medusalocker | Cat Research 2023-07-15[.]zip

Resubmissions

21-01-2024 14:52

240121-r8syqaeac7 10

21-01-2024 14:51

240121-r8k8waeac5 10

01-01-2024 13:55

240101-q776kscacp 10

Sharing

Copy URL

Twitter E-mail

General

Target

Cat Research 2023-07-15.zip
Size

4.5MB
MD5

e56e18b0de08e733d57e92e6d033bf17
SHA1

0e8d037a03a1855b3614174ba7e1a98424314449
SHA256

ee65e9d7a7bc9d17e894e0b775fc0bbfb35e72c65c3d768e34bfe059d521cc16
SHA512

ea9ed41545b843b89d5638c59448d53cf0e20298f2fa09989898ba1771626ce71d1661782980c6a826c2eabe0bb55145df09f5ae87a412474992d7013257c15d
SSDEEP

98304:vampW+t8jmbIlfnE3+2mNntZaXItRbFLbf7jLxPbM0biQaMYQ/j/:vampW+6jmOlbNm4tRFLjLxjpso7

Score

10^/10

upx medusalocker makop trigona

Malware Config

Signatures

Detects Trigona ransomware 1 IoCs

resource	yara_rule
static1/unpack001/fef96e503bb02c85e176305a0a42116eb9595c8c37151d3a740ed4a266694b5d	family_trigona

MAKOP ransomware payload 2 IoCs

resource	yara_rule
static1/unpack001/a0f5def5aaaefa3ae538da9c643a5e381ea89cdee3e451ab1d0c52181d758593	family_makop
static1/unpack001/bdf06acf03785275d01d4135b432b56b31c7f352f9be3cf8eca00286251aa163	family_makop

Makop family
makop

MedusaLocker payload 1 IoCs

resource	yara_rule
static1/unpack001/97a877b999fb2a3c8286548ac4b20f364a862b132a87272fe273c670a654ba8d	family_medusalocker

Medusalocker family
medusalocker
Trigona family
trigona

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/323389cde5a3059c6c6e5c6c711d11e434a577b11dc07a9aeb7f8e1fb661ecf3
unpack001/365712147d687fb2eb2d5cb612586c7d3d7364277441491a3ab379a4a1128ba7
unpack001/5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506
unpack002/out.upx
unpack001/59c59ef90d1370297375d4e3195eabe2a031251bc939fae962a835d8336a8a4d
unpack001/63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222
unpack001/9443472de461e9e7a9d7b7d89fa13815521db1ecebea5054643664953ee366e5
unpack001/97a877b999fb2a3c8286548ac4b20f364a862b132a87272fe273c670a654ba8d
unpack001/a0f5def5aaaefa3ae538da9c643a5e381ea89cdee3e451ab1d0c52181d758593
unpack001/abfe4422828c6515e7b53c50a8f07dda0169f4ee34173357b6fa35b06fe144b1
unpack001/b21f34ecfa7135153d506b3fde2a0d0bd23b44eccedc635cbfa474e321040273
unpack003/svchost.exe
unpack001/b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8
unpack001/bbb46278959b4628106319457405a8cc04681c82c2c8afa30475d50ed63417f2
unpack001/bdf06acf03785275d01d4135b432b56b31c7f352f9be3cf8eca00286251aa163
unpack001/db3529a2d96f82af48dd8b93615cf89ee5e0c9fe84d70222b30adcb947602881
unpack001/e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db
unpack001/fef96e503bb02c85e176305a0a42116eb9595c8c37151d3a740ed4a266694b5d

Files

Cat Research 2023-07-15.zip
.zip
323389cde5a3059c6c6e5c6c711d11e434a577b11dc07a9aeb7f8e1fb661ecf3
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 858KB - Virtual size: 858KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
365712147d687fb2eb2d5cb612586c7d3d7364277441491a3ab379a4a1128ba7
.exe windows:5 windows x86 arch:x86

