C:\Users\FlyTech\Documents\Creep\Creep\obj\Release\000.pdb
Overview
overview
10Static
static
7Windows/000.exe
windows7-x64
Windows/000.exe
windows10-2004-x64
Windows/BUG32.exe
windows7-x64
Windows/BUG32.exe
windows10-2004-x64
Windows/Bonzify.exe
windows7-x64
8Windows/Bonzify.exe
windows10-2004-x64
8Windows/Em...99.exe
windows7-x64
5Windows/Em...99.exe
windows10-2004-x64
5Windows/Em...tr.exe
windows7-x64
1Windows/Em...tr.exe
windows10-2004-x64
1Windows/Em...al.exe
windows7-x64
5Windows/Em...al.exe
windows10-2004-x64
5Windows/Em...en.exe
windows7-x64
1Windows/Em...en.exe
windows10-2004-x64
1Windows/Em...hu.exe
windows7-x64
5Windows/Em...hu.exe
windows10-2004-x64
1Windows/Fa...ye.exe
windows7-x64
6Windows/Fa...ye.exe
windows10-2004-x64
6Windows/PC...er.exe
windows7-x64
1Windows/PC...er.exe
windows10-2004-x64
7Windows/Ra...ac.exe
windows7-x64
10Windows/Ra...ac.exe
windows10-2004-x64
Windows/Ra...it.exe
windows7-x64
10Windows/Ra...it.exe
windows10-2004-x64
10Windows/Ra...or.exe
windows7-x64
Windows/Ra...or.exe
windows10-2004-x64
Windows/Ra...on.exe
windows7-x64
10Windows/Ra...on.exe
windows10-2004-x64
7Windows/Ra...ye.exe
windows7-x64
10Windows/Ra...ye.exe
windows10-2004-x64
10Windows/Ra...Eye.js
windows7-x64
10Windows/Ra...Eye.js
windows10-2004-x64
10Behavioral task
behavioral1
Sample
Windows/000.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Windows/000.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Windows/BUG32.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Windows/BUG32.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Windows/Bonzify.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Windows/Bonzify.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Windows/Email-Worm/Email-Worm.Win32.Happy99/Happy99.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Windows/Email-Worm/Email-Worm.Win32.Happy99/Happy99.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Windows/Email-Worm/Email-Worm.Win32.Magistr/Magistr.exe
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
Windows/Email-Worm/Email-Worm.Win32.Magistr/Magistr.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
Windows/Email-Worm/Email-Worm.Win32.Maldal/Maldal.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Windows/Email-Worm/Email-Worm.Win32.Maldal/Maldal.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
Windows/Email-Worm/Email-Worm.Win32.MeltingScreen/MeltingScreen.exe
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
Windows/Email-Worm/Email-Worm.Win32.MeltingScreen/MeltingScreen.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Windows/Email-Worm/Email-Worm.Win32.Pikachu/Pikachu.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Windows/Email-Worm/Email-Worm.Win32.Pikachu/Pikachu.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Windows/Fake GoldenEye/FakeGoldenEye.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Windows/Fake GoldenEye/FakeGoldenEye.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Windows/PCToaster/PCToaster.exe
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
Windows/PCToaster/PCToaster.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Windows/Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Windows/Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
Windows/Ransomware/BadRabbit Ransomware/BadRabbit.exe
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
Windows/Ransomware/BadRabbit Ransomware/BadRabbit.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
Windows/Ransomware/Monster Ransomware (second new version)/tunamor.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Windows/Ransomware/Monster Ransomware (second new version)/tunamor.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Windows/Ransomware/Monster Ransomware/XMoon.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Windows/Ransomware/Monster Ransomware/XMoon.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.js
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.js
Resource
win10v2004-20240226-en
General
-
Target
Windows.zip
-
Size
31.7MB
-
MD5
1834586b7e6f291ce278f36d25912667
-
SHA1
575659c4f36224e13388c8a48a5145d58dbc265f
-
SHA256
1473050bbfaaccabbc5429d25b37bbeaf0d73eb39706e9b01d88494704447ded
-
SHA512
e63c8d2af72da4636b3b466c0d84efdb02f465508a6caae39a0c18d7292cc4cb4834228d8728db2023abd7dbe8633e95e0e541055d2233855ab96f72edc6d10b
-
SSDEEP
786432:dQWBUeisS6Cv9xSkFwVB+x4aSbJ1EKAhiDB9+DZwX1TpIb86PR7:OCDg/v5FwVB+yfEAHWZATpIbBPR7
Malware Config
Signatures
-
resource yara_rule static1/unpack001/Windows/Ransomware/Monster Ransomware/XMoon.exe upx -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule static1/unpack003/out.upx autoit_exe -
Unsigned PE 36 IoCs
Checks for missing Authenticode signature.
