rogues[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rogues.zip
Size

20.8MB
MD5

acc41c68b1f31124c2c7e73f34244482
SHA1

1af010aeafd39eada93bc3979d8d26cac0661587
SHA256

85bf2e8c80d2595a325c9b02d248a8e652500fe20b5b371c91283d36b59164ac
SHA512

fb0e89543dc35cfa50288391481ea75a956e2f58db4a79b9303669bb9aa259990c4c0ffda96934fc31b15d8f2966458f9686c57fc69405fbd3665a564554f7b4
SSDEEP

393216:g5/KgdcNJ5aZC7f81yo72VV9eGFHb1IkFsvtS2RhdZp+W7CPGKmdT:g5Z4wr2VV9eW1/sv/vjuPQdT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/Antivirus 2009 Plus.exe	upx
static1/unpack008/CleanThis.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack003/out.upx
unpack004/AnViPC2009.exe
unpack005/AntivirusPlatinum.exe
unpack006/Antivirus.exe
unpack007/Antivirus2010.exe
unpack008/CleanThis.exe
unpack009/out.upx

Files

rogues.zip
.zip
rogues/Antivirus 2009 Plus.zip
.zip
Antivirus 2009 Plus.exe
.exe windows:4 windows x86 arch:x86

Code Sign

35:73:d1:73:b3:f1:e3:a1:e9:b3:c7:c9:df:86:75:a9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/09/2008, 00:00

Not After

09/09/2009, 23:59

Subject

CN=MILSTRON Ltd,O=MILSTRON Ltd,POSTALCODE=EH6 5DT,STREET=UNIT 19\, LEITH WALK BUSINESS CENTRE\, 108 LEITH WALK,L=EDINBURGH,ST=Midlothian,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

31:53:94:01:ef:63:64:33:2a:82:47:70:bd:ac:cd:24:fa:9e:65:09
Signer

Actual PE Digest

31:53:94:01:ef:63:64:33:2a:82:47:70:bd:ac:cd:24:fa:9e:65:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 920KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 662KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rogues/Antivirus PC 2009.zip
.zip
AnViPC2009.exe
.exe windows:5 windows x86 arch:x86

9402b48d966c911f0785b076b349b5ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

ord17

kernel32

DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoA
GetNumberFormatA
lstrcmpiA
GetProcAddress
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
UnmapViewOfFile
GetCommandLineA
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
SetEnvironmentVariableA
OpenFileMappingA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
SetLastError
GetStdHandle
ReadFile
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileA
SetFileTime
GetCurrentProcess
CloseHandle
GetLastError
DosDateTimeToFileTime

user32

ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
LoadIconA
CharToOemA
OemToCharA
GetClassNameA
CharUpperA
GetWindowRect
GetParent
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
EnableWindow
FindWindowExA
wvsprintfA
CharToOemBuffA
LoadStringA
SetWindowPos
GetWindowTextA
GetWindow
GetSystemMetrics
OemToCharBuffA
DestroyWindow

gdi32

GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rogues/Antivirus Platinum.zip
.zip
AntivirusPlatinum.exe
.exe windows:5 windows x86 arch:x86

50610e34092d6ce13e51e7c9d5197081

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

ord17

kernel32

DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoA
GetNumberFormatA
GetProcAddress
DosDateTimeToFileTime
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
GetModuleFileNameW
SetEnvironmentVariableA
GetCommandLineA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
GetStdHandle
ReadFile
SetLastError
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileA
SetFileTime
GetCurrentProcess
CloseHandle
GetLastError
lstrcmpiA

user32

ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
LoadIconA
CharToOemA
OemToCharA
GetClassNameA
CharUpperA
GetWindowRect
GetParent
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
DispatchMessageA
DestroyWindow
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
EnableWindow
FindWindowExA
wvsprintfA
CharToOemBuffA
LoadStringA
SetWindowPos
GetWindowTextA
GetWindow
GetSystemMetrics
OemToCharBuffA
TranslateMessage

gdi32

GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rogues/Antivirus.zip
.zip
Antivirus.exe
.exe windows:4 windows x86 arch:x86

5a2c800e40f7e30fbf38d55c7090d219

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Working Copies\Bundles\Antivirus\Av\release\avt_main.pdb