3b30f5cde12f20b02f5835300a694f8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetProcessAffinityMask
SetVolumeLabelA
WriteConsoleOutputCharacterW
MapViewOfFile
LoadResource
HeapAlloc
ClearCommError
GetNumaAvailableMemoryNode
FlushViewOfFile
SleepEx
ConnectNamedPipe
GetModuleHandleW
GetTickCount
GetWindowsDirectoryA
SetProcessPriorityBoost
GetProcessTimes
GetPriorityClass
GetVolumePathNameW
SetVolumeMountPointA
DeleteVolumeMountPointW
GetConsoleAliasW
SetConsoleCursorPosition
GetAtomNameW
EnumResourceLanguagesA
MultiByteToWideChar
CreateMailslotW
DisconnectNamedPipe
EnumSystemLocalesA
FindFirstFileExA
GetProcAddress
GetPrivateProfileStringA
GetProcessWorkingSetSize
BuildCommDCBAndTimeoutsW
FindFirstVolumeMountPointW
SetConsoleOutputCP
SetConsoleWindowInfo
GetDefaultCommConfigA
CreateIoCompletionPort
EnumDateFormatsW
_lopen
FindAtomW
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
IsProcessorFeaturePresent
EncodePointer
DecodePointer
CloseHandle
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
Sleep
HeapSize
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetFilePointer
HeapReAlloc
LCMapStringW
GetStringTypeW
CreateFileW

user32

GetCaretBlinkTime

Sections

.text
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
59c59ef90d1370297375d4e3195eabe2a031251bc939fae962a835d8336a8a4d
.exe windows:5 windows x86 arch:x86

7c12225efbd4c9393846dfdf3367530a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetVolumeLabelA
SetupComm
GetNumaNodeProcessorMask
SetPriorityClass
WriteConsoleOutputCharacterW
MapViewOfFile
LoadResource
HeapAlloc
SetConsoleScreenBufferSize
ConnectNamedPipe
GetModuleHandleW
GetTickCount
GetPrivateProfileStringW
SetProcessPriorityBoost
GetProcessTimes
GetVolumePathNameW
GlobalAlloc
GetVolumeInformationA
Sleep
SetVolumeMountPointA
DeleteVolumeMountPointW
SetProcessAffinityMask
GetMailslotInfo
MultiByteToWideChar
FindFirstFileExA
GetLastError
GetProcAddress
GetAtomNameA
BuildCommDCBAndTimeoutsW
SetConsoleOutputCP
SetProcessWorkingSetSize
SetConsoleWindowInfo
SetNamedPipeHandleState
GetDefaultCommConfigA
FindFirstVolumeMountPointA
CreateIoCompletionPort
CreateMailslotA
_lopen
FindAtomW
GetVolumeNameForVolumeMountPointW
GetConsoleAliasW
GetEnvironmentVariableW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
IsProcessorFeaturePresent
EncodePointer
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
RtlUnwind
HeapSize
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
GetStringTypeW
CloseHandle
WriteConsoleW
CreateFileW

user32

GetCaretPos

advapi32

QueryServiceLockStatusA

Sections

.text
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9443472de461e9e7a9d7b7d89fa13815521db1ecebea5054643664953ee366e5
.exe .js windows:4 windows x86 arch:x86 polyglot

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
97a877b999fb2a3c8286548ac4b20f364a862b132a87272fe273c670a654ba8d
.exe windows:6 windows x86 arch:x86

f22bc6a616927c119c37738048bc1cc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