resource unpack001/Windows/000.exe unpack001/Windows/BUG32.exe unpack001/Windows/Bonzify.exe unpack001/Windows/Email-Worm/Email-Worm.Win32.Happy99/Happy99.exe unpack001/Windows/Email-Worm/Email-Worm.Win32.Magistr/Magistr.exe unpack001/Windows/Email-Worm/Email-Worm.Win32.Maldal/Maldal.exe unpack001/Windows/Email-Worm/Email-Worm.Win32.MeltingScreen/MeltingScreen.exe unpack001/Windows/Email-Worm/Email-Worm.Win32.Pikachu/Pikachu.exe unpack001/Windows/Fake GoldenEye/FakeGoldenEye.exe unpack001/Windows/PCToaster/PCToaster.exe unpack001/Windows/Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe unpack001/Windows/Ransomware/Monster Ransomware (second new version)/tunamor.exe unpack001/Windows/Ransomware/Monster Ransomware/XMoon.exe unpack003/out.upx unpack001/Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe unpack001/Windows/Ransomware/Trojan.Ransom.NotPetya/NotPetya.exe unpack001/Windows/Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.PetrWrap unpack001/Windows/Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.PetrWrap(Patched) unpack001/Windows/Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.PetrWrap(Wiper) unpack001/Windows/Ransomware/WannaCrypt0r/WannaCrypt0r.exe unpack001/Windows/Win32/Joke.Win32.Badgame/not-virus_Joke.Win32.Badgame.exe unpack001/Windows/Win32/Joke.Win32.FakePetya/FakePetya.exe unpack001/Windows/Win32/Net-Worm.Win32.Opaserv/Opaserv.exe unpack001/Windows/Win32/Trojan.Win32.Alerta/Alerta.exe unpack001/Windows/Win32/Trojan.Win32.IconDance/IconDance.exe unpack001/Windows/Win32/Trojan.Win32.Sevgi/Sevgi.exe unpack001/Windows/Win32/Trojan.Win32.Whiter/Whiter.exe unpack001/Windows/Win32/Virus.Win32.Antares/Antares.exe unpack001/Windows/Win32/Virus.Win32.Rigel/Rigel.exe unpack001/Windows/Win32/Virus.Win32.Winfig/Winfig.exe unpack001/Windows/Win9x/Trojan.Win9x.FlashKiller/FlashKiller.exe unpack001/Windows/Win9x/Virus.Win9x.CIH (Infected AlZip program)/AlZip.exe unpack001/Windows/Win9x/Virus.Win9x.CIH/CIH.exe unpack001/Windows/Win9x/Virus.Win9x.Prizm/Prizm.exe unpack001/Windows/Win9x/Virus.Win9x.Shoerec/Shoerec.exe unpack001/Windows/Win9x/Virus.Win9x.Smash/Smash.exe
Files
-
Windows.zip.zip
-
Windows/000.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 6.7MB - Virtual size: 6.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/42.zip.zip
-
Windows/BUG32.exe.exe windows:4 windows x86 arch:x86
d7ee0bec939bda9b20c9cb9dcb985e30
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
memset
strncmp
memmove
strncpy
strstr
_strnicmp
_stricmp
strlen
strcmp
sprintf
fabs
ceil
malloc
floor
free
fclose
memcpy
strcpy
tolower
kernel32
GetModuleHandleA
HeapCreate
RemoveDirectoryA
GetTempFileNameA
GetShortPathNameA
GetWindowsDirectoryA
GetSystemDirectoryA
HeapDestroy
ExitProcess
GetExitCodeProcess
GetNativeSystemInfo
FindResourceA
LoadResource
SizeofResource
HeapAlloc
HeapFree
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
InitializeCriticalSection
GetCommandLineA
GetModuleFileNameA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
HeapReAlloc
SetLastError
TlsAlloc
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
DeleteFileA
GetTempPathA
CreateDirectoryA
WriteFile
CreateFileA
SetFilePointer
ReadFile
DeleteCriticalSection
user32
CharLowerA
MessageBoxA
SendMessageA
PostMessageA
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongA
GetForegroundWindow
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
DestroyWindow
GetDC
GetWindowTextLengthA
GetWindowTextA
SetRect
DrawTextA
GetSystemMetrics
ReleaseDC
GetSysColor
GetSysColorBrush
CreateWindowExA
CallWindowProcA
SetWindowLongA
SetFocus
RedrawWindow
RemovePropA
DefWindowProcA
SetPropA
GetParent
GetPropA
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetFocus
GetClientRect
FillRect
EnumChildWindows
DefFrameProcA
GetWindowRect
IsChild
GetClassNameA
GetKeyState
DestroyIcon
RegisterWindowMessageA
gdi32
GetStockObject
SelectObject
SetBkColor
SetTextColor
GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
GetObjectType
CreateDIBSection
BitBlt
CreateBitmap
SetPixel
comctl32
InitCommonControlsEx
ole32
CoInitialize
CoTaskMemFree
RevokeDragDrop
shell32
ShellExecuteExA
winmm
timeBeginPeriod
shlwapi
PathQuoteSpacesA
PathRenameExtensionA
PathAddBackslashA
PathUnquoteSpacesA
Sections
.code Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Bonzify.exe.exe windows:5 windows x86 arch:x86
0bee32f8779ce7af7a869e923f1dd6fb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\PC\Documents\Visual Studio 2015\Projects\Bonzify\Release\Bonzify.pdb
Imports
kernel32
FindClose
lstrcmpA
lstrcatA
CreateFileA
lstrcpyA
CloseHandle
LocalFree
GetProcessHeap
FlushFileBuffers
Sleep
DeleteFileA
CreateThread
HeapAlloc
SizeofResource
lstrlenA
SetLastError
