99f7ff1ef4844873747a61ba3c5b8d4a

Sharing

Copy URL Twitter E-mail

General

Target

99f7ff1ef4844873747a61ba3c5b8d4a
Size

6.3MB
MD5

99f7ff1ef4844873747a61ba3c5b8d4a
SHA1

cacdd8edf6a2b4dd487b6ad45b5e3ee29b2b9d08
SHA256

6c50370da6bb3946c2d5c44c9e6c2ec5ce117ac44d049f102e27686ccc387ea7
SHA512

269916f988f63ddb60491bf8cdc9ddb9326e1f49b0e0d1775ae1eb829af0455f520c34c009ce6be3c433e3c9635fd748e22518dac7d3ca2cccce622c86734c60
SSDEEP

196608:s3j4D8atHsVYarGpBUO7s03GSxdqSgixiy:se8atHsq/128QSziy

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/trucha021/trucha.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/WiiScrubber140/MakeKeyBin.exe
unpack001/ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/WiiScrubber140/WIIScrubber.exe
unpack001/ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/trucha021/trucha.exe
unpack002/out.upx
unpack001/ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/trucha021/truchacipher.dll
unpack001/ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/trucha021/truchaio.dll

Files

99f7ff1ef4844873747a61ba3c5b8d4a
.rar .ps1 polyglot
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Font__en_GB/normal_00.brfnt
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Font__en_GB/normal_02.brfnt
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Font__en_GB/special_00.brfnt
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/DemoTitle.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/DoButton.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/EndRoll.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/FileSelect.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/GameOver.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/Map2D.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/MenuPause.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/MiniGame.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/MiniGameTime.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/SeekerStone.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/Shop.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/SoftwareKeyboard.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/System2D.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/Title2D.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/endFinish_03.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/gameOver_01.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/saveBannerJ.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Layout/strapE.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Object__en_GB/0-Common.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Object__en_GB/1-Town.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Object__en_GB/2-Forest.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Object__en_GB/3-Mountain.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Object__en_GB/4-Desert.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/EU__Object__en_GB/5-CenterField.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/Root/rels.arc
ZeldaSS_Rus_1.1_(PAL)_FILES/Zelda_Skyward_Sword_RUS_1.1_readme.txt
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/WiiScrubber140/FAQ.txt
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/WiiScrubber140/MakeKeyBin.exe
.exe windows:4 windows x86 arch:x86

81d856fcea7a0836d2964681629ed4d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord2514
ord2621
ord5265
ord4376
ord4853
ord6375
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord2297
ord2363
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord1200
ord6334
ord4274
ord4998
ord4673
ord1576

msvcrt

__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fwrite
fclose
__CxxFrameHandler
_setmbcp
fopen

kernel32

GetModuleHandleA
GetStartupInfoA

user32

AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
LoadIconA
SendMessageA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/WiiScrubber140/ReadMeFirst.txt
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/WiiScrubber140/WIIScrubber.exe
.exe windows:4 windows x86 arch:x86

de44980cd984c6f3d75af1ca413bb0a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
RaiseException
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
SetStdHandle
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
GetDriveTypeA
PeekNamedPipe
GetFileInformationByHandle
GetProfileStringA
GetFileType
CreateDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
HeapFree
HeapAlloc
TerminateProcess
ExitProcess
RtlUnwind
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetThreadLocale
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SizeofResource
GlobalFlags
lstrcpynA
WritePrivateProfileStringA
GetPrivateProfileIntA
CloseHandle
GlobalAlloc
lstrcmpA
GetCurrentThread
MulDiv
SetLastError
FormatMessageA
LocalFree
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
FreeEnvironmentStringsA
GetLastError

user32

CharUpperA
RegisterClipboardFormatA
PostThreadMessageA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
GetFocus
SetFocus
AdjustWindowRectEx
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
EnableWindow
PostMessageA
SendMessageA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
ScreenToClient
LoadMenuA
GetSubMenu
GetCursorPos
GetWindowRect
GetClientRect
IsIconic
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
GetMenuItemID
CharNextA
DrawIcon
GetSystemMetrics
GetSystemMenu
AppendMenuA
LoadIconA
PeekMessageA
TranslateMessage
DispatchMessageA
InvalidateRect
MessageBeep
DefDlgProcA
IsWindowUnicode
SetWindowLongA
InflateRect
GetSysColorBrush
LoadCursorA
GetDesktopWindow
PtInRect
GetClassNameA
DestroyMenu
LoadStringA
MapDialogRect
SetWindowContextHelpId
GetMessageA
ValidateRect
SetCursor
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetDC
ReleaseDC
GetWindow
GetMenuCheckMarkDimensions
GetKeyState
GetMenuState
LoadBitmapA

