524dc433813bd7a9c122591178df56c7

Sharing

Copy URL Twitter E-mail

General

Target

524dc433813bd7a9c122591178df56c7
Size

498KB
MD5

524dc433813bd7a9c122591178df56c7
SHA1

c5585351b865bd5e43c64991ebf95137d5e1ee95
SHA256

00957f76b548ca024b8d323fa1cac1a88cce3c39921c15fe92dbff726d59dbb5
SHA512

f0c6854368c9f46f19ed00ba04ddabd256d57a8bfd44195caca33bfd5da67815e4669e147174de61519f524ce7b64f75bc8172f8ecd7c12b902c182c0c5be11a
SSDEEP

12288:iTV8zITCH/wMwETHT2qKTJNT/Dmoc1OJJB9OTsOn48EH:iTqcyAjWlWEz4ZH

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/FMail/Lib/msado15.dll	acprotect
static1/unpack001/FMail/bin/NetLibD.dll	acprotect

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/FMail/Lib/msado15.dll	upx
static1/unpack001/FMail/bin/NetLibD.dll	upx
static1/unpack001/FMail/bin/trfAgent.exe	upx
static1/unpack001/FMail/bin/trfSever.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FMail/Lib/msado15.dll
unpack001/FMail/bin/NetLibD.dll
unpack003/out.upx
unpack001/FMail/bin/trfAgent.exe
unpack004/out.upx
unpack001/FMail/bin/trfSever.exe
unpack005/out.upx

Files

524dc433813bd7a9c122591178df56c7
.rar
FMail/Lib/ADOLIB/ADOConnection.cpp
.js
FMail/Lib/ADOLIB/ADOConnection.h
FMail/Lib/ADOLIB/ADODataset.cpp
.js
FMail/Lib/ADOLIB/ADODataset.h
.vbs
FMail/Lib/ADOLIB/ADOException.h
FMail/Lib/ADOLIB/ADOLib.dsp
FMail/Lib/ADOLIB/ADOLib.dsw
FMail/Lib/ADOLIB/ADOLib.plg
.html
FMail/Lib/ADOLIB/ADOObject.cpp
FMail/Lib/ADOLIB/ADOObject.h
FMail/Lib/ADOLIB/AdoLib.h
FMail/Lib/ADOLIB/TimeEx.cpp
.js
FMail/Lib/ADOLIB/TimeEx.h
FMail/Lib/ADOLIB/VariantEx.cpp
.js
FMail/Lib/ADOLIB/VariantEx.h
FMail/Lib/NetLib/Mutex.h
FMail/Lib/NetLib/NetAddress.h
FMail/Lib/NetLib/NetException.h
FMail/Lib/NetLib/NetLibD.def
FMail/Lib/NetLib/NetLibD.dsp
FMail/Lib/NetLib/NetLibD.dsw
FMail/Lib/NetLib/NetLibD.rc
FMail/Lib/NetLib/Resource.h
FMail/Lib/NetLib/SafeVector.cpp
.js
FMail/Lib/NetLib/SafeVector.h
FMail/Lib/NetLib/Socket.h
FMail/Lib/NetLib/StdAfx.cpp
FMail/Lib/NetLib/StdAfx.h
FMail/Lib/NetLib/Thread.h
FMail/Lib/NetLib/ThreadStorage.h
FMail/Lib/NetLib/Threads/FileRecvorThread.h
FMail/Lib/NetLib/Threads/FileSenderThread.h
FMail/Lib/NetLib/Threads/Package.h
FMail/Lib/NetLib/XFile.h
FMail/Lib/NetLib/res/NetLibD.rc2
FMail/Lib/NetLib/stdNetApi.h
FMail/Lib/System/System.dsp
FMail/Lib/System/System.dsw
FMail/Lib/System/author.c
FMail/Lib/System/author.h
FMail/Lib/System/d3des.c
FMail/Lib/System/d3des.h
FMail/Lib/System/passwrd.h
FMail/Lib/System/vnclog.cpp
FMail/Lib/System/vnclog.h
FMail/Lib/msado15.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RNIGetCompatibleVersion
com_ms_wfc_data_Field_getBoolean
com_ms_wfc_data_Field_getByte
com_ms_wfc_data_Field_getBytes
com_ms_wfc_data_Field_getDataTimestamp
com_ms_wfc_data_Field_getDouble
com_ms_wfc_data_Field_getFloat
com_ms_wfc_data_Field_getInt
com_ms_wfc_data_Field_getLong
com_ms_wfc_data_Field_getShort
com_ms_wfc_data_Field_getString
com_ms_wfc_data_Field_isNull
com_ms_wfc_data_Field_loadMsjava
com_ms_wfc_data_Field_setDataDate

