malware-samples-master[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

malware-samples-master.zip
Size

50.8MB
MD5

04ff5205025adf73e9ce2d5284a7c816
SHA1

4f92ea61f1535165724316b471903df8e3f1a3e4
SHA256

3b61757c276c9f823c8d49f5322338891335c6ea17649ba0b39e36237d5d399d
SHA512

6afe2e19df0d2efe7aef97096393f3e1ab05eeeac4117d0928c356034694b688efbc7d3568f7cc1093b5f4c4e2d22ed9d1dc333c2ecf44783b4bff9e77c0d836
SSDEEP

786432:V/CyJ98/pUEUjJprn7YTB/jddy/Dhrbe5uGYjd0AFOOho49+qjbXAyXyFzToRye3:VTW+jJpQdC1zG0+A0x49+QbAb/oNJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233.bin
unpack003/29c7e87350cb03428fc108b03856095b
unpack004/49cccd30a564410d1f9bbce89fa15890.bin
unpack005/b17911ddeab973db51362721c940d882
unpack006/02ca4397da55b3175aaa1ad2c99981e792f66151.bin
unpack007/022aeb126d2d80e683f7f2a3ee920874.bin
unpack008/smb-7teux2sm.exe
unpack009/smb-onil0o36.bin
unpack001/malware-samples-master/Ransomware/Grandcrab/grandcab.bin
unpack001/malware-samples-master/Ransomware/Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1)

Files

malware-samples-master.zip
.zip
malware-samples-master/Adylkuzz/8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233.zip
.zip

Password: infected
8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233.bin
.exe windows:5 windows x86 arch:x86

4ec91799cda08417c14bae94b6a450c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegisterServiceCtrlHandlerA
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

kernel32

CloseHandle
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

msvcrt

_chdir
__getmainargs

ws2_32

WSACleanup

wtsapi32

WTSSendMessageW

user32

CharUpperBuffW

Exports

Exports

luaJIT_BC_config
luaJIT_BC_hider
luaJIT_BC_install
luaJIT_BC_ltn12
luaJIT_BC_main
luaJIT_BC_md5
luaJIT_BC_mime
luaJIT_BC_miner
luaJIT_BC_process
luaJIT_BC_socket
luaJIT_BC_socket_headers
luaJIT_BC_socket_http
luaJIT_BC_socket_url
luaJIT_BC_sysinfo
luaJIT_BC_updater

Sections

.text
Size: - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.8010
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.8011
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
malware-samples-master/Allaple/29c7e87350cb03428fc108b03856095b.7z
.7z

Password: infected
29c7e87350cb03428fc108b03856095b
.exe windows:4 windows x86 arch:x86

39a0860437234a24f7bce09d3ee43fad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleInputExW
GlobalFindAtomA
IsValidCodePage
SetPriorityClass
GetComputerNameA
GetDefaultSortkeySize
FindResourceA
UnmapViewOfFile
CreateVirtualBuffer
TrimVirtualBuffer
ReplaceFileA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xrdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
malware-samples-master/Allaple/49cccd30a564410d1f9bbce89fa15890.zip
.zip

Password: infected
49cccd30a564410d1f9bbce89fa15890.bin
.exe windows:4 windows x86 arch:x86

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 41KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
malware-samples-master/Allaple/b17911ddeab973db51362721c940d882.7z
.7z

Password: infected
b17911ddeab973db51362721c940d882
.exe windows:4 windows x86 arch:x86

85cb861057f6a329c3b61e26fb713991

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DebugBreakProcess
GetACP
CommConfigDialogA
lstrcatA
AddVectoredExceptionHandler
OpenDataFile
GetStartupInfoW
SuspendThread
CreateFileA
lstrcpy
GetStringTypeExW
EnumSystemLocalesW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xrdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
malware-samples-master/Bitcoin miners/02ca4397da55b3175aaa1ad2c99981e792f66151.zip
.zip