TerminateProcess
ExpandEnvironmentStringsA
GetFullPathNameA
FindResourceA
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
LockResource
Process32Next
LoadResource
lstrcmpiA
CreateProcessA
FindNextFileA
WriteFile
HeapFree
FindFirstFileA
Process32First
LocalAlloc
user32
SendMessageA
advapi32
RegOpenKeyA
RegSetValueExA
RegCloseKey
shell32
SHCreateDirectoryExA
SHChangeNotify
ole32
CoInitialize
CoCreateInstance
oleaut32
SysAllocString
SysFreeString
shlwapi
PathRemoveFileSpecA
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6.4MB - Virtual size: 6.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 452B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/Email-Worm/Email-Worm.Win32.Happy99/Happy99.exe.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Email-Worm/Email-Worm.Win32.Magistr/Magistr.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Windows/Email-Worm/Email-Worm.Win32.Maldal/Maldal.exe.exe windows:4 windows x86 arch:x86
894499b0c1732ab37b759498faae29f0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord599
__vbaBoolVarNull
__vbaVargVar
_CIsin
__vbaVarZero
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarTstGe
_CIatan
__vbaStrMove
__vbaForEachVar
ord543
_allmul
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
Sections
.text Size: 60KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Email-Worm/Email-Worm.Win32.MeltingScreen/MeltingScreen.exe.exe windows:4 windows x86 arch:x86
f90f100c81647f834881cf7cd9e90bd4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm50
MethCallEngine
ord625
ord593
ord598
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord608
ord535
ord645
ord100
ord617
ord580
Sections
.text Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 900B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/Email-Worm/Email-Worm.Win32.Pikachu/Pikachu.exe.exe windows:4 windows x86 arch:x86
cf991f1d207b1a6b956f57f38b2aaa2f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaObjVar
__vbaVarLateMemSt
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaVarCat
_CIlog
__vbaFileOpen
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaLateMemCall
__vbaVarAdd
__vbaVarLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
Sections
.text Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Fake GoldenEye/FakeGoldenEye.exe.exe windows:5 windows x86 arch:x86
aa59bb138ba9dcdca5ef5c1e473df22c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
GetModuleHandleW
VirtualFree
GetProcessHeap
IsBadReadPtr
SetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
GetLastError
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
IsProcessorFeaturePresent
HeapCreate
Sleep
ExitProcess
WriteFile
GetModuleFileNameW
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
RaiseException
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
RtlUnwind
LoadLibraryW
SetStdHandle
WriteConsoleW
HeapSize
CreateFileW
InitializeCriticalSection
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 448B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/Fake GoldenEye/Key.txt
-
Windows/PCToaster/PCToaster.exe.exe windows:4 windows x86 arch:x86
6011984d7c1f1b97a34d7517a498bff8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
kernel32
CloseHandle
CreateMutexA
CreateProcessA
ExitProcess
FindResourceExA
FormatMessageA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalMemoryStatusEx
LoadResource
LocalFree
LockResource
SetEnvironmentVariableA
SetLastError
SetUnhandledExceptionFilter
WaitForSingleObject
msvcrt
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_close
_findclose
_findfirst
_findnext
_iob
_itoa
_onexit
_open
_read
_setmode
_stat
atexit
atoi
fclose
fopen
fprintf
fwrite
memset
printf
puts
signal
strcat
strchr
strcmp
strcpy
strlen
strncat
strncpy
strpbrk
strrchr
strstr
strtok
shell32
ShellExecuteA
user32
CreateWindowExA
DispatchMessageA
EnumWindows
FindWindowExA
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
KillTimer
LoadImageA
MessageBoxA
PostQuitMessage
SendMessageA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 35KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 363KB - Virtual size: 363KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Windows/Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 15.7MB - Virtual size: 15.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 268KB - Virtual size: 267KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Ransomware/BadRabbit Ransomware/BadRabbit.exe.exe windows:5 windows x86 arch:x86
e3bda9df66f1f9b2b9b7b068518f2af1