Imports

kernel32

GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GetThreadLocale
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
GlobalFlags
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
ExitThread
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
TlsGetValue
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
LocalAlloc
InterlockedCompareExchange
WritePrivateProfileStringW
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
FormatMessageW
LocalFree
SuspendThread
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
CreateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MoveFileA
HeapFree
GetProcessHeap
HeapAlloc
FlushFileBuffers
GetVersion
SearchPathA
GetWindowsDirectoryA
lstrcpynA
ResetEvent
SetEvent
WaitForSingleObject
ResumeThread
CreateEventW
Module32NextW
Module32FirstW
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingW
CreateFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
MoveFileExW
GetFileAttributesW
lstrcmpW
FreeLibrary
GetWindowsDirectoryW
GetModuleFileNameA
SetThreadPriority
GetModuleFileNameW
CreateProcessA
GetSystemDirectoryA
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcpyA
GetFileAttributesA
ReadFile
GetFileSize
WriteFile
CreateFileA
MoveFileExA
GetCurrentThread
GetCurrentProcess
GetVersionExW
GlobalLock
GlobalAlloc
SizeofResource
GlobalFree
GlobalUnlock
MulDiv
lstrcpynW
LoadLibraryA
WinExec
lstrcatW
GetModuleHandleA
FreeResource
LockResource
LoadResource
FindResourceW
CreateMutexW
GetCommandLineW
Process32NextW
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiW
lstrcpyW
Process32FirstW
CreateToolhelp32Snapshot
InterlockedExchange
RemoveDirectoryA
GetTempPathA
DeleteFileA
ExpandEnvironmentStringsA
DeleteFileW
ExpandEnvironmentStringsW
lstrcmpiA
FindClose
lstrcmpA
GetVolumeInformationA
GetDriveTypeA
MultiByteToWideChar
lstrlenA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetLogicalDrives
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
WideCharToMultiByte
lstrlenW
ExitProcess
lstrcatA
VirtualProtect
Sleep

user32

GetMessageW
ValidateRect
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
CheckRadioButton
CheckDlgButton
BeginPaint
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
GetKeyState
GetScrollPos
GetMenu
GetMenuItemCount
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
CallWindowProcW
IntersectRect
GetWindowPlacement
DrawEdge
FrameRect
DrawStateW
GetWindowDC
CreateIconIndirect
GetIconInfo
GetWindowThreadProcessId
DrawFocusRect
SetRectEmpty
EnableMenuItem
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
DestroyIcon
DeleteMenu
GetSubMenu
LoadMenuW
RedrawWindow
SetWindowRgn
RegisterWindowMessageW
SendMessageW
UnregisterClassA
EnableWindow
InvalidateRect
GetClientRect
GetSysColorBrush
SetClipboardViewer
CloseClipboard
GetClipboardData
OpenClipboard
LoadBitmapW
IsCharAlphaNumericW
SetFocus
FillRect
SetRect
PostMessageW
GetCursorPos
UpdateWindow
ClientToScreen
GetCaretPos
GetClassNameW
GetFocus
UpdateLayeredWindow
GetWindow
LockSetForegroundWindow
UnregisterClassW
DestroyWindow
RegisterClassExW
DefWindowProcW
CopyIcon
InflateRect
GetSysColor
ScreenToClient
GetMessagePos
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
ReleaseCapture
SetCapture
CharUpperW
CharNextW
PeekMessageW
SetWindowPos
OffsetRect
DestroyMenu
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
GetWindowTextW
WindowFromPoint
SystemParametersInfoA
PostThreadMessageW
GetSystemMetrics
EqualRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadIconW
CreatePopupMenu
AppendMenuW
GetWindowRect
wsprintfW
wsprintfA
SendMessageTimeoutW
EnumWindows
SetForegroundWindow
IsIconic
ShowWindow
GetDesktopWindow
IsWindowEnabled
GetActiveWindow
SetActiveWindow
LoadIconA
DrawIcon
IsWindowVisible
FindWindowA
PtInRect
LoadImageW
GetParent
GetDC
ReleaseDC
GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
LoadCursorW
IsWindow
CopyRect
SystemParametersInfoW
MessageBoxW
GetDlgItem
CreateWindowExW
SetCursor
EndPaint

gdi32

CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
CreateFontW
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
SetDIBits
GetDIBits
CombineRgn
GetPixel
CreateRectRgn
SetBkColor
GetMapMode
SetMapMode
CreateBitmap
DPtoLP
StretchBlt
SetStretchBltMode
GetCurrentObject
CreateDIBSection
DeleteObject
GetTextExtentPoint32W
DeleteDC
GetDeviceCaps
CreateFontIndirectW
BitBlt
SelectObject
CreateCompatibleDC
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

AdjustTokenPrivileges
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyExW
RegEnumKeyExA
RegOpenKeyA
RegEnumKeyA
RegEnumValueA
RegQueryValueW
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
InitiateSystemShutdownW
RegCloseKey
LookupPrivilegeValueW
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegSetValueExA
RegCreateKeyA
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyW
RegEnumValueW
RegDeleteValueW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHEmptyRecycleBinW
SHAddToRecentDocs
ShellExecuteA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
StrStrA
SHDeleteValueW
StrStrIA
StrCmpIW
SHGetValueA
SHDeleteKeyW
StrStrW
StrStrIW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantInit
SysStringLen
OleCreateFontIndirect
SysFreeString
SafeArrayDestroy
VariantCopy
SysAllocString
GetErrorInfo

gdiplus

GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipCreateBitmapFromHBITMAP
GdipSetSmoothingMode
GdipDrawImageRectI
GdipReleaseDC
GdipCreatePen1
GdipDeletePen
GdipDrawLineI

psapi

GetModuleFileNameExW

wininet

InternetConnectW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
FindNextUrlCacheEntryA
InternetReadFile
HttpQueryInfoW
InternetOpenW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle

msvfw32

MCIWndCreateW

wintrust

WinVerifyTrust

Sections

.text
Size: 692KB - Virtual size: 691KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rogues/Antivirus2010.zip
.zip
Antivirus2010.exe
.exe windows:4 windows x86 arch:x86

7fbaa4ed437c6c11ecec3f2819b67132

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreate
DirectDrawCreateEx

user32

SetMenuItemBitmaps
GetClientRect
MapDialogRect
GetSysColorBrush
IsWindowEnabled
GetNextDlgGroupItem
CreateWindowExW
EnableMenuItem
DestroyWindow
GetWindowLongW
PostMessageW
DrawIcon
InvalidateRgn
GetParent
GetDesktopWindow
IsIconic
ValidateRect
SetActiveWindow
GetMenuState
IsWindowVisible
MessageBeep
SetMenu
EndDialog
SetTimer
DispatchMessageW
GetMenuCheckMarkDimensions
GetSystemMetrics
UpdateWindow
LoadBitmapW
GetKeyState
ModifyMenuW
GetActiveWindow
GetDlgItem
SetWindowContextHelpId
SetWindowPos
CheckMenuItem
GetCursorPos
GetFocus
CreateDialogIndirectParamW
GetWindow
PeekMessageW
IsWindow
EnableWindow
PostQuitMessage
GetNextDlgTabItem
TranslateMessage

kernel32

VirtualUnlock
GlobalAlloc
SetUnhandledExceptionFilter
InterlockedCompareExchange
GlobalHandle
GetTempPathW
QueryPerformanceCounter
WideCharToMultiByte
GetCurrentProcess
GetComputerNameW
ProcessIdToSessionId
GetVersionExW
LocalFree
ReleaseMutex
VirtualAlloc
CreateThread
GetSystemInfo
LCMapStringW
TerminateProcess
LoadResource
LeaveCriticalSection
SetEvent
lstrlenW
MultiByteToWideChar
GetProcAddress
RaiseException
IsDebuggerPresent
WaitForMultipleObjects
GetStartupInfoW
HeapSetInformation
FlushInstructionCache
CloseHandle
GetVersionExA
LoadLibraryW
LockResource
GetModuleHandleA
FindResourceW
GetProcessId
GetThreadLocale
GetSystemDirectoryW
GetModuleFileNameW
VirtualFree
GlobalFree
GetLocaleInfoW
CreateMutexW
DeleteCriticalSection
FormatMessageW
OpenProcess
SetLastError
LocalAlloc
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryExW
FreeLibrary
FindResourceExW
InitializeCriticalSection
MulDiv
lstrlenA
WaitForSingleObject
GetCurrentThreadId
InterlockedDecrement
ResetEvent
VirtualLock
HeapFree
HeapReAlloc
HeapSize
GetLocaleInfoA
lstrcmpW
GlobalUnlock
LoadLibraryA
UnhandledExceptionFilter
CreateFileW
GetLastError
HeapAlloc
InterlockedExchange
EnterCriticalSection
GlobalLock
SizeofResource
InterlockedIncrement
IsProcessorFeaturePresent
CreateEventW
GetACP
Sleep
HeapDestroy
GetModuleHandleW

msvcrt

_controlfp
_amsg_exit
_initterm
__wgetmainargs
exit
log
__setusermatherr
_wtoi64
__set_app_type
iswdigit
_exit
memset
_cexit
_initterm
__p__fmode
?terminate@@YAXXZ
_wcmdln
memcpy
__p__commode
_XcptFilter

Sections

.text
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rogues/CleanThis.zip
.zip
CleanThis.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 904KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rogues/E-set Antivirus 2011.zip
.zip
rogues/FakeAdwCleaner.zip
.zip
rogues/HappyAntivirus.zip
.zip
rogues/Movie.mpeg.zip
.zip
rogues/NavaShield.zip
.zip
rogues/RegistrySmart.zip
.zip
rogues/SmartDefragmenter.zip
.zip
rogues/SpySheriff.zip
.zip

Sharing

General

Malware Config

Signatures

Files

Code Sign

35:73:d1:73:b3:f1:e3:a1:e9:b3:c7:c9:df:86:75:a9Certificate

Extended Key Usages

Key Usages

31:53:94:01:ef:63:64:33:2a:82:47:70:bd:ac:cd:24:fa:9e:65:09Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 920KB

UPX1 Size: 662KB - Virtual size: 664KB

.rsrc Size: 29KB - Virtual size: 32KB

Headers

File Characteristics

Sections

CODE Size: 1.1MB - Virtual size: 1.1MB

DATA Size: 19KB - Virtual size: 19KB

BSS Size: - Virtual size: 9KB

.idata Size: 12KB - Virtual size: 12KB

.tls Size: - Virtual size: 24B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 66KB - Virtual size: 65KB

.rsrc Size: 351KB - Virtual size: 351KB

9402b48d966c911f0785b076b349b5ef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 47KB

.CRT Size: 512B - Virtual size: 16B

.rsrc Size: 16KB - Virtual size: 15KB

50610e34092d6ce13e51e7c9d5197081

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 47KB

.CRT Size: 512B - Virtual size: 16B

.rsrc Size: 16KB - Virtual size: 15KB

5a2c800e40f7e30fbf38d55c7090d219

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

35:73:d1:73:b3:f1:e3:a1:e9:b3:c7:c9:df:86:75:a9
Certificate

31:53:94:01:ef:63:64:33:2a:82:47:70:bd:ac:cd:24:fa:9e:65:09
Signer

UPX0
Size: - Virtual size: 920KB

UPX1
Size: 662KB - Virtual size: 664KB

.rsrc
Size: 29KB - Virtual size: 32KB

CODE
Size: 1.1MB - Virtual size: 1.1MB

DATA
Size: 19KB - Virtual size: 19KB

BSS
Size: - Virtual size: 9KB

.idata
Size: 12KB - Virtual size: 12KB

.tls
Size: - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 66KB - Virtual size: 65KB

.rsrc
Size: 351KB - Virtual size: 351KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 47KB

.CRT
Size: 512B - Virtual size: 16B

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 47KB

.CRT
Size: 512B - Virtual size: 16B

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 692KB - Virtual size: 691KB

.rdata
Size: 186KB - Virtual size: 186KB

.data
Size: 15KB - Virtual size: 34KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 433KB - Virtual size: 432KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 336KB - Virtual size: 336KB

.rsrc
Size: 1024B - Virtual size: 1024B

UPX0
Size: - Virtual size: 904KB

UPX1
Size: 580KB - Virtual size: 584KB

.rsrc
Size: 37KB - Virtual size: 40KB

.text
Size: 920KB - Virtual size: 920KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 25KB - Virtual size: 25KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 12KB - Virtual size: 12KB

.tls
Size: - Virtual size: 60B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 67KB - Virtual size: 66KB

.rsrc
Size: 397KB - Virtual size: 397KB