shlwapi

StrStrIW
PathIsUNCW
PathFindExtensionW

rstrtmgr

RmShutdown
RmGetList
RmRegisterResources
RmEndSession
RmStartSession

mpr

WNetGetConnectionW
WNetAddConnection2W

kernel32

GetLogicalDrives
FindFirstVolumeW
SetVolumeMountPointW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
DeleteVolumeMountPointW
FindNextVolumeW
GetDriveTypeW
ReadFile
FindFirstFileExW
FindNextFileW
WriteFile
FindClose
CreateFileW
SetFileAttributesW
SubmitThreadpoolWork
SetFilePointerEx
GetConsoleWindow
lstrcmpiW
GetWindowsDirectoryW
SetConsoleTitleW
MoveFileW
CreateThreadpoolWork
SizeofResource
GetCurrentProcess
AssignProcessToJobObject
InitializeProcThreadAttributeList
CreatePipe
PeekNamedPipe
WaitForSingleObject
OpenProcess
MultiByteToWideChar
UpdateProcThreadAttribute
LockResource
LoadResource
FindResourceW
CreateProcessW
GetModuleHandleW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
GetFileAttributesExW
GetExitCodeProcess
CloseHandle
GetLastError
CreateJobObjectW
SetInformationJobObject
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
DecodePointer
WriteConsoleW
QueryDosDeviceW
LocalFree
FormatMessageA
GetLocaleInfoEx
RaiseException
WaitForSingleObjectEx
Sleep
GetCurrentThreadId
GetExitCodeThread
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
GetModuleHandleExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetProcAddress
InitializeConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
TerminateProcess
RtlUnwind
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW

user32

IsWindowVisible
ShowWindow
GetWindowThreadProcessId
RegisterWindowMessageW
GetShellWindow
GetAsyncKeyState

advapi32

CryptGenRandom
RegSetValueExW
OpenProcessToken
GetTokenInformation
CryptDestroyKey
CryptGetKeyParam
CryptAcquireContextW
CryptEncrypt
RegGetValueW
CryptExportKey
CryptImportKey
CryptGenKey
CryptReleaseContext
RegCloseKey
RegCreateKeyExW

shell32

SHEmptyRecycleBinW

ole32

CoGetObjectContext
CoGetApartmentType

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a0f5def5aaaefa3ae538da9c643a5e381ea89cdee3e451ab1d0c52181d758593
.exe windows:4 windows x86 arch:x86

5afc99ca3a218f4d86b9c8bff5b56ac0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

kernel32

CreateFileW
GetLastError
FindClose
DeviceIoControl
WaitForMultipleObjects
FindNextFileW
GetVolumeInformationW
CreateThread
TryEnterCriticalSection
Sleep
WriteFile
GetStdHandle
SetEndOfFile
SetFilePointerEx
ReadFile
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GlobalAlloc
GlobalFree
GetLogicalDrives
PeekNamedPipe
GetComputerNameW
SetEvent
TerminateThread
GetProcAddress
LoadLibraryA
CreateEventW
OpenProcess
GetFileType
GetModuleHandleA
DuplicateHandle
GetCurrentProcessId
ExitProcess
GetModuleHandleW
GetCommandLineW
CreatePipe
GetEnvironmentVariableW
CreateProcessW
GetSystemWindowsDirectoryW
WaitForSingleObject
GetLocaleInfoW
GetModuleFileNameW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateDirectoryW
GetFileAttributesW
SetErrorMode
GetDriveTypeW
FindFirstFileW
CloseHandle
DeleteCriticalSection
EnterCriticalSection
TerminateProcess
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
GetVersion
SetHandleInformation

user32

DialogBoxParamW
ShowWindow
MessageBoxW
SetWindowTextA
SendMessageW
EnableWindow
UnregisterHotKey
GetWindowThreadProcessId
RegisterHotKey
GetWindowTextLengthW
CloseClipboard
GetWindowTextA
EmptyClipboard
GetDlgItem
OpenClipboard
SetClipboardData
wsprintfW
GetShellWindow
SetTimer
PostMessageW
KillTimer
wsprintfA
SetWindowTextW
EndDialog

advapi32

CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptDecrypt
OpenProcessToken
GetTokenInformation
SetTokenInformation
DuplicateTokenEx
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptImportKey
CryptEncrypt

shell32

ord680
CommandLineToArgvW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
abfe4422828c6515e7b53c50a8f07dda0169f4ee34173357b6fa35b06fe144b1
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b21f34ecfa7135153d506b3fde2a0d0bd23b44eccedc635cbfa474e321040273
.exe windows:4 windows x86 arch:x86

