788ca97a5c94e9baad54bdc58c66d6e2

Sharing

Copy URL Twitter E-mail

Reason

zip: not a valid zip file

General

Target

788ca97a5c94e9baad54bdc58c66d6e2
Size

3.3MB
MD5

788ca97a5c94e9baad54bdc58c66d6e2
SHA1

3f794444dfa6ab547608028487ae072d9d3b4f8b
SHA256

09a81bfdb09a08c2d0925b9a2a73e0a26a293d2aa1c80d3d78aac31183412d3a
SHA512

f5b587cc0fa76ed2e8b890d1eec564b1bf7ebab84261ebd0bd76bb84b642f35abda54eb149bfce27626d9b1d58f30cc051e564f817f6a09541307861ea42169b
SSDEEP

49152:GNpjQNicnCEQKjCrjK89NJwBox73Xy89Wv9p/hWZb9WlcccI47AhIcXbeBit/h8n:GneBgrkwHyKArhIRW6LWFXwR3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/JVMLoader.exe	upx
static1/unpack001/cmdow.exe	upx
static1/unpack001/es_clipboard_monitor.exe	upx
static1/unpack001/es_file_system_processor.exe	upx
static1/unpack001/es_findprocess.exe	upx
static1/unpack001/es_killprocess.exe	upx

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
788ca97a5c94e9baad54bdc58c66d6e2
unpack001/JVMLoader.dll
unpack001/JVMLoader.exe
unpack002/out.upx
unpack001/clib_jiio.dll
unpack001/cmdow.exe
unpack003/out.upx
unpack001/es_clipboard_monitor.exe
unpack004/out.upx
unpack001/es_disable_clipboard_monitor.exe
unpack001/es_file_system_monitor.exe
unpack001/es_file_system_processor.exe
unpack005/out.upx
unpack001/es_findprocess.exe
unpack006/out.upx
unpack001/es_killprocess.exe
unpack007/out.upx

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/es_disable_clipboard_monitor.exe	nsis_installer_1

Files

788ca97a5c94e9baad54bdc58c66d6e2
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Clipboard Monitor Engine.xml
Database Engine.xml
Database Import Engine.xml
ES_CLIPBOARD_MONITOR.INI
ES_FILE_SYSTEM_MONITOR.INI
ES_FILE_SYSTEM_PROCESSOR.INI
ES_LOG_SUBMIT.INI
ES_PRINTER_DRIVER_ENGINE_SETTINGS.INI
ES_PRINTER_DRIVER_LAUNCHER_ENGINE.INI
Email Engine.xml
Everlast Software Homepage.url
.url
Everlast Software Register Hyper Text Transfer Protocol Engine.xml
Everlast Software Submit Hyper Text Transfer Protocol Engine.xml
Everlast Software Update Hyper Text Transfer Protocol Engine.xml
File System Monitor Engine.xml
File Transfer Protocol Engine.xml
GUI Engine.xml
Hyper Text Transfer Protocol Engine.xml
Image Directory Import Engine.xml
JVMLoader.dll
.dll windows:4 windows x86 arch:x86

25ba017687d783db828b689d03b0bf05

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
GetLastError
HeapFree
ExitProcess
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
WriteFile
GetStdHandle
SetEndOfFile
InitializeCriticalSection
SetStdHandle
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoA
Sleep
CloseHandle
MultiByteToWideChar
ReadFile
RtlUnwind
GetFullPathNameA
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
HeapSize
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
FlushFileBuffers
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

DestroyJVM
LoadJVM
RunClass

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
JVMLoader.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Large Buffer Protocol Engine.xml
Network Engine.xml
Order ES Image Printer Driver.url
.url
PDFRenderer.jar
.jar .pdf polyglot
Printer Driver Engine.xml
Printer Driver Launcher Engine.xml
Remote Storage Engine.xml
SOAP Engine.xml
SOAP Hyper Text Transfer Protocol Engine.xml
activation.jar
.jar
addport.bat
bcprov-jdk14-119.jar
.jar
clib_jiio.dll
.dll windows:4 windows x86 arch:x86

