9abc09ad887c9ec6ff8c47c8891dade2

Sharing

Copy URL Twitter E-mail

General

Target

9abc09ad887c9ec6ff8c47c8891dade2
Size

4.6MB
MD5

9abc09ad887c9ec6ff8c47c8891dade2
SHA1

d7f484d1a16a1c3590a6a9dba3f0fb9ba8d58b9d
SHA256

0664c8d1eddd51671d5dd9f49e1f5a435a7f878f6ae7755c3546c999c981dd4e
SHA512

ec95120931ed2ce6035dadac92c6243744d7c36f47f68c654e841ebd608b1ba6e8ffce098d990d66b2306b064685bd169a74be8d3e30d986778a1fcbef3ca1d2
SSDEEP

98304:GDvDFsGnXCUY9ZZXMpW8MWgxqRXspgj5gT3gLFDvQ7q06ps:GDb+cCU+xMpvtG65gTuWBas

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7-zip32.dll
unpack001/Libbz2.dll
unpack001/Plugins/CDDAPlugin.dll
unpack001/Plugins/DcrawPlugin.dll
unpack001/Plugins/DescGraphics.dll
unpack001/Plugins/DescPlugin.dll
unpack001/Plugins/dcraw.dll
unpack001/USBCDDLL.dll
unpack001/UnACEV2.dll
unpack001/UnRAR.dll
unpack001/WhereIsIt.exe

Files

9abc09ad887c9ec6ff8c47c8891dade2
.rar
7-zip32.dll
.dll windows:4 windows x86 arch:x86

49ead5d6f5bdbe7ee2122e2b9c28c45f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFullPathNameW
GetExitCodeThread
WaitForSingleObject
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
GetCurrentProcessId
ResumeThread
lstrcpynA
GetTickCount
FileTimeToDosDateTime
FileTimeToSystemTime
LockResource
SizeofResource
LoadResource
FindResourceA
SetFileApisToOEM
SetFileApisToANSI
AreFileApisANSI
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
FreeLibrary
LoadLibraryA
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
GetWindowsDirectoryW
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetVersionExA
CloseHandle
GetCurrentDirectoryA
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathA
SearchPathW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetCurrentProcess
CompareFileTime
GetSystemInfo
GetStdHandle
WaitForMultipleObjects
LocalFileTimeToFileTime
DosDateTimeToFileTime
OpenEventA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
SystemTimeToFileTime
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
VirtualAlloc
VirtualFree
CreateEventA
SetEvent
ResetEvent
FileTimeToLocalFileTime
ReleaseSemaphore
InitializeCriticalSection
GetFullPathNameA
CreateSemaphoreA

user32

InvalidateRect
LoadIconA
CheckDlgButton
CharUpperA
CharUpperW
MoveWindow
EndDialog
EnumWindows
CharPrevExA
GetWindow
GetLastActivePopup
wsprintfA
SendDlgItemMessageA
LoadStringA
SetWindowTextA
ShowWindow
ScreenToClient
GetSystemMetrics
DestroyWindow
IsDlgButtonChecked
EnableWindow
DialogBoxParamA
RegisterWindowMessageA
DialogBoxParamW
DrawTextExW
GetDC
GetClientRect
GetDlgItem
DrawTextExA
ReleaseDC
GetWindowTextLengthA
GetWindowTextLengthW
GetDlgItemTextW
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemTextW
GetDesktopWindow
CreateDialogParamW
CreateDialogParamA
SetWindowPos
GetWindowRect
SystemParametersInfoA
TranslateMessage
GetMessageA
IsDialogMessageA
SetWindowLongA
DispatchMessageA
PostMessageA
SendMessageA
GetWindowLongA
SendMessageW
CharLowerA
GetWindowThreadProcessId
CharLowerW

gdi32

SelectObject

shell32

SHGetFileInfoA

oleaut32

VariantCopy
VariantClear
SysFreeString
SysAllocString

msvcrt

_isatty
_fileno
_initterm
?terminate@@YAXXZ
_adjust_fdiv
__dllonexit
??1type_info@@UAE@XZ
_onexit
memcpy
_except_handler3
fclose
wcsncpy
_iob
wcslen
strncpy
_wcsicmp
memmove
malloc
free
swprintf
_wcsdup
memset
memcmp
sprintf
_beginthreadex
strlen
strcspn
_CxxThrowException
__CxxFrameHandler
_purecall

Exports

Exports

SevenZip
SevenZipCheckArchive
SevenZipClearOwnerWindow
SevenZipCloseArchive
SevenZipConfigDialog
SevenZipFindFirst
SevenZipFindNext
SevenZipGetArcAccessTimeEx
SevenZipGetArcCompressedSize
SevenZipGetArcCompressedSizeEx
SevenZipGetArcCreateTimeEx
SevenZipGetArcDate
SevenZipGetArcFileName
SevenZipGetArcFileSize
SevenZipGetArcFileSizeEx
SevenZipGetArcOSType
SevenZipGetArcOriginalSize
SevenZipGetArcOriginalSizeEx
SevenZipGetArcRatio
SevenZipGetArcTime
SevenZipGetArcWriteTimeEx
SevenZipGetArchiveType
SevenZipGetAttribute
SevenZipGetBackGroundMode
SevenZipGetCRC
SevenZipGetCompressedSize
SevenZipGetCompressedSizeEx
SevenZipGetCursorInterval
SevenZipGetCursorMode
SevenZipGetDate
SevenZipGetFileCount
SevenZipGetFileName
SevenZipGetMethod
SevenZipGetOSType
SevenZipGetOriginalSize
SevenZipGetOriginalSizeEx
SevenZipGetRatio
SevenZipGetRunning
SevenZipGetSubVersion
SevenZipGetTime
SevenZipGetVersion
SevenZipGetWriteTime
SevenZipGetWriteTimeEx
SevenZipIsSFXFile
SevenZipKillOwnerWindowEx
SevenZipKillOwnerWindowEx64
SevenZipOpenArchive
SevenZipQueryFunctionList
SevenZipSetBackGroundMode
SevenZipSetCursorInterval
SevenZipSetCursorMode
SevenZipSetOwnerWindow
SevenZipSetOwnerWindowEx
SevenZipSetOwnerWindowEx64
SevenZipSetUnicodeMode

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Catalogs/Sample.ctf
Catalogs/新云软件.url
.url
English.lng
FAQ.txt
HTML Templates/Default.html
HTML Templates/OldStyle.html
HTML Templates/ThumbView.html
History.txt
Libbz2.dll
.dll windows:4 windows x86 arch:x86

ff85eb199ab4b34429ba6cf3e0179101

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsSetValue
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
GetLastError
WriteFile
FlushFileBuffers
ReadFile
CloseHandle
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCurrentThreadId
EnterCriticalSection
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
SetFilePointer
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
SetEndOfFile

Exports

Exports

BZ2_bzBuffToBuffCompress
BZ2_bzBuffToBuffDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit
BZ2_bzRead
BZ2_bzReadClose
BZ2_bzReadGetUnused
BZ2_bzReadOpen
BZ2_bzWrite
BZ2_bzWriteClose
BZ2_bzWriteClose64
BZ2_bzWriteOpen
BZ2_bzclose
BZ2_bzdopen
BZ2_bzerror
BZ2_bzflush
BZ2_bzlibVersion
BZ2_bzopen
BZ2_bzread
BZ2_bzwrite

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.txt
Order.txt
Plugins/CDDAPlugin.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DoneDescImport
ImportDesc_DiskInfoEx
ImportDesc_SameFileEx
InitDescImport
InitVCLPlugin
ModuleInfoEx
PluginCapabilitiesProc
PluginDefaultStateProc
RegisterDescPlugins
RequestServiceList

Sections

CODE
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 341B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/CDDAPlugin.txt
Plugins/DcrawPlugin.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ImportThumbnailProcEx
InitVCLPlugin
ModuleInfoEx
RegisterDescPlugins
RequestServiceList

Sections

CODE
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/DcrawPlugin.txt
Plugins/DescGraphics.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DoneDescImport
GetRuntimePluginInfo
ImportCustomIconProcEx
ImportDesc_DiskInfoEx
ImportDesc_FolderEx
ImportDesc_SameFileEx
ImportThumbnailProcEx
InitDescImport
InitVCLPlugin
ModuleInfoEx
PluginCapabilitiesProc
PluginDefaultStateProc
RegisterDescPlugins
RegisterRuntimePlugins
RequestServiceList
ValidateRuntimePlugin

Sections

CODE
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/DescGraphics.txt
Plugins/DescPlugin.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FormatDescriptionEx
FormatFileNameEx
ImportDesc_ItemListEx
ImportDesc_ParentItemEx
ImportDesc_SameFileEx
InitDescImport
InitVCLPlugin
ModuleInfoEx
PluginCapabilitiesProc
PluginDefaultStateProc
RegisterDescPlugins
RequestServiceList
ValidateDiskPlugin

Sections

CODE
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/DescPlugin.txt
Plugins/dcraw.dll
.dll windows:4 windows x86 arch:x86

13dc12f62333d5d6745f819e71eb430a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
DeleteFileA
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentDirectoryA
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

wsock32

htonl
htons
ntohl
ntohs

gdi32

SetDIBits

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

DecodeRawFile
FinalizeDecodeRawFile
SetParams
___CPPdebugHook
create_24bit_bitmap

Sections

.text
Size: 220KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Readme.txt
USBCDDLL.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CloseUSBCDLibrary
CloseUSBCDLibrary@0
EnumDevice
EnumDevice@4
GetDeviceNumber
GetDeviceNumber@0
InitUSBCDLibrary
InitUSBCDLibrary@0
SetCDCallbackProc
SetCDCallbackProc@4
USBCDGetCDDown
USBCDGetCDDown@4
USBCDGetCDUp
USBCDGetCDUp@4
USBCDGetStatus
USBCDGetStatus@4
USBCDLEDOFF
USBCDLEDOFF@4
USBCDLEDON
USBCDLEDON@4
USBCDMoveto
USBCDMoveto@8
USBCDReset
USBCDReset@4

