA

Exports

Exports

_MyFunc124@4

Sections

.text
Size: 727KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fobosrf
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fobosdf
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdb8c7c1fa5b44419ae43679be83782f46cb40b422805c86c7cc4ffe72454f6f
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 570KB - Virtual size: 569KB

.rdata Size: 174KB - Virtual size: 173KB

.data Size: 21KB - Virtual size: 29KB

.rsrc Size: 105KB - Virtual size: 104KB

.reloc Size: 72KB - Virtual size: 72KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 170KB - Virtual size: 170KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

05a03ed18d2e75f8c4f1c5bcf287ac56

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

ws2_32

Sections

.text Size: 39KB - Virtual size: 39KB

.data Size: 512B - Virtual size: 52B

.rdata Size: 20KB - Virtual size: 19KB

.bss Size: - Virtual size: 49KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 60KB - Virtual size: 59KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 711KB - Virtual size: 711KB

.rsrc Size: 363KB - Virtual size: 362KB

.reloc Size: 512B - Virtual size: 12B

2c9e98790fd9f920c8aca8d84943961f

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

Sections

.text Size: 39KB - Virtual size: 39KB

.text
Size: 570KB - Virtual size: 569KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 21KB - Virtual size: 29KB

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 72KB - Virtual size: 72KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 170KB - Virtual size: 170KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3.4MB - Virtual size: 3.4MB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 20KB - Virtual size: 19KB

.bss
Size: - Virtual size: 49KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 60KB - Virtual size: 59KB

.text
Size: 711KB - Virtual size: 711KB

.rsrc
Size: 363KB - Virtual size: 362KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 168B

.rdata
Size: 21KB - Virtual size: 21KB

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 51KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 59KB - Virtual size: 58KB

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 168B

.rdata
Size: 21KB - Virtual size: 21KB

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 51KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 60KB - Virtual size: 60KB

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 168B

.rdata
Size: 21KB - Virtual size: 21KB

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 51KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 420KB - Virtual size: 420KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 363KB - Virtual size: 363KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 604KB - Virtual size: 604KB

.rsrc
Size: 188KB - Virtual size: 187KB

.reloc
Size: 512B - Virtual size: 12B