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0e:bf:ea:68:d6:77:b3:e2:6c:ab:41:c3:3f:3e:69:deCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before16-12-2016 00:00Not After17-12-2017 23:59SubjectCN=Symantec Corporation,OU=STAR Security Engines,O=Symantec Corporation,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2e:6b:e6:bd:11:a8:67:6e:6c:57:90:9e:9b:0d:5f:57Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before15-03-2017 00:00Not After13-04-2018 23:59SubjectCN=Symantec Corporation,OU=STAR Security Engines,O=Symantec Corporation,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before22-07-2014 00:00Not After21-07-2024 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12-01-2016 00:00Not After11-01-2031 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before02-01-2017 00:00Not After01-04-2028 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
c9:13:30:16:a3:e5:cf:bf:b1:aa:8b:50:d1:16:0f:a5:35:73:41:3d:4f:81:f8:71:05:4e:c7:39:6d:5a:8b:17Signer
Actual PE Digestc9:13:30:16:a3:e5:cf:bf:b1:aa:8b:50:d1:16:0f:a5:35:73:41:3d:4f:81:f8:71:05:4e:c7:39:6d:5a:8b:17Digest Algorithmsha256PE Digest Matchesfalsebd:ae:90:d3:3b:42:bf:69:31:7c:f4:d9:c1:9d:fd:c2:69:86:ca:f0Signer
Actual PE Digestbd:ae:90:d3:3b:42:bf:69:31:7c:f4:d9:c1:9d:fd:c2:69:86:ca:f0Digest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
GetCommandLineW
GetFileSize
CreateProcessW
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
WriteFile
GetSystemDirectoryW
ReadFile
GetModuleFileNameW
CreateFileW
lstrcatW
CloseHandle
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
user32
wsprintfW
shell32
CommandLineToArgvW
msvcrt
wcsstr
memcpy
free
malloc
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 828B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 590B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/Ransomware/Monster Ransomware (second new version)/tunamor.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 161KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Ransomware/Monster Ransomware/XMoon.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 608KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 264KB - Virtual size: 268KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 165KB - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 514KB - Virtual size: 513KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 173KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe.exe windows:5 windows x86 arch:x86
eadbe699c9f56194b9bbdf2dd7631233
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\src\ZoomIt\Release\ZoomIt.pdb
Imports
comctl32
ord17
winmm
PlaySoundA
gdiplus
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRect
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromHBITMAP
msimg32
AlphaBlend
kernel32
GetTickCount
FormatMessageA
lstrcpynA
CreateEventA
GetModuleFileNameA
CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
FindResourceA
GetFileAttributesA
DeleteFileA
MultiByteToWideChar
GetStringTypeW
FatalAppExitA
CreateSemaphoreW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
MulDiv
GetFileType
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
RtlUnwind
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapSize
GetModuleFileNameW
WriteFile
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetProcessHeap
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
HeapAlloc
HeapFree
Beep
CloseHandle
SizeofResource
LoadResource
Sleep
WaitForSingleObject
GetLastError
SetThreadPriority
GetCurrentThread
GetExitCodeProcess
GetCurrentProcess
GetVersion
LockResource
GetCommandLineW
GetModuleHandleA
LoadLibraryA
LocalFree
LocalAlloc
GetProcAddress
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
RaiseException
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
InterlockedExchange
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
OutputDebugStringW
LoadLibraryW
SetFilePointerEx
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW
ReadFile
ReadConsoleW
SetEndOfFile
DeleteCriticalSection
user32
FindWindowW
FindWindowA
GetParent
GetDesktopWindow
GetWindowLongA
SetRect
FillRect
GetSysColor
ChildWindowFromPoint
MapWindowPoints
GetClipCursor
ClipCursor
GetCursorPos
LoadIconA
MessageBoxA
GetWindowRect
GetClientRect
RedrawWindow
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
ChangeDisplaySettingsExA
SystemParametersInfoA
EnumDisplaySettingsA
SetCursorPos
DrawTextA
TrackPopupMenu
InsertMenuA
DestroyMenu
CreatePopupMenu
TranslateAcceleratorA
LoadAcceleratorsA
EnableWindow
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA
CreateDialogParamA
BringWindowToTop
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
GetMessageExtraInfo
UnregisterHotKey
RegisterHotKey
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
SetWindowLongA
gdi32
DeleteDC
DeleteObject
Ellipse
GetStockObject
LineTo
Rectangle
SelectObject
CreateSolidBrush
StretchBlt
SetROP2
