ce282e10539094d964b392a274c9979c

Sharing

Copy URL Twitter E-mail

General

Target

ce282e10539094d964b392a274c9979c
Size

649KB
MD5

ce282e10539094d964b392a274c9979c
SHA1

7b5848718802d9544fcb6b29a2297ebf8bf5f5ca
SHA256

30cc64888b0a0e39ff7452b40e5396233cd870dd57bb53e22111a14bcab6a5c5
SHA512

a6f1896f61468128a075aa329907edf42c4ec4592e59b7c9b736e84773aa395462e368c2eae8d76a0641b89b80e3494f446edc1f69586d9a5e407f477f13f741
SSDEEP

12288:JLHusRj2oPX9EViQ/vzX4bJsAP9ebDczs6xAIb32S+5AIzP/JvOPVu7V4/:NO5oP9vuvzGJPVsAzziIb3OXzXJa4y

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/HFxRoom.exe	upx
static1/unpack001/UpData.exe	upx
static1/unpack001/VSxRoom.exe	upx
static1/unpack001/WarMapHelper.exe	upx
static1/unpack001/WarMpqPlug.exe	upx

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HFxRoom.exe
unpack002/out.upx
unpack001/SFmpq.dll
unpack001/SW3GLib.dll
unpack001/UpData.exe
unpack003/out.upx
unpack001/VSxRoom.exe
unpack004/out.upx
unpack001/WarHelper.exe
unpack001/WarMapHelper.exe
unpack005/out.upx
unpack001/WarMpqPlug.exe
unpack006/out.upx

Files

ce282e10539094d964b392a274c9979c
.zip
Chat/DOTA.txt
Chat/κ3C.txt
Chat/Ц.txt
Chat/ؼ1.txt
Chat/ؼ2.txt
Chat/RPG.txt
Chat/ų.txt
Chat/.txt
Close.wav
HFxRoom.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KeyDim/Dota/Dota ļ˵.txt
KeyDim/Dota/ĺɫ/ɳ - Crixalis.ini
KeyDim/Dota/ĺɫ/ʹ֮Դ - Atropos.ini
KeyDim/Dota/ĺɫ/Ѫħ - Strygwyr.ini
KeyDim/Dota/ĺɫ/Ӱħ - Nevermore.ini
KeyDim/Dota/ĺɫ/ϫ - Leviathan.ini
KeyDim/Dota/ĺɫ/Ѩ֯ - Anub`seran.ini
KeyDim/Dota/ĺɫ/ - Abaddon.ini
KeyDim/Dota/ĺɫ/ - Mogul Kahn.ini
KeyDim/Dota/ĺɫ/ѻ - Barathrum.ini
KeyDim/Dota/ĺɫ/鷨ʦ - Rotund`jere.ini
KeyDim/Dota/ĺɫ/ - Pudge.ini
KeyDim/Dota/ĺɫ/ʦ - Pugna.ini
KeyDim/Dota/ƻ/Ӱʦ - Dazzle.ini
KeyDim/Dota/ƻ/ʬ - Dirge.ini
KeyDim/Dota/ƻ/ - Keal.ini
KeyDim/Dota/ƻ/زʦ - Meepo.ini
KeyDim/Dota/ƻ/ڰ - Ish'kafel.ini
KeyDim/Dota/ƻ/׻ - Harbinger.ini
KeyDim/Dota/ƻ/Ԩ - Azgalor.ini
KeyDim/Dota/ƻ/ʿ - Demnok Lannik.ini
KeyDim/Dota/ƻ/ҽ - Vol'jin.ini
KeyDim/Dota/ƻ/Ĺ - Mercurial.ini
KeyDim/Dota//ʥô̿ - Lunaya.ini
KeyDim/Dota//˫ͷ - Jakiro.ini
KeyDim/Dota//籩֮ - Raijin Thunderkeg.ini
KeyDim/Dota//ʿ - Razzil Darkbrew.ini
KeyDim/Dota//ʿ - Huskar.ini
KeyDim/Dota// - Rexxar.ini
KeyDim/Dota//Ů - Puck.ini
KeyDim/Dota//֮Ů˾ - Mirana Nightshade.ini
KeyDim/Dota//ĩʹ - Lucifer.ini
KeyDim/Dota//ʳʬ - N`aix.ini
KeyDim/Dota//ʹŮ - Akasha.ini
KeyDim/Dota//ڤ - Viper.ini
KeyDim/Dota//ҹħ - Balanar.ini
KeyDim/Dota//Ѩ̿ - Anub`arak.ini
KeyDim/Dota//߷Ů - Medusa.ini
KeyDim/Dota//Ļ - Razor.ini
KeyDim/Dota//ռ - Darkterror.ini
KeyDim/Dota// - Slardar.ini
KeyDim/Dota// - Bone Clinkz.ini
KeyDim/Dota// - King Leoric.ini
KeyDim/Dota/峿/ˮŮ - Rylai Crestfall.ini
KeyDim/Dota/峿/徫 - Morphling.ini
KeyDim/Dota/峿/³ - Syllabear.ini
KeyDim/Dota/峿/֮ - Shandelzare Silkwood.ini
KeyDim/Dota/峿/ţ - Raigor Stonehoof.ini
KeyDim/Dota/峿/ʥ - Yurnero.ini
KeyDim/Dota/峿/˽ - Sven.ini
KeyDim/Dota/峿/Ⱥ - Slithice.ini
KeyDim/Dota/峿/㶺ħʦ - Lina Inverse.ini
KeyDim/Dota/峿/δ̿ - Rikimaru.ini
KeyDim/Dota/峿/֮ - Zeus.ini
KeyDim/Dota/峿/ȻħŮ - Aiushtha.ini
KeyDim/Dota//ȫʿ - Purist Thunderwrath.ini
KeyDim/Dota//˾ѻ - Kardel Sharpeye.ini
KeyDim/Dota//Ӱ - Rhasta.ini
KeyDim/Dota// - Bradwarden.ini
KeyDim/Dota//зʦ - Magina.ini
KeyDim/Dota//ձ - Rigwarl.ini
KeyDim/Dota//ڰ - Traxex.ini
KeyDim/Dota//ħս - Jah`rakal.ini
KeyDim/Dota//ʿ - Knight Davion.ini
KeyDim/Dota//ͽ - Gondar.ini
KeyDim/Dota//è - Mangix.ini
KeyDim/Dota//֮ʿ - Luna Moonfang.ini
KeyDim/Dota/ҹ/ - Magnus.ini
KeyDim/Dota/ҹ/ħʦ - Lion.ini
KeyDim/Dota/ҹ/Ӱ̿ - Mortred.ini
KeyDim/Dota/ҹ/ʿ - Nessaj.ini
KeyDim/Dota/ҹ/綾ʿ - Lesale Deathbringer.ini
KeyDim/Dota/ҹ/ - Banehallow.ini
KeyDim/Dota/ҹ/ - Terrorblade.ini
KeyDim/Dota/ҹ/ĥ - Leshrac the Malicious.ini
KeyDim/Dota/ҹ/ - Visage.ini
KeyDim/Dota/ҹ/֪ - Krobelus.ini
KeyDim/Dota/ҹ/ - Kel'Thuzad.ini
KeyDim/Dota/ҹ/ĸ֩ - Black Arachnia.ini
KeyDim/Dota//ɽ - Tiny.ini
KeyDim/Dota//ʥʿ - Chen.ini
KeyDim/Dota//ʳħħʦ - Aggron Stonebreaker.ini
KeyDim/Dota//Ĭʿ - Nortrom.ini
KeyDim/Dota//粼ֹʦ - Squee and Spleen.ini
KeyDim/Dota//֮ - Ezalor.ini
KeyDim/Dota//Ӱì - Azwraith.ini
KeyDim/Dota// - Darchrow.ini
KeyDim/Dota//ʿ - Rooftrellen.ini
KeyDim/Dota//֪ - Furion.ini
KeyDim/Dota//޲ - Boush.ini
KeyDim/Dota//սʿ - Ulfsaar.ini
KeyDim/ħͨ.ini
KeyDim/κ3C - ţͷ.ini
KeyDim/κ3C - .ini
KeyDim/ն.ini
KeyDim/ɷɱ.ini
KeyDim/ų֮Ұ.ini
KeyDim/3 - ŷ.ini
Open.wav
Restore.wav
SFmpq.dll
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

DStormDestroy
MpqAddFileFromBuffer
MpqAddFileFromBufferEx
MpqAddFileToArchive
MpqAddFileToArchiveEx
MpqAddWaveFromBuffer
MpqAddWaveToArchive
MpqCloseUpdatedArchive
MpqCompactArchive
MpqDeleteFile
MpqGetVersion
MpqGetVersionString
MpqInitialize
MpqOpenArchiveForUpdate
MpqRenameFile
MpqSetFileLocale
SFCloseArchive
SFCloseFile
SFDCloseArchive
SFDCloseFile
SFDDestroy
SFDGetArchiveName
SFDGetBasePath
SFDGetFileArchive
SFDGetFileName
SFDGetFileSize
SFDOpenArchive
SFDOpenFile
SFDOpenFileEx
SFDReadFile
SFDSetBasePath
SFDSetFilePointer
SFDSetLocale
SFGetFileSize
SFMpqCompareVersion
SFMpqDestroy
SFMpqGetVersion
SFMpqGetVersionString
SFMpqGetVersionString2
SFOpenArchive
SFOpenFile
SFOpenFileEx
SFReadFile
SFSetFilePointer
SFSetLocale
SFileCloseArchive
SFileCloseFile
SFileDestroy
SFileFindMpqHeader
SFileGetArchiveName
SFileGetBasePath
SFileGetFileArchive
SFileGetFileInfo
SFileGetFileName
SFileGetFileSize
SFileListFiles
SFileOpenArchive
SFileOpenFile
SFileOpenFileEx
SFileReadFile
SFileSetArchivePriority
SFileSetBasePath
SFileSetFilePointer
SFileSetLocale
StormDestroy

Sections

.text
Size: 59KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SW3GLib.dll
.dll windows:5 windows x86 arch:x86

348b62bb5cd5f75c2f868949522b56ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
CloseHandle
MapViewOfFile
CreateFileMappingA
GetFileSize
GetLastError
CreateFileW
MultiByteToWideChar
lstrlenA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapSize
VirtualAlloc
HeapReAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

SwlCloseReplayFile
SwlLoadReplayFile
SwlParseReplayFile
SwlQueryInformationChatLogs
SwlQueryInformationPlayer
SwlQueryReplayInformation

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpData.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VSxRoom.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WH_Set.ini
WH_UpData.dat
WH_UpData/Updata_Info.txt
WarHelper.exe
.exe windows:4 windows x86 arch:x86

36bd5f16972cd12f917eef17e39decd2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
ord696
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaResume
__vbaCopyBytes
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
ord662
__vbaNameFile
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord591
ord592
__vbaForEachCollObj
__vbaStrBool
__vbaExitProc
__vbaBoolStr
__vbaFileCloseAll
__vbaObjSet
__vbaOnError
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
ord599
__vbaStrFixstr
__vbaBoolVar
ord520
__vbaStrTextCmp
__vbaRefVarAry
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
ord709
ord631
__vbaNextEachCollObj
ord525
ord632
__vbaChkstk
ord526
EVENT_SINK_AddRef
ord527
ord528
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
__vbaFailedFriend
__vbaI2Str
ord607
ord608
ord531
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
ord535
__vbaLsetFixstrFree
__vbaI2Var
ord644
ord537
ord645
_CIlog
__vbaVarLateMemCallLdRf
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
ord681
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaR8Var
ord577
_adj_fdiv_r
ord685
ord578
ord100
ord579
__vbaVarTstNe
__vbaI4Var
__vbaForEachAry
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaFpI4
ord616
__vbaVarTstGe
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaI2ErrVar
__vbaUI1Str
__vbaStrMove
__vbaCastObj
ord618
__vbaAryCopy
__vbaR8IntI4
__vbaStrVarCopy
__vbaHresultCheckNonvirt
ord619
ord650
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
ord546
__vbaUI1Var
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
ord580
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign
ord581

Sections

.text
Size: 712KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WarMapHelper.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WarMpqPlug.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ʹñؿ˵.txt
־.txt
ʹЭ.txt
Ϸؼ.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 112KB

UPX1 Size: 31KB - Virtual size: 32KB

.rsrc Size: 24KB - Virtual size: 28KB

Headers

File Characteristics

Sections

.text Size: 100KB - Virtual size: 97KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 28KB - Virtual size: 24KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 184KB

.rsrc Size: 7KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 4KB

348b62bb5cd5f75c2f868949522b56ec

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 263KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 96KB

UPX1 Size: 36KB - Virtual size: 36KB

.rsrc Size: 23KB - Virtual size: 24KB

Headers

File Characteristics

Sections

.text Size: 92KB - Virtual size: 90KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 24KB - Virtual size: 23KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 116KB

UPX1 Size: 33KB - Virtual size: 36KB

.rsrc Size: 24KB - Virtual size: 28KB

Headers

File Characteristics

Sections

.text Size: 108KB - Virtual size: 106KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 28KB - Virtual size: 24KB

36bd5f16972cd12f917eef17e39decd2

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 712KB - Virtual size: 710KB

.data Size: 4KB - Virtual size: 20KB

.rsrc Size: 28KB - Virtual size: 24KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 168KB

UPX1 Size: 58KB - Virtual size: 60KB

.rsrc Size: 24KB - Virtual size: 28KB

UPX0
Size: - Virtual size: 112KB

UPX1
Size: 31KB - Virtual size: 32KB

.rsrc
Size: 24KB - Virtual size: 28KB

.text
Size: 100KB - Virtual size: 97KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 28KB - Virtual size: 24KB

.text
Size: 59KB - Virtual size: 184KB

.rsrc
Size: 7KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 263KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 96KB

UPX1
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 23KB - Virtual size: 24KB

.text
Size: 92KB - Virtual size: 90KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 23KB

UPX0
Size: - Virtual size: 116KB

UPX1
Size: 33KB - Virtual size: 36KB

.rsrc
Size: 24KB - Virtual size: 28KB

.text
Size: 108KB - Virtual size: 106KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 28KB - Virtual size: 24KB

.text
Size: 712KB - Virtual size: 710KB

.data
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 28KB - Virtual size: 24KB

UPX0
Size: - Virtual size: 168KB

UPX1
Size: 58KB - Virtual size: 60KB

.rsrc
Size: 24KB - Virtual size: 28KB

.text
Size: 180KB - Virtual size: 177KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 28KB - Virtual size: 24KB

UPX0
Size: - Virtual size: 124KB

UPX1
Size: 29KB - Virtual size: 32KB

.rsrc
Size: 24KB - Virtual size: 28KB

.text
Size: 112KB - Virtual size: 109KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 28KB - Virtual size: 24KB