Sections

UPX0
Size: - Virtual size: 324KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FMail/bin/NetLibD.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CFileReceiver@@QAE@AAV0@@Z
??0CFileReceiver@@QAE@XZ
??0CFileReceiverThread@@QAE@ABV0@@Z
??0CFileReceiverThread@@QAE@XZ
??0CFileRecvorClientThread@@QAE@ABV0@@Z
??0CFileRecvorClientThread@@QAE@XZ
??0CFileSenderThread@@QAE@ABV0@@Z
??0CFileSenderThread@@QAE@XZ
??0CMutex@@QAE@ABV0@@Z
??0CMutex@@QAE@XZ
??0CMutexLock@@QAE@AAVCMutex@@@Z
??0CMutexLock@@QAE@ABV0@@Z
??0CThread@@QAE@ABV0@@Z
??0CThread@@QAE@XZ
??0CXBaseSocket@@QAE@AAV0@@Z
??0CXBaseSocket@@QAE@XZ
??0CXClientSocket@@QAE@AAV0@@Z
??0CXClientSocket@@QAE@XZ
??0CXFile@@QAE@ABV0@@Z
??0CXFile@@QAE@XZ
??0CXNetAddress@@QAE@AAV0@@Z
??0CXNetAddress@@QAE@I@Z
??0CXNetAddress@@QAE@IAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0CXNetAddress@@QAE@IPBD@Z
??0CXNetAddress@@QAE@Usockaddr_in@@@Z
??0CXNetAddress@@QAE@XZ
??0CXWinClientSocket@@QAE@AAV0@@Z
??0CXWinClientSocket@@QAE@XZ
??0CXWinServerClientSocket@@QAE@AAV0@@Z
??0CXWinServerClientSocket@@QAE@XZ
??0CXWinServerSocket@@QAE@AAV0@@Z
??0CXWinServerSocket@@QAE@XZ
??0CXWinSocket@@QAE@AAV0@@Z
??0CXWinSocket@@QAE@XZ
??1CFileReceiver@@UAE@XZ
??1CFileReceiverThread@@UAE@XZ
??1CFileRecvorClientThread@@UAE@XZ
??1CFileSenderThread@@UAE@XZ
??1CMutex@@UAE@XZ
??1CMutexLock@@UAE@XZ
??1CThread@@UAE@XZ
??1CXBaseSocket@@UAE@XZ
??1CXClientSocket@@UAE@XZ
??1CXFile@@UAE@XZ
??1CXNetAddress@@QAE@XZ
??1CXWinClientSocket@@UAE@XZ
??1CXWinServerClientSocket@@UAE@XZ
??1CXWinServerSocket@@UAE@XZ
??1CXWinSocket@@UAE@XZ
??4CFileReceiver@@QAEAAV0@ABV0@@Z
??4CFileReceiverThread@@QAEAAV0@ABV0@@Z
??4CFileRecvorClientThread@@QAEAAV0@ABV0@@Z
??4CFileSenderThread@@QAEAAV0@ABV0@@Z
??4CMutex@@QAEAAV0@ABV0@@Z
??4CThread@@QAEAAV0@ABV0@@Z
??4CXBaseSocket@@QAEAAV0@ABV0@@Z
??4CXClientSocket@@QAEAAV0@ABV0@@Z
??4CXFile@@QAEAAV0@ABV0@@Z
??4CXNetAddress@@QAEAAV0@ABV0@@Z
??4CXWinClientSocket@@QAEAAV0@ABV0@@Z
??4CXWinServerClientSocket@@QAEAAV0@ABV0@@Z
??4CXWinServerSocket@@QAEAAV0@ABV0@@Z
??4CXWinSocket@@QAEAAV0@ABV0@@Z
??BCXBaseSocket@@QAEIXZ
??BCXNetAddress@@QAE?AUsockaddr_in@@XZ
??_7CFileReceiver@@6B@
??_7CFileReceiverThread@@6B@
??_7CFileRecvorClientThread@@6B@
??_7CFileSenderThread@@6B@
??_7CMutex@@6B@
??_7CMutexLock@@6B@
??_7CThread@@6B@
??_7CXBaseSocket@@6B@