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
Polygon
CreatePen
CreateFontIndirectA
GetDeviceCaps
StartDocA
SetMapMode
EndDoc
StartPage
EndPage
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
SetBkMode
CreateDCA
comdlg32
GetSaveFileNameA
GetOpenFileNameA
PrintDlgA
ChooseFontA
advapi32
RegCreateKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
shell32
ShellExecuteA
Shell_NotifyIconA
ole32
CoInitialize
Sections
.text Size: 190KB - Virtual size: 189KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 434B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.js.js
-
Windows/Ransomware/Trojan.Ransom.NotPetya/NotPetya.exe.exe windows:5 windows x86 arch:x86
ab8fd60b3da01515e6706e8d122c633f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\users\pc\documents\visual studio 2010\Projects\ME Doc Update\Release\ME Doc Update.pdb
Imports
kernel32
GetFullPathNameA
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
ExpandEnvironmentStringsA
WriteFile
CloseHandle
HeapReAlloc
GetStringTypeW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
RtlUnwind
HeapSize
LCMapStringW
MultiByteToWideChar
IsProcessorFeaturePresent
shell32
ShellExecuteA
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 362KB - Virtual size: 362KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.PetrWrap.exe windows:5 windows x86 arch:x86
90cfb770dd8b0646a46fc541c93185a2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCurrentProcessId
GetTickCount
GetVersionExA
FreeLibrary
GetProcAddress
GlobalMemoryStatus
LoadLibraryA
HeapAlloc
HeapFree
GetCommandLineA
HeapReAlloc
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ReadFile
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
AreFileApisANSI
MultiByteToWideChar
GetProcessHeap
SetLastError
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
QueryPerformanceCounter
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
SetFilePointer
SetFilePointerEx
SetStdHandle
GetStringTypeW
LCMapStringW
HeapSize
CreateFileW
SetEndOfFile
GetVersion
GetCurrentThreadId
GetLastError
GetFileType
GetStdHandle
Sleep
VirtualAlloc
CreateFileA
CloseHandle
FreeEnvironmentStringsW
WriteFile
user32
GetUserObjectInformationW
GetProcessWindowStation
wsprintfA
MessageBoxA
GetDesktopWindow
advapi32
ReportEventA
DeregisterEventSource
RegisterEventSourceA
Sections
.text Size: 205KB - Virtual size: 205KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 82KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 139KB - Virtual size: 148KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.PetrWrap(Patched).exe windows:5 windows x86 arch:x86
90cfb770dd8b0646a46fc541c93185a2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCurrentProcessId
GetTickCount
GetVersionExA
FreeLibrary
GetProcAddress
GlobalMemoryStatus
LoadLibraryA
HeapAlloc
HeapFree
GetCommandLineA
HeapReAlloc
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ReadFile
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
AreFileApisANSI
MultiByteToWideChar
GetProcessHeap
SetLastError
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
QueryPerformanceCounter
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
SetFilePointer
SetFilePointerEx
SetStdHandle
GetStringTypeW
LCMapStringW
HeapSize
CreateFileW
SetEndOfFile
GetVersion
GetCurrentThreadId
GetLastError
GetFileType
GetStdHandle
Sleep
VirtualAlloc
CreateFileA
CloseHandle
FreeEnvironmentStringsW
WriteFile
user32
GetUserObjectInformationW
GetProcessWindowStation
wsprintfA
MessageBoxA
GetDesktopWindow
advapi32
ReportEventA
DeregisterEventSource
RegisterEventSourceA
Sections
.text Size: 205KB - Virtual size: 205KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 82KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 139KB - Virtual size: 148KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.PetrWrap(Wiper).exe windows:5 windows x86 arch:x86
09d0478591d4f788cb3e5ea416c25237
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Sections
.text Size: 35KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Windows/Ransomware/WannaCrypt0r/WannaCrypt0r.exe.exe windows:4 windows x86 arch:x86
68f013d7437aa653a8a98a05807afeb1
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileAttributesW
GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetFileSize
WriteFile
LeaveCriticalSection
EnterCriticalSection
SetFileAttributesW
SetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetFileAttributesA
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
Sleep
OpenMutexA
GetFullPathNameA
CopyFileA
GetModuleFileNameA
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
SetFilePointer
SetFileTime
GetComputerNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
CreateProcessA
CloseHandle