297afa6dad8483724e2a0a247c5ec927

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleOutputCP
WriteConsoleA
HeapSize
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetModuleFileNameA
GetProcAddress
WriteFile
ExitProcess
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
WriteConsoleW
HeapDestroy
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFileTimeToFileTime
lstrcpyA
OpenFileMappingA
GetVersion
CloseHandle
OutputDebugStringA
CreateMutexA
lstrcatW
GetModuleHandleA
lstrcmpiA
GetLastError
lstrlenW
MultiByteToWideChar
GetTimeZoneInformation
TerminateProcess
SetTimeZoneInformation
CreateEventA
Sleep
LoadLibraryW
WideCharToMultiByte
OpenProcess
SetFileTime
GetProcessHeap
WaitForSingleObject
GetCurrentProcess
TlsGetValue
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetVersionExA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
CreateDirectoryA
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetSystemInfo
GetNumberFormatW
GetFileType
HeapCreate
LoadLibraryA
SystemTimeToFileTime
HeapAlloc
FreeLibrary
MapViewOfFile
lstrlenA
GetStdHandle
CreateFileA

user32

OemKeyScan
GetDlgCtrlID
GetWindow
SetDlgItemTextW
LoadImageA
GetSystemMetrics
MessageBoxW
DispatchMessageA
RegisterRawInputDevices
IsWindow
AppendMenuA
SendMessageA
LoadCursorA
BeginPaint
wsprintfW
GetScrollRange
CreateMenu
WindowFromPoint
DlgDirSelectExA
GetSysColorBrush
LoadStringW
DlgDirListA
TranslateMessage
GetCursorPos
GetSysColor
GetDesktopWindow
DefWindowProcA
EndDialog
CreateWindowExA
GetClipboardData
GetWindowLongA
CharLowerA
LoadIconA
TrackPopupMenuEx
DefMDIChildProcA
EndPaint
GetMessageA
EnumDisplayMonitors
InsertMenuItemA
RegisterClassExA
FillRect
LoadStringA
GetFocus
LoadBitmapA
GetParent
LoadMenuA
SetCursorPos

gdi32

SetBkColor
CreateSolidBrush
GetObjectA
SetTextJustification
GetTextExtentPoint32A
SetWindowExtEx
SetTextColor
CreateDIBSection
TextOutA
GetRegionData
DeleteObject
SelectObject

advapi32

CryptAcquireContextW
CryptSetProvParam
CryptGetKeyParam
CryptGetUserKey
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

shell32

SHBrowseForFolderA
SHGetFolderPathW
SHGetFileInfoA
SHGetFileInfoW

ole32

CoUninitialize
BindMoniker
CoRegisterClassObject
CoInitializeEx
StgOpenStorage
CoCreateGuid
PropVariantClear
StringFromGUID2
CLSIDFromString
CreateFileMoniker

oleaut32

UnRegisterTypeLi

netapi32

NetShareGetInfo

psapi

GetModuleFileNameExA

avicap32

capGetDriverDescriptionA

winscard

SCardGetProviderIdW
SCardConnectA
SCardListCardsW

winmm

mmioAscend
waveInOpen
waveInPrepareHeader
waveInReset

crypt32

CertCreateCertificateContext
CertOpenStore

shlwapi

SHStrDupW
StrCmpNIA
StrCSpnA
ChrCmpIA
StrChrA
StrToIntExA
StrCmpIW
StrTrimA

comctl32

ImageList_Create

rpcrt4

RpcEpResolveBinding

gdiplus

GdipCloneImage
GdipLoadImageFromFile
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSaveImageToFile
GdipFree
GdipCreateBitmapFromFileICM
GdipDeleteGraphics

imm32

ImmGetOpenStatus
ImmSetOpenStatus
ImmGetContext
ImmReleaseContext

winhttp

WinHttpOpen
WinHttpConnect

urlmon

CoInternetParseUrl

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b4b97aa67e2fbfa344053be1c101cbd6560b0a5cfe2de8e2e637ba90c4df2ca9
.zip
svchost.exe
.exe windows:6 windows x64 arch:x64

