4ae443fdf8b6cb9f54f425b9628af96f

Sharing

Copy URL Twitter E-mail

General

Target

4ae443fdf8b6cb9f54f425b9628af96f
Size

2.8MB
MD5

4ae443fdf8b6cb9f54f425b9628af96f
SHA1

332e8134b9cd374321f0e92ffe965083b91ed069
SHA256

6aa46bc36778ad6914f5270f7e32faf9ec042faf5eb59540aaef5b4282c0b3e5
SHA512

f24f0b68acc213794200231b8f3393dd9d02b81ff1644ef1b504eeb641755e9fc44987141aeca82e6d40981b5a25b6b642128b6957c66ea23e848a12354ab633
SSDEEP

49152:4DMuon7KEKqz3HWFkxsyOcNqTEHnCTFVg64DX/PtnO6I+otjRrbf:SMdnmTqbJgAHn4VQDPPtpIPjRn

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 11 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Plugins/FSG 2.0 static unpacker/unfsg.dll	acprotect
static1/unpack001/Plugins/OEP Finder/DieOEP.DLL	acprotect
static1/unpack001/Plugins/PETools Signatures 0.1/PE Tools Signatures.dll	acprotect
static1/unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA1.DLL	acprotect
static1/unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA2.DLL	acprotect
static1/unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA3.DLL	acprotect
static1/unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA4.DLL	acprotect
static1/unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/StringViewer.dll	acprotect
static1/unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/kanal.dll	acprotect
static1/unpack001/Plugins/Unpack Informator 0.01/UnpackInfo.dll	acprotect
static1/unpack001/Plugins/VerA 0.15/VerA.dll	acprotect

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Plugins/FSG 2.0 static unpacker/unfsg.dll	upx
static1/unpack001/Plugins/OEP Finder/DieOEP.DLL	upx
static1/unpack001/Plugins/PETools Signatures 0.1/PE Tools Signatures.dll	upx
static1/unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/StringViewer.dll	upx
static1/unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/kanal.dll	upx
static1/unpack001/Plugins/Unpack Informator 0.01/UnpackInfo.dll	upx
static1/unpack001/Plugins/VerA 0.15/VerA.dll	upx

Unsigned PE 22 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DiE.exe
unpack001/Plugins/AIF 0.41/aif.dll
unpack001/Plugins/FSG 2.0 static unpacker/unfsg.dll
unpack002/out.upx
unpack001/Plugins/OEP Finder/DieOEP.DLL
unpack003/out.upx
unpack001/Plugins/PEExtract 0.2/PEExtract.dll
unpack001/Plugins/PETools Signatures 0.1/PE Tools Signatures.dll
unpack004/out.upx
unpack001/Plugins/PEiD Plugins Support 0.18/PEiD plugins.dll
unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA1.DLL
unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA2.DLL
unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA3.DLL
unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA4.DLL
unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/StringViewer.dll
unpack005/out.upx
unpack001/Plugins/PEiD Plugins Support 0.18/PEiD/kanal.dll
unpack001/Plugins/PEiD signatures plugin 0.15/PEiD Signatures.dll
unpack001/Plugins/Unpack Informator 0.01/UnpackInfo.dll
unpack007/out.upx
unpack001/Plugins/VerA 0.15/VerA.dll
unpack008/out.upx

Files

4ae443fdf8b6cb9f54f425b9628af96f
.rar
Detections History.txt
DiE.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.upx0
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Options.ini
Plugins/AIF 0.41/Readme.eng.txt
Plugins/AIF 0.41/Readme.rus.txt
Plugins/AIF 0.41/aif.dll
.dll windows:4 windows x86 arch:x86

4849e10ec8c62c1a0c9bd979ed4442b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
LocalFree
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
SetThreadContext
GetThreadContext
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateThread
GetProcAddress
GetModuleHandleA
CreateEventA
InitializeCriticalSection
ReadFile
SetFilePointer
GetThreadSelectorEntry
ContinueDebugEvent
Sleep
TryEnterCriticalSection
WaitForDebugEvent
SetEvent
CreateProcessA
ResetEvent
GetStdHandle
CloseHandle
TerminateThread
DeleteFileA
GetCurrentThreadId
GetModuleFileNameA
WriteFile
CreateFileA
SizeofResource
LoadResource
FindResourceA
TerminateProcess
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetExitCodeProcess
GlobalUnlock
GlobalLock
GlobalAlloc
UnhandledExceptionFilter
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
GetCurrentProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InterlockedDecrement
InterlockedIncrement
HeapAlloc
GetCPInfo

user32

MoveWindow
MessageBoxA
SetWindowTextA
GetDesktopWindow
GetTopWindow
DialogBoxParamA
SetWindowPos
TrackPopupMenuEx
LoadMenuA
GetSubMenu
SetParent
EndDialog
PostMessageA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageA
SendDlgItemMessageA
GetDlgItem
EnableWindow

comdlg32

GetSaveFileNameA

Exports

Exports

DiePlugExit
DiePlugHwnd
DiePlugHwndEx
DiePlugName
DiePlugPe
DiePlugProc

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/FSG 2.0 static unpacker/unfsg.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DiePlugHwnd
DiePlugName
DiePlugPe
DiePlugProc

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/OEP Finder/DieOEP.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DiePlugHwnd
DiePlugName
DiePlugProc