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
FindResourceA
user32
wsprintfA
advapi32
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
CryptReleaseContext
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
msvcrt
realloc
fclose
fwrite
fread
fopen
sprintf
rand
srand
strcpy
memset
strlen
wcscat
wcslen
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
wcsrchr
swprintf
??2@YAPAXI@Z
memcpy
strcmp
strrchr
__p___argv
__p___argc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
Sections
.text Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/ReadMe.txt
-
Windows/Trojan.VBS.Bolbi/Bolbi.vbs.vbs
-
Windows/Win16/Virus.Win16.Apparition/App1.exe
-
Windows/Win16/Virus.Win16.Gollum/Gollum.exe
-
Windows/Win32/Joke.Win32.Badgame/not-virus_Joke.Win32.Badgame.exe.exe windows:1 windows x86 arch:x86
1a7a0385bb795e661196f2d332222b13
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
winmm
PlaySoundA
mciSendStringA
kernel32
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetModuleHandleA
CloseHandle
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
CreateFileA
RtlUnwind
WriteFile
DeleteFileA
user32
DialogBoxParamA
EndDialog
SendDlgItemMessageA
LoadIconA
SetTimer
KillTimer
RegisterClassA
MessageBoxA
SetCursor
GetMessageA
DispatchMessageA
wsprintfA
PostMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA
gdi32
GetStockObject
comctl32
InitCommonControls
crtdll
__GetMainArgs
exit
memset
raise
signal
strchr
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 1KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 88B - Virtual size: 88B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Windows/Win32/Joke.Win32.FakePetya/FakePetya.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 10KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Win32/Net-Worm.Win32.Opaserv/Opaserv.exe.exe windows:1 windows x86 arch:x86
598a9f449f493abc9b35793763fb5cb5
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA
advapi32
RegSetValueExA
user32
PeekMessageA
ws2_32
socket
Sections
pec1 Size: 9KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pec2 Size: 16KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Windows/Win32/Trojan.Win32.Alerta/Alerta.exe.exe windows:4 windows x86 arch:x86
c39355e1601f83c72a018b3ad2696dd1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm50
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaVarCmpNe
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
__vbaBoolVarNull
_CIsin
ord631
ord525
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
ord529
__vbaStrCmp
__vbaR4Str
__vbaI2I4
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaRedim
__vbaStrR8
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaVarCat
ord536
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
__vbaVarCopy
ord616
ord617
_CIatan
__vbaCastObj
__vbaStrMove
ord619
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord580
Sections
.text Size: 101KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/Win32/Trojan.Win32.IconDance/IconDance.exe.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 256KB - Virtual size: 255KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 2KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 16B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Win32/Trojan.Win32.Sevgi/Sevgi.exe.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 160KB - Virtual size: 332KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DATA Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 31KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.udata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Windows/Win32/Trojan.Win32.Whiter/Whiter.exe.exe windows:4 windows x86 arch:x86
be34509930ba722487a8c6d61a92740b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WinExec
GetTempFileNameA
FindFirstFileA
CopyFileA
FindNextFileA
GetCommandLineA
GetLastError
CreateMutexA
SetFileAttributesA
DeleteFileA
GetTempPathA
GetSystemDirectoryA
FreeEnvironmentStringsA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
HeapFree
CloseHandle
HeapReAlloc
HeapAlloc
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FindClose
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
SetFilePointer
VirtualAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
advapi32
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
Sections
.text Size: 32KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Win32/Virus.VBS.Karma/Readme.txt
-
Windows/Win32/Virus.VBS.Karma/karma.vbs.vbs
-
Windows/Win32/Virus.Win32.Antares/Antares.exe.exe windows:4 windows x86 arch:x86
30917b9b1ceb611d8d31e9fba9e6682b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ddraw
DirectDrawCreate
user32
MoveWindow
LoadImageA
SetTimer
KillTimer
