3d6c4cb9d764378e7ec435360fb10a8a

Sharing

Copy URL Twitter E-mail

General

Target

3d6c4cb9d764378e7ec435360fb10a8a
Size

3.8MB
MD5

3d6c4cb9d764378e7ec435360fb10a8a
SHA1

ce03caf3c9b17095ba9f9010bb5b4d09f4d9be48
SHA256

72ed4acd6c95b157b570bc6ddef65dc5c0fafd3dec517e3e8ba7eee77433ea16
SHA512

0f5cc4371ba8583fd705fedf08d804c366dbcaf2f6fb44623051a5a7b36a53ca4fc0da6290eb97d2999e9ca45cf46f788745877eba5996094c70fd1840a1996e
SSDEEP

49152:/8Mmhn0ZT0Z40ZF0ZO/NEyO/NEyK/NEyj0ZC0ZUuOs3UCREc9p5G8bgoxmE0Z75g:50EVE/EeOUCREcDJxmVLiPv

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HOLZED v1.0/HOLZED v1.1/holzed.exe
unpack001/HOLZED v1.1/HOLZED v1.1/holzed.exe
unpack001/HOLZED v1.3/HOLZED v1.1/holzed.exe
unpack001/HOLZED v2.0/HOLZED v1.1/holzed.exe
unpack001/HOLZED v2.5/HOLZED v1.1/holzed.exe
unpack001/HOLZED v3/HOLZED v1.1/holzed.exe
unpack001/HOLZED/HOLZED v1.1/holzed.exe
unpack002/HOLZED v1.0/HOLZED v1.1/holzed.exe
unpack003/HOLZED v1.0/HOLZED v1.1/holzed.exe
unpack004/HOLZED v1.0/HOLZED v1.1/holzed.exe

Files

3d6c4cb9d764378e7ec435360fb10a8a
.rar
HOLZED v1.0/HOLZED v1.1/changelog.txt
HOLZED v1.0/HOLZED v1.1/holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HOLZED v1.0/HOLZED v1.1/keys.txt
HOLZED v1.0/HOLZED v1.1/readme.txt
HOLZED v1.0/HOLZED v1.1/settings.ini
HOLZED v1.0/dobermancss.ucoz.ru.txt
HOLZED v1.1/HOLZED v1.1/changelog.txt
HOLZED v1.1/HOLZED v1.1/holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HOLZED v1.1/HOLZED v1.1/keys.txt
HOLZED v1.1/HOLZED v1.1/readme.txt
HOLZED v1.1/HOLZED v1.1/settings.ini
HOLZED v1.1/dobermancss.ucoz.ru.txt
HOLZED v1.3/HOLZED v1.1/changelog.txt
HOLZED v1.3/HOLZED v1.1/holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HOLZED v1.3/HOLZED v1.1/keys.txt
HOLZED v1.3/HOLZED v1.1/readme.txt
HOLZED v1.3/HOLZED v1.1/settings.ini
HOLZED v1.3/dobermancss.ucoz.ru.txt
HOLZED v2.0/HOLZED v1.1/changelog.txt
HOLZED v2.0/HOLZED v1.1/holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HOLZED v2.0/HOLZED v1.1/keys.txt
HOLZED v2.0/HOLZED v1.1/readme.txt
HOLZED v2.0/HOLZED v1.1/settings.ini
HOLZED v2.0/dobermancss.ucoz.ru.txt
HOLZED v2.5/HOLZED v1.1/changelog.txt
HOLZED v2.5/HOLZED v1.1/holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HOLZED v2.5/HOLZED v1.1/keys.txt
HOLZED v2.5/HOLZED v1.1/readme.txt
HOLZED v2.5/HOLZED v1.1/settings.ini
HOLZED v2.5/dobermancss.ucoz.ru.txt
HOLZED v3/HOLZED v1.1/changelog.txt
HOLZED v3/HOLZED v1.1/holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HOLZED v3/HOLZED v1.1/keys.txt
HOLZED v3/HOLZED v1.1/readme.txt
HOLZED v3/HOLZED v1.1/settings.ini
HOLZED v3/dobermancss.ucoz.ru.txt
HOLZED/HOLZED v1.1/changelog.txt
HOLZED/HOLZED v1.1/holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HOLZED/HOLZED v1.1/keys.txt
HOLZED/HOLZED v1.1/readme.txt
HOLZED/HOLZED v1.1/settings.ini
HOLZED/dobermancss.ucoz.ru.txt
_5Bpc-portal.ru_5D.Fablehack.v0.7.rar
.rar
HOLZED v1.0/HOLZED v1.1/changelog.txt
HOLZED v1.0/HOLZED v1.1/holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HOLZED v1.0/HOLZED v1.1/keys.txt
HOLZED v1.0/HOLZED v1.1/readme.txt
HOLZED v1.0/HOLZED v1.1/settings.ini
HOLZED v1.0/dobermancss.ucoz.ru.txt
[pc-portal.ru].Fablehack.v0.7.nfo
counterstrike.bmp
tot jlby rek xbn.rar
.rar
HOLZED v1.0/HOLZED v1.1/changelog.txt
HOLZED v1.0/HOLZED v1.1/holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HOLZED v1.0/HOLZED v1.1/keys.txt
HOLZED v1.0/HOLZED v1.1/readme.txt
HOLZED v1.0/HOLZED v1.1/settings.ini
HOLZED v1.0/dobermancss.ucoz.ru.txt
[pc-portal.ru].Fablehack.v0.7.nfo
counterstrike.bmp
в этом арзиве тоже кул чит.rar
.rar
HOLZED v1.0/HOLZED v1.1/changelog.txt
HOLZED v1.0/HOLZED v1.1/holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HOLZED v1.0/HOLZED v1.1/keys.txt
HOLZED v1.0/HOLZED v1.1/readme.txt
HOLZED v1.0/HOLZED v1.1/settings.ini
HOLZED v1.0/dobermancss.ucoz.ru.txt
[pc-portal.ru].Fablehack.v0.7.nfo
counterstrike.bmp

Sharing

General

Malware Config

Signatures

Files

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

shlwapi

oleacc

winspool.drv

advapi32

oleaut32

Sections

.text Size: 197KB - Virtual size: 372KB

.rsrc Size: 32KB - Virtual size: 32KB

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

shlwapi

oleacc

winspool.drv

advapi32

oleaut32

Sections

.text Size: 197KB - Virtual size: 372KB

.rsrc Size: 32KB - Virtual size: 32KB

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

shlwapi

oleacc

winspool.drv

advapi32

oleaut32

Sections

.text Size: 197KB - Virtual size: 372KB

.rsrc Size: 32KB - Virtual size: 32KB

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

shlwapi

oleacc

winspool.drv

advapi32

oleaut32

Sections

.text Size: 197KB - Virtual size: 372KB

.rsrc Size: 32KB - Virtual size: 32KB

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

.text
Size: 197KB - Virtual size: 372KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 197KB - Virtual size: 372KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 197KB - Virtual size: 372KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 197KB - Virtual size: 372KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 197KB - Virtual size: 372KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 197KB - Virtual size: 372KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 197KB - Virtual size: 372KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 197KB - Virtual size: 372KB

.rsrc
Size: 32KB - Virtual size: 32KB