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
OffsetViewportOrgEx
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SetViewportOrgEx
SetMapMode
SetBkMode
SelectObject
RestoreDC
SaveDC
DeleteDC
PatBlt
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateFontIndirectA
GetObjectA
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
GetStockObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

comctl32

ord17
ImageList_Destroy

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize

olepro32

ord253

oleaut32

VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantClear

Sections

.text
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/WiiScrubber140/key.bin
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/WiiScrubber140/kkey.bin
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/WiiScrubber140/unscrubbing.txt
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/trucha021/main.dol
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/trucha021/readme.txt
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/trucha021/trucha.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 232KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 592B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/trucha021/truchacipher.dll
.dll windows:4 windows x86 arch:x86

5ceaf1bb473ce41ef5fcae5887a4b8df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

truchaio

io_read
io_write

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

__dllonexit
_errno
_iob
abort
fflush
fprintf
free
malloc
memcmp
memcpy
memset
printf

user32

MessageBoxA

Exports

Exports

SHA1Final
SHA1Init
SHA1Update
active_titlekey
datapartition_dfromdisk_etodisk
datapartition_dfrommem_etodisk
datapartition_efromdisk_dtodisk
datapartition_efromdisk_dtomem
set_abort_requested_callback

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/trucha021/truchaio.dll
.dll windows:4 windows x86 arch:x86

ab9fcd26888b78d14dd8dd5701d4b3ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CloseHandle
CreateFileA
FindAtomA
GetAtomNameA
GetFileSize
ReadFile
SetFilePointer
WriteFile

msvcrt

__dllonexit
_errno
_iob
abort
fflush
fprintf
free
malloc
memcpy
strlen
strncmp

Exports

Exports

io_close
io_get_size
io_open
io_read
io_write

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 368B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 301B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ZeldaSS_Rus_1.1_(PAL)_FILES/_Tools/trucha021/wiikeyset.reg

Sharing

General

Malware Config

Signatures

Files

81d856fcea7a0836d2964681629ed4d4

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 340B

.rsrc Size: 4KB - Virtual size: 3KB

de44980cd984c6f3d75af1ca413bb0a9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 284KB - Virtual size: 281KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 28KB - Virtual size: 42KB

.rsrc Size: 20KB - Virtual size: 18KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 232KB

UPX1 Size: 19KB - Virtual size: 20KB

.rsrc Size: 149KB - Virtual size: 152KB

Headers

File Characteristics

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 592B

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 200KB - Virtual size: 199KB

5ceaf1bb473ce41ef5fcae5887a4b8df

Headers

File Characteristics

Imports

truchaio

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 32B

.rdata Size: 10KB - Virtual size: 10KB

.bss Size: - Virtual size: 1KB

.edata Size: 1024B - Virtual size: 700B

.idata Size: 1024B - Virtual size: 652B

.reloc Size: 1KB - Virtual size: 1KB

ab9fcd26888b78d14dd8dd5701d4b3ff

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 340B

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 284KB - Virtual size: 281KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 28KB - Virtual size: 42KB

.rsrc
Size: 20KB - Virtual size: 18KB

UPX0
Size: - Virtual size: 232KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 149KB - Virtual size: 152KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 592B

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 200KB - Virtual size: 199KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 32B

.rdata
Size: 10KB - Virtual size: 10KB

.bss
Size: - Virtual size: 1KB

.edata
Size: 1024B - Virtual size: 700B

.idata
Size: 1024B - Virtual size: 652B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 512B - Virtual size: 288B

.bss
Size: - Virtual size: 368B

.edata
Size: 512B - Virtual size: 301B

.idata
Size: 1024B - Virtual size: 616B

.reloc
Size: 1024B - Virtual size: 576B