6b1b91900cd9bea314ecd5f9665083fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_errno
free
memcpy
memset
exit
abs
ftell
strcpy
malloc
strlen
sprintf
fwrite
fread
fclose
vsprintf
fflush
fopen
fseek
fputc
_ftol
tmpnam
strcat
floor
realloc
fabs
memmove
cos
sin
feof
calloc
_initterm
_adjust_fdiv
rewind
sqrt
_write
_fileno
_fdopen
_unlink
_open
_read
_lseek
_close

kernel32

DisableThreadLibraryCalls

Exports

Exports

Java_com_sun_medialib_codec_g3fax_Decoder_G3FAXDecode
Java_com_sun_medialib_codec_g3fax_Decoder_G3FAXDecodeLine
Java_com_sun_medialib_codec_g3fax_Decoder_G3FAXDecoderFini
Java_com_sun_medialib_codec_g3fax_Decoder_G3FAXDecoderInit
Java_com_sun_medialib_codec_g3fax_Encoder_G3FAXEncode
Java_com_sun_medialib_codec_g3fax_Encoder_G3FAXEncodeLine
Java_com_sun_medialib_codec_g3fax_Encoder_G3FAXEncoderFini
Java_com_sun_medialib_codec_g3fax_Encoder_G3FAXEncoderInit
Java_com_sun_medialib_codec_g4fax_Decoder_G4FAXDecode
Java_com_sun_medialib_codec_g4fax_Decoder_G4FAXDecodeLine
Java_com_sun_medialib_codec_g4fax_Decoder_G4FAXDecoderFini
Java_com_sun_medialib_codec_g4fax_Decoder_G4FAXDecoderInit
Java_com_sun_medialib_codec_g4fax_Encoder_G4FAXEncode
Java_com_sun_medialib_codec_g4fax_Encoder_G4FAXEncodeLine
Java_com_sun_medialib_codec_g4fax_Encoder_G4FAXEncoderFini
Java_com_sun_medialib_codec_g4fax_Encoder_G4FAXEncoderInit
Java_com_sun_medialib_codec_jiio_Util_Reformat
Java_com_sun_medialib_codec_jp2k_Decoder_decode
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1box
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1box_1size
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1comp_1params
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1comp_1size
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1free
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1get_1version
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1init
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1nilrates
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1params
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1set_1maxlvls
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1set_1maxlyrs
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1set_1maxpkts
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1set_1mode
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1set_1rate
Java_com_sun_medialib_codec_jp2k_Decoder_decode_1size
Java_com_sun_medialib_codec_jp2k_Encoder_encode
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1box
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1comp_1params
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1free
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1get_1comp_1params
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1get_1nilrates
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1get_1params
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1get_1version
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1init
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1params
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1rate
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1set_1mode
Java_com_sun_medialib_codec_jp2k_Encoder_encode_1size
Java_com_sun_medialib_codec_jpeg_Decoder_nGetDepth
Java_com_sun_medialib_codec_jpeg_Decoder_nGetLength
Java_com_sun_medialib_codec_jpeg_Decoder_nGetMode
Java_com_sun_medialib_codec_jpeg_Decoder_nGetRate
Java_com_sun_medialib_codec_jpeg_Decoder_nGetSize
Java_com_sun_medialib_codec_jpeg_Decoder_nGetType
Java_com_sun_medialib_codec_jpeg_Decoder_nSetData
Java_com_sun_medialib_codec_jpeg_Decoder_nSetFilter
Java_com_sun_medialib_codec_jpeg_Decoder_nSetFormat
Java_com_sun_medialib_codec_jpeg_Decoder_njpeg_1decode
Java_com_sun_medialib_codec_jpeg_Decoder_njpeg_1decode_1free
Java_com_sun_medialib_codec_jpeg_Decoder_njpeg_1decode_1init
Java_com_sun_medialib_codec_jpeg_Encoder_nSetDepth
Java_com_sun_medialib_codec_jpeg_Encoder_nSetExtend
Java_com_sun_medialib_codec_jpeg_Encoder_nSetHuffman
Java_com_sun_medialib_codec_jpeg_Encoder_nSetMode
Java_com_sun_medialib_codec_jpeg_Encoder_nSetPredictor
Java_com_sun_medialib_codec_jpeg_Encoder_nSetQuality
Java_com_sun_medialib_codec_jpeg_Encoder_nSetRate
Java_com_sun_medialib_codec_jpeg_Encoder_nSetStream
Java_com_sun_medialib_codec_jpeg_Encoder_njpeg_1encode
Java_com_sun_medialib_codec_jpeg_Encoder_njpeg_1encode_1free
Java_com_sun_medialib_codec_jpeg_Encoder_njpeg_1encode_1init
Java_com_sun_medialib_codec_png_Decoder_SetData
Java_com_sun_medialib_codec_png_Decoder_createImage
Java_com_sun_medialib_codec_png_Decoder_decode
Java_com_sun_medialib_codec_png_Decoder_decode_1free
Java_com_sun_medialib_codec_png_Decoder_decode_1init
Java_com_sun_medialib_codec_png_Decoder_getBackground
Java_com_sun_medialib_codec_png_Decoder_getBitDepth
Java_com_sun_medialib_codec_png_Decoder_getChromaticities
Java_com_sun_medialib_codec_png_Decoder_getEmbeddedICCProfile
Java_com_sun_medialib_codec_png_Decoder_getHistogram
Java_com_sun_medialib_codec_png_Decoder_getImageGamma
Java_com_sun_medialib_codec_png_Decoder_getInterlaceMethod
Java_com_sun_medialib_codec_png_Decoder_getLastModificationTime
Java_com_sun_medialib_codec_png_Decoder_getPalette
Java_com_sun_medialib_codec_png_Decoder_getPhysPixelDimensions
Java_com_sun_medialib_codec_png_Decoder_getSignificantBits
Java_com_sun_medialib_codec_png_Decoder_getStandardRGB
Java_com_sun_medialib_codec_png_Decoder_getSuggestedPalette
Java_com_sun_medialib_codec_png_Decoder_getTextualData
Java_com_sun_medialib_codec_png_Decoder_getTransparency
Java_com_sun_medialib_codec_png_Decoder_getUserData
Java_com_sun_medialib_codec_png_Decoder_setUnroll
Java_com_sun_medialib_codec_png_Encoder_encode
Java_com_sun_medialib_codec_png_Encoder_encode_1init
Java_com_sun_medialib_codec_png_Encoder_setBackground
Java_com_sun_medialib_codec_png_Encoder_setBitDepth
Java_com_sun_medialib_codec_png_Encoder_setCompressedTextualData
Java_com_sun_medialib_codec_png_Encoder_setCompressionLevel
Java_com_sun_medialib_codec_png_Encoder_setEmbeddedICCProfile
Java_com_sun_medialib_codec_png_Encoder_setHistogram
Java_com_sun_medialib_codec_png_Encoder_setIDATSize
Java_com_sun_medialib_codec_png_Encoder_setImageGamma
Java_com_sun_medialib_codec_png_Encoder_setLastModificationTime
Java_com_sun_medialib_codec_png_Encoder_setPalette
Java_com_sun_medialib_codec_png_Encoder_setPhysicalPixelDimensions
Java_com_sun_medialib_codec_png_Encoder_setPrimaryChromaticities
Java_com_sun_medialib_codec_png_Encoder_setSignificantBits
Java_com_sun_medialib_codec_png_Encoder_setStandardRGB
Java_com_sun_medialib_codec_png_Encoder_setStrategy
Java_com_sun_medialib_codec_png_Encoder_setSuggestedPalette
Java_com_sun_medialib_codec_png_Encoder_setTextualData
Java_com_sun_medialib_codec_png_Encoder_setTransparency
Java_com_sun_medialib_codec_png_Encoder_setTransparencyPlt
Java_com_sun_medialib_codec_png_Encoder_setUnicodeTextualData
Java_com_sun_medialib_codec_png_Encoder_setUserData