??_7CXClientSocket@@6B@
??_7CXFile@@6B@
??_7CXWinClientSocket@@6B@
??_7CXWinServerClientSocket@@6B@
??_7CXWinServerSocket@@6B@
??_7CXWinSocket@@6B@
?Accept@CXBaseSocket@@MAEIXZ
?Add_Client@CXWinServerSocket@@AAEXPAVCXWinSocket@@@Z
?AsyncSelect@CXBaseSocket@@MAE_NPAUHWND__@@J@Z
?AsyncSelect@CXWinSocket@@UAE_NPAUHWND__@@J@Z
?CanBeTerminate@CThread@@QBE_NXZ
?Clone@CXNetAddress@@QAEPAV1@XZ
?Close@CXFile@@QAEXXZ
?ConnectServer@CXClientSocket@@AAE_NXZ
?ConnectServer@CXWinClientSocket@@AAE_NXZ
?Create@CFileReceiverThread@@QAE_N_NIQAUHWND__@@@Z
?Create@CFileSenderThread@@QAE_N_NPAVCXClientSocket@@@Z
?Create@CFileSenderThread@@QAE_N_NPBDI@Z
?Create@CThread@@QAE_N_NPAX@Z
?Create@CXBaseSocket@@UAE_NXZ
?Create@CXClientSocket@@UAE_NXZ
?Create@CXWinClientSocket@@UAE_NXZ
?Create@CXWinServerClientSocket@@QAE_NIPAVCXWinServerSocket@@@Z
?Create@CXWinServerSocket@@UAE_NXZ
?Create@CXWinSocket@@UAE_NXZ
?CreateByHandle@CXBaseSocket@@UAE_NI@Z
?CreateByHandle@CXWinSocket@@UAE_NI@Z
?Delete_Client_Thread@CFileReceiver@@QAEXPAVCXWinSocket@@@Z
?Destroy@CFileSenderThread@@UAEXXZ
?Destroy@CThread@@UAEXXZ
?Destroy@CXBaseSocket@@UAEXXZ
?Destroy@CXClientSocket@@UAEXXZ
?Destroy@CXWinClientSocket@@UAEXXZ
?Destroy@CXWinServerClientSocket@@UAEXXZ
?Destroy@CXWinServerSocket@@UAEXXZ
?Destroy@CXWinSocket@@UAEXXZ
?DoClientEvent@CXWinServerSocket@@QAEXPAVCXWinSocket@@H@Z
?DoEvent@CThread@@AAEXW4THREAD_EVENT@1@@Z
?DoEvent@CXWinSocket@@IAEXH@Z
?Eof@CXFile@@QAE_NXZ
?Execute@CFileReceiverThread@@MAEXXZ
?Execute@CFileRecvorClientThread@@MAEXXZ
?Execute@CFileSenderThread@@MAEXXZ
?Find_ClientFromHandle@CXWinServerSocket@@QAEPAVCXWinSocket@@IPAH@Z
?GetFileName@CXFile@@QAEAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetIpofAddr@CXNetAddress@@QAEPBDXZ
?GetLocalHostIp@CXNetAddress@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetLocalHostName@CXNetAddress@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetPortofAddr@CXNetAddress@@QAE?BIXZ
?GetRecedFileSaveDir@CFileReceiver@@QAEPBDXZ
?GetRecedFileSaveDir@CFileReceiverThread@@QAEPBDXZ
?GetSize@CXFile@@QAEKXZ
?GetSocketIn@CXNetAddress@@QBE?AUsockaddr_in@@XZ
?Get_ClientCounts@CXWinServerSocket@@QAE?BIXZ
?Get_ClientFromPos@CXWinServerSocket@@QAEPAVCXWinSocket@@I@Z
