6576551235240bf986f1006b - Copy[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

6576551235240bf986f1006b - Copy.zip
Size

23.2MB
MD5

402d96c04563b4cad378d35ea9ee8320
SHA1

78bd6ace3971382889a1721680f5d5d2c78db0d0
SHA256

fd43eb3da408310584b45452e803d26fabd25b48d424582f5faa9f1988315bfe
SHA512

f2b36574aaecc4d3bdd3927ca8294299c7ecbbdffb0ea407fc73229d76393f214623e3deb246a8c649880ead442453fea78fce76fd5332c20eb6ce3abaf379f8
SSDEEP

98304:GuuAkpoxKGrRFdUAKR/yU4k8KtLN91V/WFFvUn02mk8KtLN91GUAKR/NUEav6RkP:GuPkpEKGrDWPLP/WrfaLPNUEav6RkQO

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6576551235240bf986f1006b - Copy/hello.exe
unpack001/6576551235240bf986f1006b - Copy/schoolbell.exe
unpack001/6576551235240bf986f1006b - Copy/schoolbell_client.exe
unpack001/6576551235240bf986f1006b - Copy/schoolbell_crashreport.exe
unpack001/6576551235240bf986f1006b - Copy/uninstall.exe

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_2
static1/unpack001/6576551235240bf986f1006b - Copy/uninstall.exe	nsis_installer_1
static1/unpack001/6576551235240bf986f1006b - Copy/uninstall.exe	nsis_installer_2

Files

6576551235240bf986f1006b - Copy.zip
.zip
6576551235240bf986f1006b - Copy/Sb_cd_160.JPG
.jpg
6576551235240bf986f1006b - Copy/SchoolBell-Konfiguration.scfg
6576551235240bf986f1006b - Copy/anleitung_ausgabe.bmp
6576551235240bf986f1006b - Copy/anleitung_ausgabe.jpg
.jpg
6576551235240bf986f1006b - Copy/anleitung_exceltabelle.bmp
6576551235240bf986f1006b - Copy/anleitung_exceltabelle.jpg
.jpg
6576551235240bf986f1006b - Copy/anleitung_infoseite.bmp
6576551235240bf986f1006b - Copy/anleitung_infoseite.jpg
.jpg
6576551235240bf986f1006b - Copy/anleitung_tabelle.bmp
6576551235240bf986f1006b - Copy/anleitung_tabelle.jpg
.jpg
6576551235240bf986f1006b - Copy/anleitung_tontabelle.bmp
6576551235240bf986f1006b - Copy/anleitung_tontabelle.jpg
.jpg
6576551235240bf986f1006b - Copy/anleitung_wochetage.bmp
6576551235240bf986f1006b - Copy/anleitung_wochetage.jpg
.jpg
6576551235240bf986f1006b - Copy/anleitung_zeiteingabe.bmp
6576551235240bf986f1006b - Copy/anleitung_zeiteingabe.jpg
.jpg
6576551235240bf986f1006b - Copy/beispiel.scfg
6576551235240bf986f1006b - Copy/cfg.eng
6576551235240bf986f1006b - Copy/cfg.ger
6576551235240bf986f1006b - Copy/detectlanguage
6576551235240bf986f1006b - Copy/example.scfg
6576551235240bf986f1006b - Copy/hello.exe
.exe windows:1 windows x86 arch:x86

2c472b9e6746a8405a46a266f65df1b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetExitCodeProcess
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetTempPathA
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
IsValidLocale
LeaveCriticalSection
LoadLibraryA
MulDiv
MultiByteToWideChar
PeekNamedPipe
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

comctl32

InitCommonControls

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
GetCharWidth32A
GetCharWidth32W
GetCharWidthA
GetDeviceCaps
GetPixel
GetStockObject
GetTextMetricsA
LineTo
MoveToEx
SelectObject
SetPixelV
TextOutA
TextOutW

shell32

DragFinish
DragQueryFileA
Shell_NotifyIconA

user32

BeginPaint
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EndPaint
EnumThreadWindows
FillRect
GetClientRect
GetDC
GetDesktopWindow
GetSysColor
GetSystemMetrics
GetWindowRect
IsWindow
LoadCursorA
LoadIconA
MessageBoxA
PeekMessageA
RegisterClassA
ReleaseCapture
ReleaseDC
SetCapture
SetCursor
SetRect
SetTimer
SetWindowPos
ShowWindow
SystemParametersInfoA
TranslateMessage
wsprintfA

winmm

PlaySoundA
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime
timeKillEvent
timeSetEvent