GetDC
ReleaseDC
SetCursor
GetDlgItemTextA
SetDlgItemTextA
EndDialog
GetDlgItemInt
SetDlgItemInt
BeginPaint
EndPaint
GetClientRect
ClientToScreen
SetRect
AdjustWindowRect
GetWindowRect
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
GetMenu
PostQuitMessage
InvalidateRect
CheckMenuRadioItem
DialogBoxParamA
CheckMenuItem
DefWindowProcA
MessageBoxA
LoadAcceleratorsA
ShowWindow
UpdateWindow
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
gdi32
CreateCompatibleDC
BitBlt
DeleteDC
CreateFontA
SetTextColor
SetBkMode
SelectObject
TextOutA
DeleteObject
GetStockObject
advapi32
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
shell32
ShellExecuteA
kernel32
GetACP
GetLastError
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
WriteFile
CompareStringA
GetCPInfo
SetFilePointer
CloseHandle
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
GetCurrentProcess
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
HeapDestroy
GetFileType
CompareStringW
SetEnvironmentVariableA
VirtualFree
HeapCreate
FreeEnvironmentStringsW
GetModuleHandleA
GetProcAddress
LoadLibraryA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
Sections
.text Size: 52KB - Virtual size: 49KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 212KB - Virtual size: 212KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Windows/Win32/Virus.Win32.Rigel/Rigel.exe.exe windows:5 windows x86 arch:x86
98feaf0f8f73f7370e6122d9107f77bd
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
shell32
ShellAboutA
msvcrt
_exit
_strrev
_CxxThrowException
__CxxFrameHandler
_EH_prolog
_controlfp
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
toupper
memmove
strchr
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
kernel32
LocalReAlloc
LocalAlloc
GetCommandLineA
GetProfileIntA
GetStartupInfoA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GlobalCompact
GlobalReAlloc
GlobalAlloc
GlobalFree
lstrcmpA
Sleep
WriteProfileStringA
GlobalLock
GlobalSize
GlobalUnlock
CloseHandle
CreateEventA
CreateThread
ResetEvent
SetEvent
WaitForSingleObject
lstrcpyA
LocalFree
lstrlenA
lstrcatA
GetProfileStringA
gdi32
SetBkColor
SetTextColor
user32
MessageBoxA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
IsChild
IsDialogMessageA
GetMessageA
LoadAcceleratorsA
CreateWindowExA
LoadStringA
CharNextA
RegisterClassExA
GetSysColorBrush
LoadCursorA
LoadIconA
InvalidateRect
UpdateWindow
ShowWindow
SetDlgItemTextA
CheckMenuRadioItem
GetSubMenu
GetMenu
SetWindowPos
OffsetRect
MapWindowPoints
GetClientRect
EnableWindow
GetDlgItem
CreateDialogParamA
DestroyWindow
GetWindowRect
SetCursor
CheckRadioButton
SetFocus
MessageBeep
SendMessageA
EndDialog
DialogBoxParamA
SetWindowTextA
CloseClipboard
GetClipboardData
OpenClipboard
DestroyMenu
TrackPopupMenuEx
LoadMenuA
DefWindowProcA
ChildWindowFromPoint
ScreenToClient
PostQuitMessage
WinHelpA
EnableMenuItem
IsClipboardFormatAvailable
GetDlgCtrlID
DrawTextA
DrawEdge
GetSysColor
CheckDlgButton
SetDlgItemInt
GetWindowTextA
Sections
.text Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Windows/Win32/Virus.Win32.Winfig/Winfig.exe.exe windows:4 windows x86 arch:x86
671bc72c1cd67f17f0d7617e0e9f2a69
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm50
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaStrCmp
__vbaVarTstEq
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord531
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
ord610
__vbaVarDup
__vbaStrToAnsi
ord616
__vbaVarCopy
__vbaVarTstGe
ord617
_CIatan
__vbaStrMove
ord542
_allmul
ord545
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/Win9x/Trojan.Win9x.FlashKiller/FlashKiller.exe.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DATA Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Win9x/Virus.Win9x.CIH (Infected AlZip program)/AlZip.exe.exe windows:4 windows x86 arch:x86
2a486f6a5873b95792195d458df2cfdc
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersionExA
GetPrivateProfileStringA
GetDiskFreeSpaceA
FindFirstFileA
FindClose
GetModuleFileNameA
GetDriveTypeA
WinExec
MoveFileExA
GetShortPathNameA
lstrcatA
LocalAlloc
GetTempPathA
LocalFree
GetCurrentProcess
SetFileTime
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
GetSystemDirectoryA
lstrlenA
GetFullPathNameA
GlobalFree
GlobalAlloc
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
WideCharToMultiByte
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
CreateDirectoryA
HeapCompact
HeapSize
TerminateProcess
ExitProcess
GetFileAttributesA
SetFileAttributesA
MoveFileA
DeleteFileA
HeapAlloc
HeapFree
GetLastError
SetCurrentDirectoryA
MultiByteToWideChar
UnhandledExceptionFilter
FreeEnvironmentStringsA
SetEnvironmentVariableA
WritePrivateProfileStringA
GlobalHandle