3d990dfa19dafa785fe805787ae73e1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetPriorityClass
GetSystemTime
GetDiskFreeSpaceExW
OpenProcess
GetTempPathW
LocalFree
DeleteFileW
FindFirstFileW
FindClose
GetVolumeNameForVolumeMountPointW
FindNextFileW
SetThreadPriority
GetCurrentThread
GetFileAttributesW
WaitForMultipleObjects
SetEvent
CreateEventA
ReOpenFile
SetLastError
GlobalSize
GlobalLock
GlobalUnlock
SetFilePointer
GetDriveTypeW
GetProcAddress
LoadLibraryA
GetCurrentProcessId
DeleteFileA
ResetEvent
GetProcessHeap
ExitProcess
lstrcmpiA
HeapFree
GlobalMemoryStatusEx
GetConsoleWindow
SetFilePointerEx
DeviceIoControl
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
CreateFileA
GetDriveTypeA
GetSystemWindowsDirectoryW
GetLogicalDrives
MoveFileW
GetFileSize
SetEndOfFile
GetLastError
SetFileAttributesW
CreateDirectoryW
ReadFile
GetFileSizeEx
Wow64RevertWow64FsRedirection
CreateProcessW
Wow64DisableWow64FsRedirection
GetLocalTime
CloseHandle
FlushFileBuffers
WriteFile
CreateFileW
OutputDebugStringW
WaitForSingleObject
CreateThread
Sleep
GetModuleFileNameW
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
HeapQueryInformation
HeapSize
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
GetCurrentProcess
GetCommandLineW
GetCommandLineA
GetStdHandle
GetFileType
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
TlsAlloc

user32

ShowWindow
wsprintfA
wsprintfW
ReleaseDC
GetSystemMetrics
GetDC

gdi32

BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject

advapi32

RegCreateKeyExA
CryptGenRandom
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetEntriesInAclW
SetNamedSecurityInfoW
ConvertSidToStringSidA
OpenProcessToken
RegCloseKey
RegSetValueExA
CryptAcquireContextW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
GetTokenInformation
CryptReleaseContext

ole32

GetHGlobalFromStream
CLSIDFromString
CreateStreamOnHGlobal

psapi

EnumProcesses
GetModuleFileNameExA
GetModuleFileNameExW

ws2_32

ioctlsocket
WSAStartup
closesocket
recv
connect
htons
inet_addr
socket
select

iphlpapi

GetAdaptersInfo

netapi32

NetShareEnum
NetApiBufferFree

gdiplus

GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipBitmapGetPixel
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipSaveImageToStream

rstrtmgr

RmGetList
RmRegisterResources
RmStartSession
RmEndSession

Sections

.text
Size: 934KB - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 239KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.txt
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 243KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

proc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bbb46278959b4628106319457405a8cc04681c82c2c8afa30475d50ed63417f2
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdf06acf03785275d01d4135b432b56b31c7f352f9be3cf8eca00286251aa163
.exe windows:4 windows x86 arch:x86

5afc99ca3a218f4d86b9c8bff5b56ac0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

kernel32

CreateFileW
GetLastError
FindClose
DeviceIoControl
WaitForMultipleObjects
FindNextFileW
GetVolumeInformationW
CreateThread
TryEnterCriticalSection
Sleep
WriteFile
GetStdHandle
SetEndOfFile
SetFilePointerEx
ReadFile
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GlobalAlloc
GlobalFree
GetLogicalDrives
PeekNamedPipe
GetComputerNameW
SetEvent
TerminateThread
GetProcAddress
LoadLibraryA
CreateEventW
OpenProcess
GetFileType
GetModuleHandleA
DuplicateHandle
GetCurrentProcessId
ExitProcess
GetModuleHandleW
GetCommandLineW
CreatePipe
GetEnvironmentVariableW
CreateProcessW
GetSystemWindowsDirectoryW
WaitForSingleObject
GetLocaleInfoW
GetModuleFileNameW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateDirectoryW
GetFileAttributesW
SetErrorMode
GetDriveTypeW
FindFirstFileW
CloseHandle
DeleteCriticalSection
EnterCriticalSection
TerminateProcess
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
GetVersion
SetHandleInformation

user32

DialogBoxParamW
ShowWindow
MessageBoxW
SetWindowTextA
SendMessageW
EnableWindow
UnregisterHotKey
GetWindowThreadProcessId
RegisterHotKey
GetWindowTextLengthW
CloseClipboard
GetWindowTextA
EmptyClipboard
GetDlgItem
OpenClipboard
SetClipboardData
wsprintfW
GetShellWindow
SetTimer
PostMessageW
KillTimer
wsprintfA
SetWindowTextW
EndDialog