ddraw

DirectDrawCreate

ole32

CoInitialize

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 801KB - Virtual size: 932KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6576551235240bf986f1006b - Copy/helpinfo_eng.html
.html
6576551235240bf986f1006b - Copy/helpinfo_ger.html
.html
6576551235240bf986f1006b - Copy/i_whichtable.eng
6576551235240bf986f1006b - Copy/i_whichtable.ger
6576551235240bf986f1006b - Copy/install_client.jpg
.jpg
6576551235240bf986f1006b - Copy/install_client.pcx
6576551235240bf986f1006b - Copy/license.key
6576551235240bf986f1006b - Copy/links.txt
6576551235240bf986f1006b - Copy/manual_daysofweek.bmp
6576551235240bf986f1006b - Copy/manual_daysofweek.jpg
.jpg
6576551235240bf986f1006b - Copy/manual_infopage.bmp
6576551235240bf986f1006b - Copy/manual_infopage.jpg
.jpg
6576551235240bf986f1006b - Copy/manual_soundtable.bmp
6576551235240bf986f1006b - Copy/manual_soundtable.jpg
.jpg
6576551235240bf986f1006b - Copy/manual_timeentry.bmp
6576551235240bf986f1006b - Copy/manual_timeentry.jpg
.jpg
6576551235240bf986f1006b - Copy/manual_timetable.bmp
6576551235240bf986f1006b - Copy/manual_timetable.jpg
.jpg
6576551235240bf986f1006b - Copy/netzwerkskizze.jpg
.jpg
6576551235240bf986f1006b - Copy/netzwerkskizze.pcx
6576551235240bf986f1006b - Copy/netzwerkskizze_en.bmp
6576551235240bf986f1006b - Copy/netzwerkskizze_en.jpg
.jpg
6576551235240bf986f1006b - Copy/netzwerkskizze_en.pcx
6576551235240bf986f1006b - Copy/outputschoolbell.txt
.vbs
6576551235240bf986f1006b - Copy/s_action.eng
6576551235240bf986f1006b - Copy/s_action.ger
6576551235240bf986f1006b - Copy/s_client.eng
6576551235240bf986f1006b - Copy/s_client.ger
6576551235240bf986f1006b - Copy/s_clock.eng
6576551235240bf986f1006b - Copy/s_clock.ger
6576551235240bf986f1006b - Copy/s_colors.eng
6576551235240bf986f1006b - Copy/s_colors.ger
6576551235240bf986f1006b - Copy/s_energy.eng
6576551235240bf986f1006b - Copy/s_energy.ger
6576551235240bf986f1006b - Copy/s_general.eng
6576551235240bf986f1006b - Copy/s_general.ger
6576551235240bf986f1006b - Copy/s_language.eng
6576551235240bf986f1006b - Copy/s_language.ger
6576551235240bf986f1006b - Copy/s_network.eng
6576551235240bf986f1006b - Copy/s_network.ger
6576551235240bf986f1006b - Copy/s_sounds.eng
6576551235240bf986f1006b - Copy/s_sounds.ger
6576551235240bf986f1006b - Copy/s_start.eng
6576551235240bf986f1006b - Copy/s_start.ger
6576551235240bf986f1006b - Copy/sb_cd_160.bmp
6576551235240bf986f1006b - Copy/schoolbell-configuration.scfg
6576551235240bf986f1006b - Copy/schoolbell.exe
.exe windows:4 windows x86 arch:x86

be84ad0c60e09635c4725589f6203ebd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreatePipe
CreateProcessA
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStrings
GetExitCodeProcess
GetFileAttributesA
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersion
GetVersionExA
GlobalAlloc
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
MulDiv
MultiByteToWideChar
PeekNamedPipe
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEnvironmentVariableA
SetErrorMode
SetFilePointer
SetHandleCount
SetLastError
SetSystemPowerState
SetSystemTime
SetThreadLocale
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

InitCommonControls

comdlg32

ChooseColorA
GetOpenFileNameA
PrintDlgA
GetSaveFileNameA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateFontA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EndDoc
EndPage
GetCharWidth32A
GetCharWidth32W
GetCharWidthA
GetDeviceCaps
GetPixel
GetStockObject
GetTextMetricsA
LineTo
MoveToEx
SelectObject
SetBkMode
SetPixelV
SetTextColor
StartDocA
StartPage
StretchBlt
TextOutA
TextOutW

shell32

DragFinish
DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA

user32

BeginPaint
CloseClipboard
CreateWindowExA
CreateWindowExW
DefWindowProcA
DestroyWindow
DispatchMessageA
EmptyClipboard
EndPaint
EnumThreadWindows
FillRect
GetClientRect
GetClipboardData
GetDC
GetDesktopWindow
GetSysColor
GetSystemMetrics
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InvalidateRect
IsClipboardFormatAvailable
IsWindow
LoadCursorA
LoadIconA
LoadImageA
MessageBoxA
MoveWindow
OemToCharA
OpenClipboard
PeekMessageA
RegisterClassA
ReleaseCapture
ReleaseDC
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetFocus
SetRect
SetTimer
SetWindowPos
ShowWindow
SystemParametersInfoA
TranslateMessage
UpdateWindow
wsprintfA

winmm

PlaySoundA
mciSendStringA
mixerClose
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerSetControlDetails
mmioAscend
mmioClose
mmioDescend
mmioOpenA
mmioRead
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime
timeKillEvent
timeSetEvent

ddraw

DirectDrawCreate

dsound

DirectSoundCreate

ole32

CoInitialize

wininet

HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 399KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 698KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6576551235240bf986f1006b - Copy/schoolbell.exe.manifest
.xml
6576551235240bf986f1006b - Copy/schoolbell_027F0000.bin
6576551235240bf986f1006b - Copy/schoolbell_client.exe
.exe windows:4 windows x86 arch:x86

be84ad0c60e09635c4725589f6203ebd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreatePipe
CreateProcessA
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStrings
GetExitCodeProcess
GetFileAttributesA
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersion
GetVersionExA
GlobalAlloc
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
MulDiv
MultiByteToWideChar
PeekNamedPipe
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEnvironmentVariableA
SetErrorMode
SetFilePointer
SetHandleCount
SetLastError
SetSystemPowerState
SetSystemTime
SetThreadLocale
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

InitCommonControls

comdlg32

ChooseColorA
GetOpenFileNameA
PrintDlgA
GetSaveFileNameA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateFontA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EndDoc
EndPage
GetCharWidth32A
GetCharWidth32W
GetCharWidthA
GetDeviceCaps
GetPixel
GetStockObject
GetTextMetricsA
LineTo
MoveToEx
SelectObject
SetBkMode
SetPixelV
SetTextColor
StartDocA
StartPage
StretchBlt
TextOutA
TextOutW

shell32

DragFinish
DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA

user32

BeginPaint
CloseClipboard
CreateWindowExA
CreateWindowExW
DefWindowProcA
DestroyWindow
DispatchMessageA
EmptyClipboard
EndPaint
EnumThreadWindows
FillRect
GetClientRect
GetClipboardData
GetDC
GetDesktopWindow
GetSysColor
GetSystemMetrics
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InvalidateRect
IsClipboardFormatAvailable
IsWindow
LoadCursorA
LoadIconA
LoadImageA
MessageBoxA
MoveWindow
OemToCharA
OpenClipboard
PeekMessageA
RegisterClassA
ReleaseCapture
ReleaseDC
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetFocus
SetRect
SetTimer
SetWindowPos
ShowWindow
SystemParametersInfoA
TranslateMessage
UpdateWindow
wsprintfA

winmm

PlaySoundA
mciSendStringA
mixerClose
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerSetControlDetails
mmioAscend
mmioClose
mmioDescend
mmioOpenA
mmioRead
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime
timeKillEvent
timeSetEvent

ddraw

DirectDrawCreate

dsound

DirectSoundCreate

ole32

CoInitialize

wininet

HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 399KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 698KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6576551235240bf986f1006b - Copy/schoolbell_client.exe.manifest
.xml
6576551235240bf986f1006b - Copy/schoolbell_crashreport.exe
.exe windows:4 windows x86 arch:x86

e477c515a2aef00b685a91b63084c780

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreatePipe
CreateProcessA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStrings
GetExitCodeProcess
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetTempPathA
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersion
GetVersionExA
GlobalAlloc
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
MulDiv
MultiByteToWideChar
PeekNamedPipe
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

wsock32

WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
inet_ntoa
ioctlsocket
recv
send
socket

comctl32

InitCommonControls

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
GetCharWidth32A
GetCharWidth32W
GetCharWidthA
GetDeviceCaps
GetPixel
GetStockObject
GetTextMetricsA
LineTo
MoveToEx
SelectObject
SetPixelV
TextOutA
TextOutW

shell32

DragFinish
DragQueryFileA
ShellExecuteA
Shell_NotifyIconA

user32

BeginPaint
CloseClipboard
CreateWindowExA
CreateWindowExW
DefWindowProcA
DestroyWindow
DispatchMessageA
EmptyClipboard
EndPaint
EnumThreadWindows
FillRect
GetClientRect
GetClipboardData
GetDC
GetDesktopWindow
GetSysColor
GetSystemMetrics
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InvalidateRect
IsClipboardFormatAvailable
IsWindow
LoadCursorA
LoadIconA
MessageBoxA
MoveWindow
OemToCharA
OpenClipboard
PeekMessageA
RegisterClassA
ReleaseCapture
ReleaseDC
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetFocus
SetRect
SetTimer
SetWindowPos
SetWindowTextA
SetWindowTextW
ShowWindow
SystemParametersInfoA
TranslateMessage
UpdateWindow
wsprintfA

winmm

PlaySoundA
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime
timeKillEvent
timeSetEvent

ddraw

DirectDrawCreate

ole32

CoInitialize

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 309KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 912KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 282KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6576551235240bf986f1006b - Copy/schoolbell_crashreport.exe.manifest
.xml
6576551235240bf986f1006b - Copy/schoolbell_settings.dbf
6576551235240bf986f1006b - Copy/setpage.eng
6576551235240bf986f1006b - Copy/sound1.wav
6576551235240bf986f1006b - Copy/sound2.wav
6576551235240bf986f1006b - Copy/sound3.wav
6576551235240bf986f1006b - Copy/sound4.wav
6576551235240bf986f1006b - Copy/sounds/beep1.wav
6576551235240bf986f1006b - Copy/sounds/beep2.wav
6576551235240bf986f1006b - Copy/sounds/bell.wav
6576551235240bf986f1006b - Copy/sounds/gong.wav
6576551235240bf986f1006b - Copy/sounds/gong_4_down.wav
6576551235240bf986f1006b - Copy/sounds/gong_4_up.wav
6576551235240bf986f1006b - Copy/sounds/rgong1.wav
6576551235240bf986f1006b - Copy/sounds/rgong2.wav
6576551235240bf986f1006b - Copy/sounds/ring1.wav
6576551235240bf986f1006b - Copy/sounds/schoolbell.wav
6576551235240bf986f1006b - Copy/sounds/schoolbell2.wav
6576551235240bf986f1006b - Copy/timetable01.dbf
6576551235240bf986f1006b - Copy/timetable02.dbf
6576551235240bf986f1006b - Copy/timetable03.dbf
6576551235240bf986f1006b - Copy/timetable04.dbf
6576551235240bf986f1006b - Copy/timetable05.dbf
6576551235240bf986f1006b - Copy/timetable06.dbf
6576551235240bf986f1006b - Copy/timetable07.dbf
6576551235240bf986f1006b - Copy/timewin.eng
6576551235240bf986f1006b - Copy/timewin.ger
6576551235240bf986f1006b - Copy/traysymbol.bmp
6576551235240bf986f1006b - Copy/ttpage.eng
6576551235240bf986f1006b - Copy/ttpage.ger
6576551235240bf986f1006b - Copy/uninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c472b9e6746a8405a46a266f65df1b9

Headers

File Characteristics

Imports

kernel32

comctl32

gdi32

shell32

user32

winmm

ddraw

ole32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 172KB

.data Size: 801KB - Virtual size: 932KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 262KB - Virtual size: 264KB

be84ad0c60e09635c4725589f6203ebd

Headers

File Characteristics

Imports

advapi32

kernel32

winspool.drv

comctl32

comdlg32

gdi32

shell32

user32

winmm

ddraw

dsound

ole32

wininet

Exports

Exports

Sections

.text Size: 399KB - Virtual size: 400KB

.data Size: 2.2MB - Virtual size: 2.6MB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 6KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 73KB - Virtual size: 76KB

.reloc Size: 698KB - Virtual size: 700KB

be84ad0c60e09635c4725589f6203ebd

Headers

File Characteristics

Imports

advapi32

kernel32

winspool.drv

comctl32

comdlg32

gdi32

shell32

user32

winmm

ddraw

dsound

ole32

wininet

Exports

Exports

Sections

.text Size: 399KB - Virtual size: 400KB

.data Size: 2.2MB - Virtual size: 2.6MB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.text
Size: 172KB - Virtual size: 172KB

.data
Size: 801KB - Virtual size: 932KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 262KB - Virtual size: 264KB

.text
Size: 399KB - Virtual size: 400KB

.data
Size: 2.2MB - Virtual size: 2.6MB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 73KB - Virtual size: 76KB

.reloc
Size: 698KB - Virtual size: 700KB

.text
Size: 399KB - Virtual size: 400KB

.data
Size: 2.2MB - Virtual size: 2.6MB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 73KB - Virtual size: 76KB

.reloc
Size: 698KB - Virtual size: 700KB

.text
Size: 309KB - Virtual size: 312KB

.data
Size: 912KB - Virtual size: 1.0MB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 73KB - Virtual size: 76KB

.reloc
Size: 282KB - Virtual size: 284KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 4KB