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 317B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 117B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/PEExtract 0.2/PEExtract.dll
.dll windows:4 windows x86 arch:x86

d9bae9f31499b0612d7fa78050ee1916

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryA
CreateFileA
CreateFileMappingA
GetFileSize
GlobalAlloc
GlobalFree
MapViewOfFile
RemoveDirectoryA
lstrcatA
lstrlenA
CloseHandle
WriteFile

user32

SetWindowTextA
wsprintfA

comdlg32

GetFileTitleA

Exports

Exports

DiePlugHwnd
DiePlugName
DiePlugPe
DiePlugProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 77B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PEExtract 0.2/src/PEExtract4DiE.bat
Plugins/PEExtract 0.2/src/PEExtract4DiE.def
Plugins/PEExtract 0.2/src/my.mac
.vbs
Plugins/PETools Signatures 0.1/PE Tools Signatures.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DiePlugHwnd
DiePlugName
DiePlugPe
DiePlugProc

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/PETools Signatures 0.1/Signs.txt
Plugins/PEiD Plugins Support 0.18/File_Id.Diz
Plugins/PEiD Plugins Support 0.18/PEiD plugins.dll
.dll windows:4 windows x86 arch:x86

903d804b7364c587a0e0d9ec60802d36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetDlgItem
SendMessageA
EndDialog
InvalidateRect
wsprintfA
GetDesktopWindow
GetTopWindow
DialogBoxParamA
SetWindowPos
EnableWindow
SetParent
MessageBoxA
SetWindowTextA

kernel32

HeapAlloc
ExitProcess
GetModuleFileNameA
HeapFree
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
GetProcAddress
FreeLibrary
LoadLibraryA
lstrcmpiA
lstrcpyA
GetProcessHeap
lstrlenA

Exports

Exports

DiePlugExit
DiePlugHwnd
DiePlugHwndEx
DiePlugName
DiePlugPe
DiePlugProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA1.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DoMyJob
LoadDll

Sections

.code
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA2.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DoMyJob
LoadDll

Sections

.code
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA3.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DoMyJob
LoadDll

Sections

.code
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/PEiD Plugins Support 0.18/PEiD/PLUZINA4.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DoMyJob
LoadDll

Sections

.code
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/PEiD Plugins Support 0.18/PEiD/StringViewer.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DoMyJob
LoadDll

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PEiD Plugins Support 0.18/PEiD/kanal.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DoMyJob
LoadDll

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 119KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/PEiD Plugins Support 0.18/Readme.Txt
Plugins/PEiD signatures plugin 0.15/File_Id.Diz
Plugins/PEiD signatures plugin 0.15/PEiD Signatures.dll
.dll windows:4 windows x86 arch:x86

e7573fade6f6bd57e4d163c6525410ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
SetWindowTextA

kernel32

ExitProcess
CloseHandle
lstrcpynA
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileA
lstrcpyA
GetModuleFileNameA
GetProcessHeap
lstrlenA

Exports

Exports

DiePlugExit
DiePlugHwnd
DiePlugName
DiePlugPe
DiePlugProc
DiePlugStatus

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PEiD signatures plugin 0.15/Readme.Txt
Plugins/PEiD signatures plugin 0.15/userdb.txt
Plugins/Unpack Informator 0.01/UnpackInfo.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DiePlugHwnd
DiePlugName
DiePlugPe
DiePlugProc

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 141B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/Unpack Informator 0.01/undb.txt
Plugins/VerA 0.15/Info_mix.txt
Plugins/VerA 0.15/VerA.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DiePlugHwnd
DiePlugName
DiePlugPe
DiePlugProc
DoMyJob
LoadDll

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 171B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/VerA 0.15/file_diz.txt
Readme.txt
安装说明.url
.url
汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.upx0 Size: - Virtual size: 5.9MB

.upx1 Size: 2.4MB - Virtual size: 2.4MB

.upx2 Size: - Virtual size: 3KB

4849e10ec8c62c1a0c9bd979ed4442b9

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 28KB - Virtual size: 24KB

.reloc Size: 8KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 24KB

UPX1 Size: 12KB - Virtual size: 12KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.data Size: 22KB - Virtual size: 24KB

.reloc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 6KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 8KB - Virtual size: 8KB

DATA Size: 512B - Virtual size: 300B

BSS Size: - Virtual size: 317B

.idata Size: 1024B - Virtual size: 676B

.edata Size: 512B - Virtual size: 117B

.reloc Size: 1024B - Virtual size: 744B

.rsrc Size: 512B - Virtual size: 512B

d9bae9f31499b0612d7fa78050ee1916

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 716B

.data Size: 512B - Virtual size: 77B

.reloc Size: 1024B - Virtual size: 690B

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 44KB

UPX1 Size: 21KB - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

.upx0
Size: - Virtual size: 5.9MB

.upx1
Size: 2.4MB - Virtual size: 2.4MB

.upx2
Size: - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 8KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 12KB - Virtual size: 12KB

UPX2
Size: 512B - Virtual size: 4KB

.data
Size: 22KB - Virtual size: 24KB

.reloc
Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 4KB

CODE
Size: 8KB - Virtual size: 8KB

DATA
Size: 512B - Virtual size: 300B

BSS
Size: - Virtual size: 317B

.idata
Size: 1024B - Virtual size: 676B

.edata
Size: 512B - Virtual size: 117B

.reloc
Size: 1024B - Virtual size: 744B

.rsrc
Size: 512B - Virtual size: 512B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 716B

.data
Size: 512B - Virtual size: 77B

.reloc
Size: 1024B - Virtual size: 690B

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 4KB

CODE
Size: 32KB - Virtual size: 32KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 142B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 1016B

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 782B

.code
Size: - Virtual size: 40KB

.data
Size: 14KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 4KB

.code
Size: - Virtual size: 36KB

.data
Size: 14KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 4KB

.code
Size: - Virtual size: 44KB

.data
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 4KB

.code
Size: - Virtual size: 44KB

.data
Size: 14KB - Virtual size: 16KB

.rsrc
Size: 5KB - Virtual size: 8KB