Sections

CODE
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 655B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UnACEV2.dll
.dll windows:1 windows x86 arch:x86

8390514c40641509cd0941c1fb7588ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA
ShellExecuteExA

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
DeviceIoControl
DisableThreadLibraryCalls
DosDateTimeToFileTime
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeConsole
GetCommandLineA
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetVersion
GetVolumeInformationA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
PeekConsoleInputA
ReadConsoleInputA
ReadConsoleOutputAttribute
ReadConsoleOutputA
ReadFile
RemoveDirectoryA
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetStdHandle
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteConsoleOutputA
WriteConsoleOutputCharacterA
WriteFile

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

CreateFontA
DeleteObject

user32

CharToOemBuffA
CreateDialogParamA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
GetDlgItem
GetDlgItemTextA
GetKeyState
GetWindowTextA
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MessageBeep
MessageBoxA
OemToCharBuffA
PeekMessageA
SendDlgItemMessageA
SetCursor
SetDlgItemTextA
SetFocus
SetTimer
SetWindowTextA
ShowCursor
ShowWindow
TranslateMessage

Exports

Exports

ACEExtract
ACEInitDll
ACEList
ACEReadArchiveData
ACETest
___DllMainCRTStartup@12

Sections

AUTO
Size: 59KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 210KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UnRAR.dll
.dll windows:4 windows x86 arch:x86

b4d076238051fcc22607f17c728e83bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemTime
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByte
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
Sleep
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
___CPPdebugHook

Sections

.text
Size: 138KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WhereIsIt.chm
.chm
WhereIsIt.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 1.3MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 30KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 570KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 873KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WhereIsIt.url

Sharing

General

Malware Config

Signatures

Files

49ead5d6f5bdbe7ee2122e2b9c28c45f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

oleaut32

msvcrt

Exports

Exports

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 14KB - Virtual size: 36KB

.rsrc Size: 59KB - Virtual size: 59KB

.reloc Size: 20KB - Virtual size: 19KB

ff85eb199ab4b34429ba6cf3e0179101

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 20KB - Virtual size: 22KB

.reloc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 143KB - Virtual size: 143KB

DATA Size: 7KB - Virtual size: 7KB

BSS Size: - Virtual size: 11KB

.idata Size: 4KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 341B

.reloc Size: 10KB - Virtual size: 9KB

.rsrc Size: 13KB - Virtual size: 13KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 86KB - Virtual size: 85KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 194B

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 10KB - Virtual size: 10KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 1.0MB - Virtual size: 1.0MB

DATA Size: 35KB - Virtual size: 35KB

BSS Size: - Virtual size: 18KB

.idata Size: 10KB - Virtual size: 10KB

.edata Size: 1024B - Virtual size: 534B

.reloc Size: 59KB - Virtual size: 59KB

.rsrc Size: 176KB - Virtual size: 176KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 389KB - Virtual size: 389KB

DATA Size: 22KB - Virtual size: 22KB

BSS Size: - Virtual size: 11KB

.idata Size: 5KB - Virtual size: 4KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 14KB - Virtual size: 36KB

.rsrc
Size: 59KB - Virtual size: 59KB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 20KB - Virtual size: 22KB

.reloc
Size: 4KB - Virtual size: 3KB

CODE
Size: 143KB - Virtual size: 143KB

DATA
Size: 7KB - Virtual size: 7KB

BSS
Size: - Virtual size: 11KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 341B

.reloc
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 13KB - Virtual size: 13KB

CODE
Size: 86KB - Virtual size: 85KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 194B

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 10KB - Virtual size: 10KB

CODE
Size: 1.0MB - Virtual size: 1.0MB

DATA
Size: 35KB - Virtual size: 35KB

BSS
Size: - Virtual size: 18KB

.idata
Size: 10KB - Virtual size: 10KB

.edata
Size: 1024B - Virtual size: 534B

.reloc
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 176KB - Virtual size: 176KB

CODE
Size: 389KB - Virtual size: 389KB

DATA
Size: 22KB - Virtual size: 22KB

BSS
Size: - Virtual size: 11KB

.idata
Size: 5KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 436B

.reloc
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 220KB - Virtual size: 224KB

.data
Size: 40KB - Virtual size: 256KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 13KB - Virtual size: 16KB

CODE
Size: 250KB - Virtual size: 249KB

DATA
Size: 3KB - Virtual size: 3KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 7KB

.edata
Size: 1024B - Virtual size: 655B

.reloc
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 12KB

AUTO
Size: 59KB - Virtual size:

.idata
Size: 4KB - Virtual size:

DGROUP
Size: 4KB - Virtual size:

.bss
Size: 210KB - Virtual size:

.edata
Size: 512B - Virtual size:

.reloc
Size: 5KB - Virtual size:

.rsrc
Size: 1KB - Virtual size:

.text
Size: 138KB - Virtual size: 140KB

.data
Size: 16KB - Virtual size: 56KB

.tls
Size: 512B - Virtual size: 4KB