Sections

.text
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clibwrapper_jiio.jar
.jar
cmdow.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cmdow_readme.txt
cp.vbs
.vbs
es_clipboard_monitor.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
es_disable_clipboard_monitor.exe
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
es_file_system_monitor.exe
.exe windows:5 windows x86 arch:x86

7979df36790390bcb483ed649bf57b5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

jvmloader

ord1

kernel32

FreeLibrary
CloseHandle
OpenProcess
GetProcAddress
LoadLibraryA
GetVersionExA
GetPrivateProfileStringA
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
InitializeCriticalSectionAndSpinCount
RtlUnwind

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
es_file_system_processor.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
es_findprocess.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
es_image_printer_driver.jar
es_killprocess.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 5KB - Virtual size: 5KB

25ba017687d783db828b689d03b0bf05

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 32KB

UPX1 Size: 11KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 480B

6b1b91900cd9bea314ecd5f9665083fa

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 812KB - Virtual size: 811KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 16KB - Virtual size: 13KB

.reloc Size: 12KB - Virtual size: 9KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 13KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 25KB - Virtual size: 26KB

.rsrc Size: 2KB - Virtual size: 1KB

Headers

File Characteristics

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 480B

.text
Size: 812KB - Virtual size: 811KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 16KB - Virtual size: 13KB

.reloc
Size: 12KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 25KB - Virtual size: 26KB

.rsrc
Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 31KB

.rsrc
Size: 4KB - Virtual size: 928B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 31KB

.rsrc
Size: 4KB - Virtual size: 928B

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 4KB