?Get_LocalHost_IP@CXBaseSocket@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Get_LocalHost_Name@CXBaseSocket@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Get_RemoteHost_IP@CXBaseSocket@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Get_RemoteHost_Name@CXBaseSocket@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Get_SockEventMask@CXBaseSocket@@IAEJXZ
?Get_Socket_Address@CXBaseSocket@@QAEABVCXNetAddress@@XZ
?Get_Socket_Handle@CXBaseSocket@@QAE?BIXZ
?Get_Socket_Type@CXBaseSocket@@QAE?BGXZ
?Get_Socket_WndHandle@CXWinSocket@@QAEPAUHWND__@@XZ
?IOCtrl@CXBaseSocket@@IAE_NJKAAH@Z
?IsOpened@CXFile@@QAE_NXZ
?Listen@CXBaseSocket@@MAE_NH@Z
?Lock@CMutex@@QAEXXZ
?LookupHostName@CXBaseSocket@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
?MakeOnlyOneFileName@CFileRecvorClientThread@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
?New_Client_Thread@CFileReceiver@@QAEPAVCThread@@PAVCXWinSocket@@@Z
?OnAccept@CXWinServerSocket@@MAEXPAVCXWinSocket@@@Z
?OnAccept@CXWinSocket@@MAEXPAV1@@Z
?OnAcceptVerify@CFileReceiver@@MAE_NPAVCXWinSocket@@@Z
?OnAcceptVerify@CXWinServerSocket@@MAE_NPAVCXWinSocket@@@Z
?OnClientClose@CFileReceiver@@MAEXPAVCXWinSocket@@@Z
?OnClientClose@CXWinServerSocket@@MAEXPAVCXWinSocket@@@Z
?OnClientConnect@CFileReceiver@@MAEXPAVCXWinSocket@@@Z
?OnClientConnect@CXWinServerSocket@@MAEXPAVCXWinSocket@@@Z
?OnClientOutofBound@CXWinServerSocket@@MAEXPAVCXWinSocket@@@Z
?OnClientRead@CXWinServerSocket@@MAEXPAVCXWinSocket@@@Z
?OnClientWrite@CXWinServerSocket@@MAEXPAVCXWinSocket@@@Z
?OnClose@CXWinClientSocket@@MAEXPAVCXWinSocket@@@Z
?OnClose@CXWinServerClientSocket@@MAEXPAVCXWinSocket@@@Z
?OnClose@CXWinSocket@@MAEXPAV1@@Z
?OnConnect@CXWinClientSocket@@MAEXPAVCXWinSocket@@@Z
?OnConnect@CXWinSocket@@MAEXPAV1@@Z
?OnOutofBound@CXWinClientSocket@@MAEXPAVCXWinSocket@@@Z
?OnOutofBound@CXWinServerClientSocket@@MAEXPAVCXWinSocket@@@Z
?OnOutofBound@CXWinSocket@@MAEXPAV1@@Z
?OnRead@CXWinClientSocket@@MAEXPAVCXWinSocket@@@Z
?OnRead@CXWinServerClientSocket@@MAEXPAVCXWinSocket@@@Z
?OnRead@CXWinSocket@@MAEXPAV1@@Z
?OnResume@CFileReceiverThread@@MAEXXZ
?OnResume@CFileRecvorClientThread@@MAEXXZ
?OnResume@CThread@@MAEXXZ
?OnStart@CFileReceiverThread@@MAEXXZ
?OnStart@CFileRecvorClientThread@@MAEXXZ
?OnStart@CFileSenderThread@@MAEXXZ
?OnStart@CThread@@MAEXXZ
?OnStop@CFileReceiverThread@@MAEXXZ
?OnStop@CFileRecvorClientThread@@MAEXXZ
?OnStop@CFileSenderThread@@MAEXXZ
?OnStop@CThread@@MAEXXZ
?OnSuspend@CFileReceiverThread@@MAEXXZ
?OnSuspend@CFileRecvorClientThread@@MAEXXZ
?OnSuspend@CThread@@MAEXXZ
?OnWrite@CXWinClientSocket@@MAEXPAVCXWinSocket@@@Z
?OnWrite@CXWinServerClientSocket@@MAEXPAVCXWinSocket@@@Z
?OnWrite@CXWinSocket@@MAEXPAV1@@Z
?Open@CXBaseSocket@@UAE_N_N@Z
?Open@CXClientSocket@@UAE_N_N@Z
?Open@CXFile@@QAE_NPBDH@Z
?Open@CXWinClientSocket@@UAE_N_N@Z
?Open@CXWinServerSocket@@UAE_N_N@Z
?Parse_Pack_FileBody@CFileRecvorClientThread@@AAEHXZ
?Parse_Pack_FileHeader@CFileRecvorClientThread@@AAEHXZ
?Pause@CThread@@QAEXXZ
?Read@CXFile@@QAEHPAXI@Z
?ReceiveBuf@CXBaseSocket@@QAEHPAXH@Z
?Remove_AllClients@CXWinServerSocket@@AAEXXZ
?Remove_Client@CXWinServerSocket@@AAEXPAVCXWinSocket@@@Z
?Resume@CThread@@QAEXXZ
?Resume_Accepting@CFileReceiver@@QAEXXZ
?Seek@CXFile@@QAEKHW4FILE_POS@@@Z
?Select@CXBaseSocket@@QAEHHH@Z
?SendBuf@CXBaseSocket@@QAEHPBXH@Z
?SendFile@CFileSenderThread@@IAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SendFileBody@CFileSenderThread@@IAEHXZ
?SendFileHeader@CFileSenderThread@@IAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAddress@CXNetAddress@@QAEXI@Z
?SetAddress@CXNetAddress@@QAEXIPBD@Z
?SetAddress@CXNetAddress@@QAEXUsockaddr_in@@@Z
?SetNotifyWnd@CFileReceiver@@QAEXQAUHWND__@@@Z
?SetRecedFileSaveDir@CFileReceiver@@QAEXPBD@Z
?SetRecedFileSaveDir@CFileReceiverThread@@QAEXPBD@Z
?Set_ASyncStyles@CXBaseSocket@@IAE_NPAUHWND__@@@Z
?Set_Socket_Address@CXBaseSocket@@QAEXAAVCXNetAddress@@@Z
?Set_Socket_Address@CXBaseSocket@@QAEXIPBD@Z
?SockMsgProc@CXWinSocket@@CGJPAUHWND__@@IIJ@Z
?Socket_IsBlockingMode@CXBaseSocket@@QAE?B_NXZ
?Socket_IsOpened@CXBaseSocket@@QAE?B_NXZ
?Socket_IsValid@CXBaseSocket@@QAE?B_NXZ
?Start@CThread@@QAEXXZ
?Stop@CThread@@QAEXXZ
?Subscribe@CFileSenderThread@@QAEXPAUHWND__@@@Z
?Suspend_Accepting@CFileReceiver@@QAEXXZ
?Unlock@CMutex@@QAEXXZ
?Write@CXFile@@QAEXPBXI@Z
?fnThreadProc@CThread@@KGKPAX@Z
?getSafeHandle@CThread@@QBEPAXXZ
?getThreadId@CThread@@QBEKXZ
?getThreadParams@CThread@@QBEPAXXZ
?getThreadState@CThread@@QBE?AW4THREAD_STATE@@XZ
?pushFile@CFileSenderThread@@QAEXPBD@Z
AllocateHWnd
CreateDirectorys
DeallocateHWnd
DeleteCharFromString
DirectoryExists
ExtractFileName
ExtractFilePath
FileExists
GenerateCLSID
GetFileInfo
Initialize
SetFileInfo
UnInitialize

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FMail/bin/NetLibD.lib
FMail/bin/trfAgent.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FMail/bin/trfSever.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FMail/document/数据库脚本.sql
FMail/document/数据库设计说明.doc
.doc windows office2003
FMail/public/DropFiles.cpp
FMail/public/DropFiles.h
FMail/public/Shortcut.cpp
FMail/public/Shortcut.h
FMail/public/TrayIcon.cpp
FMail/public/TrayIcon.h
FMail/public/sqlstr.h
FMail/public/trfPublic.h
FMail/trfAgent/AppInstance.cpp
.js
FMail/trfAgent/AppInstance.h
FMail/trfAgent/CCHelper.cpp
FMail/trfAgent/CCHelper.h
FMail/trfAgent/CSHelper.cpp
.js
FMail/trfAgent/CSHelper.h
FMail/trfAgent/ConfigEnv.cpp
FMail/trfAgent/ConfigEnv.h
FMail/trfAgent/ConfigNetwork.cpp
FMail/trfAgent/ConfigNetwork.h
FMail/trfAgent/ConfigSysView.cpp
FMail/trfAgent/ConfigSysView.h
FMail/trfAgent/FileListRecv.cpp
.js
FMail/trfAgent/FileListRecv.h
FMail/trfAgent/FileNameInputDlg.cpp
FMail/trfAgent/FileNameInputDlg1.cpp
FMail/trfAgent/FileRenameDlg.cpp
FMail/trfAgent/FileRenameDlg.h
FMail/trfAgent/FileTransFrame.cpp
FMail/trfAgent/FileTransFrame.h
FMail/trfAgent/FileTransView.cpp
FMail/trfAgent/FileTransView.h
FMail/trfAgent/FilelistSend.cpp
.js
FMail/trfAgent/FilelistSend.h
FMail/trfAgent/GuiADODB.cpp
.js
FMail/trfAgent/GuiADODB.h
FMail/trfAgent/LocalUserRenameDlg.cpp
FMail/trfAgent/LocalUserRenameDlg.h
FMail/trfAgent/MainFrm.cpp
FMail/trfAgent/MainFrm.h
FMail/trfAgent/MyTree.cpp
FMail/trfAgent/MyTree.h
FMail/trfAgent/Register.cpp
FMail/trfAgent/Register.h
FMail/trfAgent/SearchUserDlg.cpp
FMail/trfAgent/SearchUserDlg.h
FMail/trfAgent/SendGroupMgr.cpp
FMail/trfAgent/SendGroupMgr.h
FMail/trfAgent/SndGrpRenameDlg.cpp
FMail/trfAgent/SndGrpRenameDlg.h
FMail/trfAgent/StdAfx.cpp
FMail/trfAgent/StdAfx.h
FMail/trfAgent/SysLogView.cpp
FMail/trfAgent/SysLogView.h
FMail/trfAgent/SysUsrLoginDlg.cpp
FMail/trfAgent/SysUsrLoginDlg.h
FMail/trfAgent/TimeEx.cpp
.js
FMail/trfAgent/TimeEx.h
FMail/trfAgent/TreeForGrpSend.cpp
.js
FMail/trfAgent/TreeForGrpSend.h
FMail/trfAgent/TreeForHistory.h
FMail/trfAgent/TreeForUsers.cpp
.js
FMail/trfAgent/TreeForUsers.h
FMail/trfAgent/VariantEx.cpp
.js
FMail/trfAgent/VariantEx.h
FMail/trfAgent/WorkFrame.cpp
FMail/trfAgent/WorkFrame.h
FMail/trfAgent/WorkspaceView.cpp
FMail/trfAgent/WorkspaceView.h
FMail/trfAgent/XShell.cpp
FMail/trfAgent/XShell.h
FMail/trfAgent/XTSplitterWnd.cpp
.vbs
FMail/trfAgent/XTSplitterWnd.h
FMail/trfAgent/const.h
FMail/trfAgent/filenameinputdlg.h
FMail/trfAgent/res/ChatImage.bmp
FMail/trfAgent/res/Couple.ico
FMail/trfAgent/res/DBFiles.dat
FMail/trfAgent/res/File.ico
FMail/trfAgent/res/Login.ico
FMail/trfAgent/res/Mail delete.ico
FMail/trfAgent/res/NetConfig.ico
FMail/trfAgent/res/PCUser.ico
FMail/trfAgent/res/Pc user.ico
FMail/trfAgent/res/SysView.bmp
FMail/trfAgent/res/Workspace-24.bmp
FMail/trfAgent/res/Workspace.bmp
FMail/trfAgent/res/controls6.ico
FMail/trfAgent/res/dbprojec.bmp
FMail/trfAgent/res/error.WAV
FMail/trfAgent/res/mail send.ico
FMail/trfAgent/res/mainfram.bmp
FMail/trfAgent/res/notify.wav
FMail/trfAgent/res/splith.cur
FMail/trfAgent/res/splitv.cur
FMail/trfAgent/res/toolbar1.bmp
FMail/trfAgent/res/trfAgent.rc2
FMail/trfAgent/res/wave1.bin
FMail/trfAgent/resource.h
FMail/trfAgent/treeforhistory.cpp
.js
FMail/trfAgent/trfAgent.clw
FMail/trfAgent/trfAgent.cpp
FMail/trfAgent/trfAgent.dsp
FMail/trfAgent/trfAgent.dsw
FMail/trfAgent/trfAgent.h
FMail/trfAgent/trfAgent.plg
.html
FMail/trfAgent/trfAgent.rc
FMail/trfAgent/trfAgentDoc.cpp
FMail/trfAgent/trfAgentDoc.h
FMail/trfAgent/trfAgentView.cpp
FMail/trfAgent/trfAgentView.h
FMail/trfServer/AppInstance.cpp
FMail/trfServer/AppInstance.h
FMail/trfServer/Resource.h
FMail/trfServer/Server.bbs
FMail/trfServer/Server.clw
FMail/trfServer/Server.cpp
.js
FMail/trfServer/Server.dsp
FMail/trfServer/Server.dsw
FMail/trfServer/Server.h
FMail/trfServer/Server.plg
.html
FMail/trfServer/Server.rc
FMail/trfServer/ServerDlg.cpp
FMail/trfServer/ServerDlg.h
FMail/trfServer/Service.cpp
.js
FMail/trfServer/Service.h
FMail/trfServer/StdAfx.cpp
FMail/trfServer/StdAfx.h
FMail/trfServer/res/Server.bmp
FMail/trfServer/res/Server.rc2
FMail/trfServer/res/服务器－忙.ico
FMail/trfServer/res/服务器－正常.ico

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 324KB

UPX1 Size: 166KB - Virtual size: 168KB

.rsrc Size: 71KB - Virtual size: 72KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 64KB

UPX1 Size: 21KB - Virtual size: 24KB

.rsrc Size: 13KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 856B

.rsrc Size: 4KB - Virtual size: 840B

.reloc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 164KB

UPX1 Size: 85KB - Virtual size: 88KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 88KB - Virtual size: 87KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 64KB

UPX1 Size: 29KB - Virtual size: 32KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 16KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 324KB

UPX1
Size: 166KB - Virtual size: 168KB

.rsrc
Size: 71KB - Virtual size: 72KB

UPX0
Size: - Virtual size: 64KB

UPX1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 13KB - Virtual size: 16KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 856B

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 164KB

UPX1
Size: 85KB - Virtual size: 88KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 88KB - Virtual size: 87KB

UPX0
Size: - Virtual size: 64KB

UPX1
Size: 29KB - Virtual size: 32KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 16KB - Virtual size: 12KB