advapi32

CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptDecrypt
OpenProcessToken
GetTokenInformation
SetTokenInformation
DuplicateTokenEx
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptImportKey
CryptEncrypt

shell32

ord680
CommandLineToArgvW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
db3529a2d96f82af48dd8b93615cf89ee5e0c9fe84d70222b30adcb947602881
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fef96e503bb02c85e176305a0a42116eb9595c8c37151d3a740ed4a266694b5d
.exe windows:5 windows x64 arch:x64

8cf5b47d49fb58fce212153bcaed147e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFileAttributesW
GetFileTime
GetFileType
SetFileTime
RtlUnwindEx
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
UnlockFile
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetNumberOfConsoleInputEvents
GetCPInfoExW
RtlUnwind
SetFilePointerEx
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
GetFileSizeEx
LoadLibraryA
ResetEvent
GetVolumeInformationW
FreeResource
GetVersion
RaiseException
MoveFileW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
TerminateProcess
SetPriorityClass
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
GetDiskFreeSpaceExW
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
AllocConsole
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
LockFile
GetConsoleCP
PeekConsoleInputW
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
CreateMutexA
SetEvent
GetLocaleInfoW
CreateFileW
DeleteFileW
IsDBCSLeadByteEx
FreeConsole
GetLocalTime
WaitForSingleObject
WriteFile
FlushConsoleInputBuffer
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
GetThreadLocale
SetThreadLocale

wsock32

gethostbyaddr
WSAStartup
closesocket
socket

ws2_32

WSAIoctl

shell32

ShellExecuteW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharUpperBuffA
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
GetKeyboardLayoutList
MessageBoxW

iphlpapi

GetIpNetTable

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree
NetShareEnum

advapi32

RegSetValueExW
RegOpenKeyW
RegQueryValueExW
GetUserNameW
RegCloseKey
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 51KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 584B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 858KB - Virtual size: 858KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 612KB - Virtual size: 612KB

3b30f5cde12f20b02f5835300a694f8f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 324KB - Virtual size: 324KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 24KB - Virtual size: 441KB

.tls Size: 1KB - Virtual size: 1KB

.rsrc Size: 85KB - Virtual size: 84KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 208KB

UPX1 Size: 261KB - Virtual size: 264KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 404KB - Virtual size: 403KB

DATA Size: 7KB - Virtual size: 7KB

BSS Size: - Virtual size: 8KB

.idata Size: 5KB - Virtual size: 4KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 12KB - Virtual size: 12KB

.rsrc Size: 6KB - Virtual size: 6KB

7c12225efbd4c9393846dfdf3367530a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 325KB - Virtual size: 324KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 24KB - Virtual size: 441KB

.tls Size: 1KB - Virtual size: 1KB

.rsrc Size: 111KB - Virtual size: 111KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 824KB - Virtual size: 824KB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 68KB - Virtual size: 68KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 858KB - Virtual size: 858KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 612KB - Virtual size: 612KB

.text
Size: 324KB - Virtual size: 324KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 24KB - Virtual size: 441KB

.tls
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 85KB - Virtual size: 84KB

UPX0
Size: - Virtual size: 208KB

UPX1
Size: 261KB - Virtual size: 264KB

.rsrc
Size: 1KB - Virtual size: 4KB

CODE
Size: 404KB - Virtual size: 403KB

DATA
Size: 7KB - Virtual size: 7KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 5KB - Virtual size: 4KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 325KB - Virtual size: 324KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 24KB - Virtual size: 441KB

.tls
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 111KB - Virtual size: 111KB

.text
Size: 824KB - Virtual size: 824KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 68KB - Virtual size: 68KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 242KB - Virtual size: 242KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 10KB - Virtual size: 29KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: - Virtual size: 78KB

.ndata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 664B

.text
Size: 185KB - Virtual size: 184KB

.rsrc
Size: 166KB - Virtual size: 166KB

.reloc
Size: 512B - Virtual size: 12B