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
SetHandleCount
SetFilePointer
CreateFileA
ReadFile
WriteFile
GetCurrentDirectoryA
CloseHandle
GlobalLock
GlobalUnlock
RtlUnwind
user32
DestroyWindow
TranslateMessage
GetMessageA
IsWindowVisible
DispatchMessageA
EndPaint
CreateDialogIndirectParamA
MessageBoxA
wsprintfA
SetWindowTextA
SetWindowPos
ShowWindow
IsDialogMessageA
GetDlgItem
ScreenToClient
GetWindowRect
SendDlgItemMessageA
EnableWindow
SetFocus
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
KillTimer
BeginPaint
SetTimer
RegisterWindowMessageA
OemToCharA
GetParent
GetDC
ReleaseDC
SetWindowLongA
GetClientRect
FillRect
GetWindow
GetSysColor
CreateWindowExA
LoadIconA
LoadCursorA
RegisterClassA
FindWindowA
GetLastActivePopup
BringWindowToTop
GetSystemMetrics
AdjustWindowRectEx
UpdateWindow
IsIconic
RedrawWindow
PostQuitMessage
DefWindowProcA
PostMessageA
IsDlgButtonChecked
ExitWindowsEx
CheckDlgButton
gdi32
AddFontResourceA
ExtTextOutA
GetStockObject
CreateSolidBrush
DeleteObject
CreateFontIndirectA
GetObjectA
SetBkColor
CreatePalette
GetSystemPaletteEntries
GetDeviceCaps
StretchDIBits
RealizePalette
SelectPalette
IntersectClipRect
TextOutA
SetTextColor
SetBkMode
CreateDIBPatternBrush
SelectObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
comdlg32
GetSaveFileNameA
advapi32
LookupPrivilegeValueA
RegQueryValueA
RegOpenKeyA
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
ole32
CoCreateInstance
OleInitialize
OleUninitialize
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Windows/Win9x/Virus.Win9x.CIH/CIH.exe.exe windows:3 windows x86 arch:x86
4030ac47b2bec11178018951f95ad48c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
wsock32
gethostbyname
WSAStartup
ioctlsocket
crtdll
_fmode_dll
_global_unwind2
exit
toupper
sprintf
free
malloc
_pctype_dll
_isctype
__mb_cur_max_dll
sscanf
fprintf
_iob
time
_exit
_XcptFilter
_initterm
__GetMainArgs
_commode_dll
_local_unwind2
kernel32
GetProcessHeap
HeapAlloc
GetLastError
LocalFree
FormatMessageA
GetProcAddress
LoadLibraryA
HeapFree
user32
CharToOemA
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Windows/Win9x/Virus.Win9x.Prizm/Prizm.exe.exe windows:1 windows x86 arch:x86
105732f0c6968ac8bea2b4476eda4263
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
user32
MessageBoxA
kernel32
GetProcAddress
GetModuleHandleA
ExitProcess
Sections
CODE Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 4KB - Virtual size:
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Windows/Win9x/Virus.Win9x.Shoerec/Shoerec.exe.exe windows:4 windows x86 arch:x86
e0f41be3cb937dabff34123390991845
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrlenA
GlobalAlloc
ExitProcess
GetModuleHandleA
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WinExec
CopyFileA
WriteFile
SetEndOfFile
DeleteFileA
GetVersionExA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
CloseHandle
GetModuleFileNameA
GlobalUnlock
GlobalLock
GetCommandLineA
GetStartupInfoA
QueryPerformanceCounter
GlobalFree
user32
ClientToScreen
GetCursorPos
ScreenToClient
FillRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
SetCursor
EndPaint
BeginPaint
DestroyMenu
CheckMenuItem
InvalidateRect
SetWindowLongA
GetMenu
SetMenu
LoadMenuA
GetCapture
DialogBoxParamA
TrackPopupMenu
GetSubMenu
EnableMenuItem
DefWindowProcA
DestroyWindow
PostQuitMessage
LoadStringA
CreateWindowExA
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetWindow
GetDesktopWindow
MoveWindow
EndDialog
GetWindowRect
SetWindowPos
GetDC
ReleaseDC
GetWindowLongA
GetClientRect
WindowFromPoint
gdi32
GetTextMetricsA
CreateFontIndirectA
DeleteObject
SelectObject
StretchDIBits
SetDIBitsToDevice
GdiFlush
CreateCompatibleBitmap
DeleteDC
CreateDIBSection
GetDeviceCaps
CreateCompatibleDC
BitBlt
RealizePalette
SelectPalette
CreateSolidBrush
GetClipBox
RestoreDC
IntersectClipRect
SaveDC
GetSystemPaletteEntries
ExtTextOutA
CreatePalette
EnumFontFamiliesA
SetBkMode
SetTextColor
SetTextAlign
comdlg32
GetSaveFileNameA
GetOpenFileNameA
advapi32
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegSetValueA
RegCloseKey
shell32
DragQueryFileA
DragAcceptFiles
winmm
waveOutPrepareHeader
waveOutUnprepareHeader
timeKillEvent
timeEndPeriod
timeGetTime
timeBeginPeriod
timeGetDevCaps
waveOutWrite
waveOutReset
timeSetEvent
waveOutOpen
waveOutGetDevCapsA
waveOutClose
Sections
.text Size: 108KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Windows/Win9x/Virus.Win9x.Smash/Smash.exe.exe windows:1 windows x86 arch:x86
e884b31e8e607b0f2c8df90f116983fe
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleA
GetProcAddress
ExitProcess
Sections
CODE Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CODE32 Size: 9KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE