country[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

country.exe.zip
Size

8.0MB
MD5

a1d258743281d65a5d9909cbae1168dd
SHA1

1c3eb3e1c55d89c35ce06183cc21f5e975b513ef
SHA256

70971148ed1fadb17a1de707b03b0b61bcf9d523c540b9bf4e411b5bb0dda5f0
SHA512

d33c9385bd8dd16e585e1f2894ef5f80edf97db91340cd03192528d3343576fe332a92e03a62704c3bc4ca6b12094477fca9e7ac49848a6705413e4a2f7f4049
SSDEEP

196608:64MKaR1LoyJsDt2ewpjFno/y09+Vex2fVeBfdjIGGoiCuwqL/re:64MjK4sDt1OpFAj38IiCKi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Covid18.exe	upx
static1/unpack001/Covid20.exe	upx
static1/unpack001/Covid21 2.0.exe	upx
static1/unpack001/Covid666.exe	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CSHacksFreeNoHacks.exe
unpack001/Covid18.exe
unpack001/Covid20.exe
unpack001/Covid21 2.0.exe
unpack001/Covid666.exe
unpack001/CrazyPos.exe
unpack001/CrazyText.exe
unpack001/Cronic.exe
unpack001/country.exe

Files

country.exe.zip
.zip
CSHacksFreeNoHacks.exe
.exe windows:4 windows x86 arch:x86

5f8a2eb9afd903daceedad51b405144b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

BitBlt
TextOutW

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
rand
signal
strlen
strncmp
vfprintf

user32

DrawIcon
GetCursorPos
GetDC
GetSystemMetrics
LoadIconA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Covid18.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Covid20.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 17.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Covid21 2.0.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 981KB - Virtual size: 984KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Covid666.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 618KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CrazyPos.exe
.exe windows:6 windows x64 arch:x64

cf91237ebdefb71f6640d26c7d318972

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Admin\source\repos\Project1\x64\Debug\Project1.pdb

Imports

kernel32

ReadFile
CreateFileW
WriteConsoleW
ExitProcess
ReadConsoleW
CloseHandle
Sleep
GetCurrentThreadId
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
GetCurrentProcess
TerminateProcess
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleHandleExW
GetCurrentThread
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
SetConsoleCtrlHandler
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
RtlUnwind

user32

GetSystemMetrics
GetDC
MessageBoxW
GetCursorPos
EnumChildWindows
GetDesktopWindow
SetWindowPos

gdi32

Ellipse
DeleteObject
CreateSolidBrush
SelectObject
CreatePen
BitBlt

Sections

.textbss
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 450B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 671B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrazyText.exe
.exe windows:6 windows x64 arch:x64

80586b5089b723678f1cfb783957b01a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Admin\source\repos\Project1\x64\Debug\Project1.pdb

Imports

kernel32

ReadFile
GetConsoleMode
ReadConsoleW
FlushFileBuffers
HeapReAlloc
HeapSize
CloseHandle
CreateFileW
WriteConsoleW
ExitProcess
GetConsoleOutputCP
Sleep
GetCurrentThreadId
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
GetModuleFileNameW
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
GetStdHandle
WriteFile
GetModuleHandleExW
GetCurrentThread
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
SetConsoleCtrlHandler
GetFileSizeEx
SetFilePointerEx
RtlUnwind
CreateThread

user32

GetCursorPos
MessageBoxW
EnumChildWindows
GetSystemMetrics
ShowWindow
SendMessageTimeoutW
GetDC
GetDesktopWindow
SetWindowPos

gdi32

Ellipse
DeleteObject
CreateSolidBrush
CreatePen
SelectObject
BitBlt

Sections

.textbss
Size: - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 450B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 671B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cronic.exe
.exe windows:6 windows x64 arch:x64

84655fe0fa8ac27a4230a8a3b9ddde34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ALAN\source\repos\Cronic\x64\Release\Cronic.pdb

Imports

kernel32

GetCurrentProcessId
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
GetSystemTimeAsFileTime
GetTickCount
CreateThread
CloseHandle
TerminateThread
Sleep
IsDebuggerPresent
VirtualAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
IsProcessorFeaturePresent
GetCurrentThreadId

user32

GetSystemMetrics
GetDC

gdi32

SelectObject
CreateCompatibleDC
GetBitmapBits
SetBitmapBits
DeleteObject
CreateBitmap
BitBlt

winmm

waveOutOpen
waveOutUnprepareHeader
waveOutClose
waveOutWrite
waveOutPrepareHeader

vcruntime140

__C_specific_handler
memset
__current_exception_context
__current_exception

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-runtime-l1-1-0

terminate
_seh_filter_exe
_set_app_type
_crt_atexit
_configure_narrow_argv
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initterm
_exit
exit
_initterm_e
_get_narrow_winmain_command_line

api-ms-win-crt-math-l1-1-0

sinf
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
country.exe
.exe windows:6 windows x86 arch:x86

eaa657c7e75592a42a94e85596b08402

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\HP Pavilion\source\repos\nekotonkatu\Release\nekotonkatu.pdb

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
QueryPerformanceCounter
UnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
CreateThread
CloseHandle
TerminateThread
GetSystemTimeAsFileTime
Sleep
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess

user32

GetForegroundWindow
GetDesktopWindow
SetWindowTextA
RedrawWindow
GetSystemMetrics
MessageBoxW
GetDC
GetWindowRect

gdi32

SelectObject
PatBlt
PlgBlt
LineTo
CreateSolidBrush
BitBlt

winmm

waveOutOpen
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutClose

vcruntime140

__current_exception
_except_handler4_common
memset
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_controlfp_s
terminate
exit
_seh_filter_exe
_initialize_onexit_table
_set_app_type
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_get_narrow_winmain_command_line
_exit
_initterm_e
_initterm
_initialize_narrow_environment

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

__setusermatherr
_libm_sse2_sin_precise

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f8a2eb9afd903daceedad51b405144b

Headers

File Characteristics

Imports

gdi32

kernel32

msvcrt

user32

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 44B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

/4 Size: 1024B - Virtual size: 728B

/19 Size: 42KB - Virtual size: 41KB

/31 Size: 6KB - Virtual size: 6KB

/45 Size: 6KB - Virtual size: 6KB

/57 Size: 2KB - Virtual size: 1KB

/70 Size: 1024B - Virtual size: 754B

/81 Size: 3KB - Virtual size: 3KB

/92 Size: 1024B - Virtual size: 560B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 17.7MB

UPX1 Size: 4.8MB - Virtual size: 4.8MB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 981KB - Virtual size: 984KB

.rsrc Size: 200KB - Virtual size: 204KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 618KB - Virtual size: 620KB

.rsrc Size: 68KB - Virtual size: 72KB

cf91237ebdefb71f6640d26c7d318972

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Sections

.textbss Size: - Virtual size: 196KB

.text Size: 439KB - Virtual size: 438KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 4KB - Virtual size: 12KB

.pdata Size: 27KB - Virtual size: 26KB

.idata Size: 4KB - Virtual size: 4KB

.msvcjmc Size: 512B - Virtual size: 450B

.00cfg Size: 512B - Virtual size: 373B

_RDATA Size: 1024B - Virtual size: 671B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

80586b5089b723678f1cfb783957b01a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 1024B - Virtual size: 728B

/19
Size: 42KB - Virtual size: 41KB

/31
Size: 6KB - Virtual size: 6KB

/45
Size: 6KB - Virtual size: 6KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 1024B - Virtual size: 754B

/81
Size: 3KB - Virtual size: 3KB

/92
Size: 1024B - Virtual size: 560B

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 17.7MB

UPX1
Size: 4.8MB - Virtual size: 4.8MB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 981KB - Virtual size: 984KB

.rsrc
Size: 200KB - Virtual size: 204KB

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 618KB - Virtual size: 620KB

.rsrc
Size: 68KB - Virtual size: 72KB

.textbss
Size: - Virtual size: 196KB

.text
Size: 439KB - Virtual size: 438KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 27KB - Virtual size: 26KB

.idata
Size: 4KB - Virtual size: 4KB

.msvcjmc
Size: 512B - Virtual size: 450B

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 671B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.textbss
Size: - Virtual size: 197KB

.text
Size: 440KB - Virtual size: 440KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 27KB - Virtual size: 26KB

.idata
Size: 5KB - Virtual size: 4KB

.msvcjmc
Size: 512B - Virtual size: 450B

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 671B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 456B

.rsrc
Size: 1024B - Virtual size: 744B

.reloc
Size: 512B - Virtual size: 44B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 980B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 560B