Password: infected
02ca4397da55b3175aaa1ad2c99981e792f66151.bin
.exe windows:4 windows x86 arch:x86

87e83bda436138fd7844ecd76decc70d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

wininet

FtpFindFirstFileA
FtpGetFileA
FtpOpenFileA
FtpPutFileA
InternetCloseHandle
InternetConnectA
InternetFindNextFileA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindAtomA
FindResourceA
GetAtomNameA
GetCommandLineA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
LoadResource
LockResource
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteFile

msvcrt

_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_beginthread
_beginthreadex
_cexit
_endthread
_endthreadex
_ftime
_iob
_onexit
_setjmp
_setmode
abort
atexit
calloc
exit
fclose
fopen
fprintf
fputc
fputs
free
fscanf
fwrite
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
rand
realloc
signal
sprintf
srand
strcmp
strcpy
strlen
strncpy
strstr
vfprintf

shell32

ShellExecuteA

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
malware-samples-master/Downloader-CUZ/022aeb126d2d80e683f7f2a3ee920874.zip
.zip

Password: infected
022aeb126d2d80e683f7f2a3ee920874.bin
.exe windows:4 windows x86 arch:x86

2b018f96d7cda0b915d2c1dcb16595c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetSystemDirectoryA
LockResource
LoadResource
FindResourceA
CopyFileA
Sleep
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
WriteFile
LoadLibraryA
GetVersion
GetModuleFileNameA
TerminateThread
WaitForSingleObject
HeapFree
GetModuleHandleA
GetStringTypeW
GetStringTypeA
CloseHandle
CreateProcessA
lstrlenA
GetLastError
GetSystemTime
GetProcessHeap
HeapAlloc
lstrcpynA
GetTickCount
GetProcAddress
lstrcmpiA
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RtlUnwind
VirtualFree
HeapCreate
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy

user32

wsprintfA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
DeleteService
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
GetUserNameA

ws2_32

ntohs
inet_addr
WSAStartup
recv
WSAGetLastError
htons
sendto
ioctlsocket
connect
select
closesocket
gethostname
gethostbyname
socket
send

msvcrt

_beginthreadex
srand
rand
sprintf
_strupr
_endthreadex

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
malware-samples-master/Downloader-CUZ/smb-7teux2sm.zip
.zip

Password: infected
smb-7teux2sm.exe
.exe windows:4 windows x86 arch:x86

2b018f96d7cda0b915d2c1dcb16595c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetSystemDirectoryA
LockResource
LoadResource
FindResourceA
CopyFileA
Sleep
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
WriteFile
LoadLibraryA
GetVersion
GetModuleFileNameA
TerminateThread
WaitForSingleObject
HeapFree
GetModuleHandleA
GetStringTypeW
GetStringTypeA
CloseHandle
CreateProcessA
lstrlenA
GetLastError
GetSystemTime
GetProcessHeap
HeapAlloc
lstrcpynA
GetTickCount
GetProcAddress
lstrcmpiA
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RtlUnwind
VirtualFree
HeapCreate
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy

user32

wsprintfA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
DeleteService
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
GetUserNameA

ws2_32

ntohs
inet_addr
WSAStartup
recv
WSAGetLastError
htons
sendto
ioctlsocket
connect
select
closesocket
gethostname
gethostbyname
socket
send

msvcrt

_beginthreadex
srand
rand
sprintf
_strupr
_endthreadex

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
malware-samples-master/Downloader-CUZ/smb-onil0o36.zip
.zip

Password: infected
smb-onil0o36.bin
.exe windows:4 windows x86 arch:x86

2b018f96d7cda0b915d2c1dcb16595c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetSystemDirectoryA
LockResource
LoadResource
FindResourceA
CopyFileA
Sleep
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
WriteFile
LoadLibraryA
GetVersion
GetModuleFileNameA
TerminateThread
WaitForSingleObject
HeapFree
GetModuleHandleA
GetStringTypeW
GetStringTypeA
CloseHandle
CreateProcessA
lstrlenA
GetLastError
GetSystemTime
GetProcessHeap
HeapAlloc
lstrcpynA
GetTickCount
GetProcAddress
lstrcmpiA
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RtlUnwind
VirtualFree
HeapCreate
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy

user32

wsprintfA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
DeleteService
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
GetUserNameA

ws2_32

ntohs
inet_addr
WSAStartup
recv
WSAGetLastError
htons
sendto
ioctlsocket
connect
select
closesocket
gethostname
gethostbyname
socket
send

msvcrt

_beginthreadex
srand
rand
sprintf
_strupr
_endthreadex

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
malware-samples-master/EternalRocks/cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30.zip
.zip
malware-samples-master/Generic Trojan/149979213411fcac20f7cbc1a26e1521b80073aff05d4c0f967046ef5f23b13a.zip
.zip
malware-samples-master/Generic Trojan/5b2aa53001c0884222bebf931b8235e80cc798c46e3e28c5a4026ccd5590fabf.zip
.zip
malware-samples-master/Generic Trojan/786ab616239814616642ba4438df78a9.zip
.zip
malware-samples-master/Generic Trojan/fa73963e516d9be0cc8ae60d7a1cd8bc6ac01f464b2c772ddb97739d4d1ff38d.zip
.zip
malware-samples-master/Generic Trojan/smb-1bd_c8y5.7z
.7z
malware-samples-master/Generic Trojan/smb-b_8ti77_.zip
.zip
malware-samples-master/Generic Trojan/smb-id9dl67p.zip
.zip
malware-samples-master/Muldrop/smb-37n0gip7.7z
.7z
malware-samples-master/Muldrop/smb-e7_udot9.7z
.7z
malware-samples-master/Muldrop/smb-ncqut0ao.7z
.7z
malware-samples-master/Muldrop/smb-zlm7d8hi.7z
.7z
malware-samples-master/Pepex/Pepex-B.7z
.7z
malware-samples-master/Pepex/Pepex-M.7z
.7z
malware-samples-master/Pepex/Pepex-M2.7z
.7z
malware-samples-master/Pepex/Pepex-M3.7z
.7z
malware-samples-master/Pepex/Pepex-b2.7z
.7z
malware-samples-master/Pepex/Pepex-b3.7z
.7z
malware-samples-master/Pepex/Pepex-b4.7z
.7z
malware-samples-master/Pepex/Pepex-b5.7z
.7z
malware-samples-master/Pepex/Pepex-b6.7z
.7z
malware-samples-master/Pepex/Pepex-b7.7z
.7z
malware-samples-master/Pepex/smb-5ebgzza0.7z
.7z
malware-samples-master/Pepex/smb-__lltt96.7z
.7z
malware-samples-master/README.md
malware-samples-master/Ransomware/$ucyLocker/86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f.zip
.zip
malware-samples-master/Ransomware/1d4322dbad293847de14eca09bee5056eaede7ce178490e101642bf1f5875e37.zip
.zip
malware-samples-master/Ransomware/Grandcrab/grandcab.bin
.exe windows:5 windows x86 arch:x86

72d3be2a4396d0ac38f25e12d06c98ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ancesto\Release\Walter.pdb

Imports

kernel32

CreateEventW
WriteConsoleW
SetEndOfFile
SetStdHandle
FlushFileBuffers
GetStringTypeW
HeapSize
GetConsoleMode
GetConsoleCP
HeapReAlloc
LoadLibraryW
GetSystemTimeAsFileTime
GlobalAlloc
GetOverlappedResult
GlobalFree
GetCommandLineW
lstrlenW
lstrcpyA
WaitForSingleObject
CancelIoEx
CreateEventA
GetMailslotInfo
GetModuleHandleA
GetTempPathW
GetModuleFileNameW
VirtualLock
SetLastError
GetProcessHeap
HeapAlloc
OutputDebugStringA
GetCurrentProcess
GetTickCount
lstrlenA
EnumDateFormatsA
ExpandEnvironmentStringsW
GetModuleFileNameA
ReadFile
VirtualAlloc
IsBadReadPtr
SetFilePointer
WriteFile
GetLastError
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
WideCharToMultiByte
IsValidCodePage
GetOEMCP
CreateFileW
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
Sleep
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
CloseHandle
MultiByteToWideChar
TlsGetValue
TlsAlloc
EncodePointer
GetStdHandle
DecodePointer
ExitProcess
GetModuleHandleW
GetProcAddress
HeapCreate
GetStartupInfoW
HeapSetInformation
GetCommandLineA
RaiseException
CreateThread
ResumeThread
ExitThread
RtlUnwind
HeapFree

user32

EnumDisplaySettingsA
GetMonitorInfoA
LoadImageA
SendMessageA
BeginPaint
SystemParametersInfoA
EndPaint
DialogBoxParamA
GetParent
wsprintfA
MessageBoxA
DestroyWindow
CreateDialogParamW
GetDesktopWindow
GetWindowRect
SetDlgItemTextA
SetScrollRange
ReleaseDC
GetDC

gdi32

AddFontResourceExW
GetObjectA
CreateFontIndirectA
CombineRgn
GetTextMetricsW
TextOutW
MoveToEx
SelectObject
DeleteObject
BitBlt
GetStockObject
FillRgn

comdlg32

GetOpenFileNameA
CommDlgExtendedError
ChooseColorA

advapi32

ReportEventA
RegSetValueExW
IsTextUnicode
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidLengthRequired
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
RegOpenKeyExW
DeregisterEventSource
RegQueryInfoKeyA
RegSetValueExA
RegEnumValueA
RegDeleteValueA
RegCloseKey

shell32

CommandLineToArgvW

ole32

RegisterDragDrop
CreateStreamOnHGlobal

ws2_32

WSAEnumNetworkEvents
accept
WSAStartup
bind
socket
WSAEventSelect
htons

netapi32

NetUserModalsGet
NetApiBufferFree
NetWkstaUserGetInfo
DsGetDcNameA

userenv

GetGPOListA
FreeGPOListA

msacm32

acmFormatEnumA
acmFormatTagEnumA

shlwapi

PathFileExistsW
PathRemoveFileSpecW
StrPBrkA
PathIsDirectoryW

comctl32

CreateToolbarEx

secur32

GetUserNameExA

dbghelp

EnumerateLoadedModules

urlmon

FaultInIEFeature

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gcode
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
malware-samples-master/Ransomware/NotPetya/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745-20170707033827.zip
.zip
malware-samples-master/Ransomware/Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1)
.exe windows:5 windows x86 arch:x86

bf084102e13441ce39f8d51d9bf55857

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString
StringFromGUID2
OleUninitialize
OleInitialize
OleRun
OleSetContainedObject
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance

shell32

SHGetFolderPathW
FindExecutableA
Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteExA

wininet

InternetTimeFromSystemTime
InternetTimeToSystemTime
InternetCrackUrlA
HttpQueryInfoA
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetGetConnectedState
InternetErrorDlg
HttpSendRequestA
InternetOpenA
InternetCloseHandle

user32

IsChild
SetFocus
SetRect
GetWindowThreadProcessId
RegisterClassExA
GetFocus
GetAncestor
GetSystemMenu
GetWindowRect
GetParent
GetClientRect
SendMessageA
GetClassInfoExW
GetDC
TranslateMessage
RegisterClassExW
GetWindowLongW
ReleaseDC
EnableMenuItem
SetWindowLongW
GetDesktopWindow
SetWindowPos
CreateWindowExW
AdjustWindowRectEx
LoadCursorA
SetWindowLongA
GetWindowLongA
CreateWindowExA
MessageBoxA
CharNextA
DispatchMessageW
RegisterClassA
LoadImageA
GetSystemMetrics
DispatchMessageA
PostMessageA
AppendMenuA
CreatePopupMenu
ShowWindow
MsgWaitForMultipleObjectsEx
GetCursorPos
DefWindowProcA
IsWindowUnicode
SetWindowTextW
DefWindowProcW
wsprintfA
LoadStringA
DestroyWindow
GetMessageA
GetMessageW
PostQuitMessage
TrackPopupMenu
SetForegroundWindow
PeekMessageA

comctl32

InitCommonControlsEx

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
VerQueryValueA

kernel32

GetStdHandle
WriteConsoleW
GetConsoleMode
GetConsoleCP
GetFileType
GetStartupInfoW
HeapSetInformation
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
GetModuleFileNameW
HeapAlloc
HeapFree
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
SetStdHandle
HeapReAlloc
GetCPInfo
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExitThread
CreateDirectoryW
VirtualProtect
GetFullPathNameW
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapSize
GetLocaleInfoW
SetHandleCount
GetTimeZoneInformation
SetFilePointer
FlushFileBuffers
IsDebuggerPresent
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
lstrcmpA
GetModuleHandleA
FindResourceA
lstrlenA
GetModuleHandleExA
FreeLibrary
LoadResource
SetEndOfFile
InterlockedDecrement
GetCommandLineA
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
SizeofResource
SetDllDirectoryA
IsDBCSLeadByte
MultiByteToWideChar
lstrlenW
RaiseException
GetLastError
lstrcmpiA
GetProcAddress
GetModuleFileNameA
LoadLibraryExA
CreateMutexA
DeleteCriticalSection
CloseHandle
WaitForSingleObject
FormatMessageA
GetExitCodeProcess
LocalFree
DeleteFileA
SetEvent
CreateEventA
lstrcatA
ResetEvent
WaitForMultipleObjects
CreateThread
lstrcpyA
lstrcpynA
CreateFileA
WriteFile
Sleep
ReadFile
OpenEventA
GetSystemTime
GetCurrentProcess
GetTickCount
GetCurrentProcessId
GetTempPathA
SystemTimeToFileTime
FileTimeToSystemTime
MulDiv
InterlockedExchange
InterlockedExchangeAdd
LocalAlloc
GetCurrentThreadId
FormatMessageW
GetLocalTime
ExitProcess
GetLocaleInfoA
GetWindowsDirectoryA
OpenProcess
TerminateProcess
GetSystemDirectoryA
FindFirstFileA
FindClose
LoadLibraryA
LockResource
GetNativeSystemInfo
PeekNamedPipe
SetHandleInformation
CreateProcessA
CreateDirectoryA
GetProcessHeap
CreatePipe
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
MoveFileExA
GetFileAttributesA
FindNextFileA
OpenThread
GetExitCodeThread
GetModuleHandleExW
LoadLibraryW
LoadLibraryExW
ReleaseMutex
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileW
SetFilePointerEx
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedCompareExchange
GetStringTypeW
EncodePointer
DecodePointer
GetCurrentDirectoryW
GetFileInformationByHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
InterlockedIncrement
RemoveDirectoryA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyW
RegSetValueExA
CryptGetHashParam
RegQueryInfoKeyA
GetTokenInformation
CopySid
GetWindowsAccountDomainSid
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
RegQueryValueExA
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
RegEnumKeyA
OpenProcessToken

oleaut32

SysFreeString
VarUI4FromStr
VariantClear
SysAllocString
VariantCopy
VariantInit
VariantChangeType
GetErrorInfo
SysStringByteLen

shlwapi

ord12

gdi32

GetStockObject
GetDeviceCaps

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptStringToBinaryA
CryptBinaryToStringA
CryptProtectData
CryptUnprotectData

msi

ord141
ord168
ord160
ord158
ord115
ord159
ord117
ord8
ord44
ord204
ord189
ord67
ord31
ord137
ord91

Sections

.text
Size: 447KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
malware-samples-master/Ransomware/Satan/3Rd-LevelHexEatracted.7z
.7z
malware-samples-master/Ransomware/Satan/satan.zip
.zip
malware-samples-master/Ransomware/UIWIX/146581f0b3fbe00026ee3ebe68797b0e57f39d1d8aecc99fdc3290e9cfadc4fc.zip
.zip
malware-samples-master/Ransomware/Wannacry/32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.zip
.zip
malware-samples-master/Ransomware/Wannacry/697158bcade7373ccc9e52ea1171d780988fc845d2b696898654e18954578920.zip
.zip
malware-samples-master/Ransomware/Wannacry/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.bin.zip
.zip
malware-samples-master/Ransomware/Wannacry/mssecsvc_0c694193ceac8bfb016491ffb534eb7c.zip
.zip
malware-samples-master/Ransomware/Wannacry/mssecsvc_41b5ba4bf74e65845fa8c9861ca34508.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-0e89k3id.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-3kn32w1v.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-5cgc70g1.7z
.7z
malware-samples-master/Ransomware/Wannacry/smb-7rwkaozq.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-82rfim2h.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-b4tq2hti.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-d1674sc2.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-e0y16y2p.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-fvd4o59p.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-gab_1g0l.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-gv5k5anv.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-ij2n4cyd.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-jfpzku0b.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-kmnr7qja.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-lyqgstbu.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-oat1c4ef.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-oc35cajn.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-ojjfqxul.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-tkas_857.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-vasyl9yj.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-y16ftv9_.zip
.zip
malware-samples-master/Ransomware/Wannacry/smb-z7uhqxx6.zip
.zip
malware-samples-master/Rbot/Rbot-O.7z
.7z
malware-samples-master/Rbot/smb-2leu2nil.7z
.7z
malware-samples-master/Rbot/smb-ts5zof3r.7z
.7z
malware-samples-master/SdBot/28247211d1eb08370aa363f08821a653.zip
.zip
malware-samples-master/Shodi/smb-9ai6oshz.7z
.7z
malware-samples-master/Spam/Paypal/Paypal.zip
.zip
malware-samples-master/Virut/smb-qua22o4u.7z
.7z
malware-samples-master/Wannacry/please-read-me.txt
malware-samples-master/Wisdomeyes/WisdomEyes.7z
.7z
malware-samples-master/Wisdomeyes/smb-6j9cg2g0.7z
.7z
malware-samples-master/Wisdomeyes/smb-7888b9do.7z
.7z
malware-samples-master/Wisdomeyes/smb-k51j6zkj.7z
.7z
malware-samples-master/mitre-attack/Emotet+Trickbot_comparison.xlsx
.xlsx office2007
malware-samples-master/mitre-attack/readme.txt
malware-samples-master/trickbot/trickbot.zip
.zip
malware-samples-master/unknown/1e0b984832b2282e86d923947c0a9244.7z
.7z
malware-samples-master/unknown/414af3620d0843f07318a2a33f65667d.7z
.7z
malware-samples-master/unknown/46c7424076e7421298191c1e439c7ed8.7z
.7z
malware-samples-master/unknown/7f4fb8ae70a49ddeed8d345f7450ae63.7z
.7z
malware-samples-master/unknown/ae03b4ac7105106a369d07df9becb0e5.7z
.7z
malware-samples-master/unknown/c65dc9d1c7a06f8a5afc45aa2e3b4eb5.7z
.7z
malware-samples-master/unknown/e7a092ca8350fe0e6bebb27267a824bc.7z
.7z
malware-samples-master/unknown/fed2ea8543b72a736c3bd6ea0e396c7d.7z
.7z
malware-samples-master/unknown/smb-0dtc5kep.7z
.7z
malware-samples-master/unknown/smb-0py2u7vw.zip
.zip
malware-samples-master/unknown/smb-0vn57iyp.7z
.7z
malware-samples-master/unknown/smb-2ywt7r9f.7z
.7z
malware-samples-master/unknown/smb-5rt1elnb.zip
.zip
malware-samples-master/unknown/smb-8ecsvmjv.7z
.7z
malware-samples-master/unknown/smb-_amx9zoe.zip
.zip
malware-samples-master/unknown/smb-_arw2uf0.7z
.7z
malware-samples-master/unknown/smb-ab90761a.7z
.7z
malware-samples-master/unknown/smb-bcm9iigd.7z
.7z
malware-samples-master/unknown/smb-csjqyro3.7z
.7z
malware-samples-master/unknown/smb-gse1z2_a.7z
.7z
malware-samples-master/unknown/smb-i606fuxv.7z
.7z
malware-samples-master/unknown/smb-k7jfnwun.zip
.zip
malware-samples-master/unknown/smb-nt7kaalt.zip
.zip
malware-samples-master/unknown/smb-rjkugea7.7z
.7z
malware-samples-master/unknown/smb-t6hcv780.7z
.7z
malware-samples-master/unknown/smb-ymicgjlh.7z
.7z

Sharing

General

Malware Config

Signatures

Files

Password: infected

4ec91799cda08417c14bae94b6a450c8

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

ws2_32

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 309KB

.data Size: - Virtual size: 932B

.rdata Size: - Virtual size: 87KB

.eh_fram Size: - Virtual size: 3KB

.bss Size: - Virtual size: 5KB

.edata Size: - Virtual size: 468B

.idata Size: - Virtual size: 4KB

.CRT Size: - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.8010 Size: - Virtual size: 1.3MB

.8011 Size: 1.4MB - Virtual size: 1.4MB

Password: infected

39a0860437234a24f7bce09d3ee43fad

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 13KB - Virtual size: 13KB

rdata Size: - Virtual size: 64KB

.data Size: 42KB - Virtual size: 41KB

.xrdata Size: 20KB - Virtual size: 20KB

Password: infected

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 6KB - Virtual size: 6KB

rdata Size: - Virtual size: 72KB

.data Size: 41KB - Virtual size: 65KB

Password: infected

85cb861057f6a329c3b61e26fb713991

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 13KB - Virtual size: 13KB

rdata Size: - Virtual size: 64KB

.data Size: 42KB - Virtual size: 41KB

.xrdata Size: 20KB - Virtual size: 20KB

Password: infected

87e83bda436138fd7844ecd76decc70d

Headers

File Characteristics

Imports

wininet

kernel32

msvcrt

shell32

Sections

.text Size: 78KB - Virtual size: 77KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 10KB - Virtual size: 10KB

.eh_fram Size: 1024B - Virtual size: 1016B

.bss Size: - Virtual size: 18KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 28B

.tls Size: 512B - Virtual size: 32B

.text
Size: - Virtual size: 309KB

.data
Size: - Virtual size: 932B

.rdata
Size: - Virtual size: 87KB

.eh_fram
Size: - Virtual size: 3KB

.bss
Size: - Virtual size: 5KB

.edata
Size: - Virtual size: 468B

.idata
Size: - Virtual size: 4KB

.CRT
Size: - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.8010
Size: - Virtual size: 1.3MB

.8011
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 13KB - Virtual size: 13KB

rdata
Size: - Virtual size: 64KB

.data
Size: 42KB - Virtual size: 41KB

.xrdata
Size: 20KB - Virtual size: 20KB

.text
Size: 6KB - Virtual size: 6KB

rdata
Size: - Virtual size: 72KB

.data
Size: 41KB - Virtual size: 65KB

.text
Size: 13KB - Virtual size: 13KB

rdata
Size: - Virtual size: 64KB

.data
Size: 42KB - Virtual size: 41KB

.xrdata
Size: 20KB - Virtual size: 20KB

.text
Size: 78KB - Virtual size: 77KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 10KB - Virtual size: 10KB

.eh_fram
Size: 1024B - Virtual size: 1016B

.bss
Size: - Virtual size: 18KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 28B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 120KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 20KB - Virtual size: 18KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 120KB

.text
Size: 94KB - Virtual size: 93KB