Microsoft Bob 1[.]00 (OEM)(CD)[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

Microsoft Bob 1.00 (OEM)(CD).7z
Size

30.4MB
MD5

d98169d07eededd4fedcc394dbf64a7c
SHA1

333b018cccd4ef5ed37289c88bf0428656b2b73f
SHA256

c5dbd9782dd67cb240a03670cfc0e4fbe9c54f8e126c7134f3495c01647674aa
SHA512

92e7efcd34471e6014d0ddb43e17994be30f013bb534ffabda789762a11bc9a9201cad032a54d63cf8fceac78f0439b451c6b0ff17e8089957c990970b89212f
SSDEEP

786432:dIExDwXZSPegRatUU37/laP++PcT08inbuBHiyiDDBiuD:GEtwXZujKUU37/8myp8ie4FJD

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack003/UMLM532.DLL
unpack003/UMLMM32.DLL
unpack003/UMLMNP32.DLL
unpack003/UMLXP32.DLL

Files

Microsoft Bob 1.00 (OEM)(CD).7z
.7z
Microsoft Bob 1.00 (OEM)(CD)/Microsoft Bob 1.00 (OEM).txt
Microsoft Bob 1.00 (OEM)(CD)/cdcover-back.png
.png
Microsoft Bob 1.00 (OEM)(CD)/cdcover-front.png
.png
Microsoft Bob 1.00 (OEM)(CD)/disk01.iso
.iso
EXTRACT.EXE
README.TXT
SETUP.EXE
SETUP.INI
SETUP.LST
U1.CAB
.cab
256_1280.DRV
64K_1024.DRV
ACTORS/BLYTHE.ACT
ACTORS/CHAOS.ACT
ACTORS/HOPPER.ACT
ACTORS/JAVA.ACT
ACTORS/ORBY.ACT
ACTORS/ROVER.ACT
ACTORS/RUBY.ACT
ACTORS/SCUZZ.ACT
ACTORS/SHELLY.ACT
ACTORS/WORM.ACT
ACTORS/ZSPEAKER.ACT
ACTORS/ZVISIBLE.ACT
ADDRESS/ABOOK.MDB
ADDRESS/ADDRESS.BTN
ADDRESS/ADDRESS.EXE
ADDRESS/ADDRESST.TPR
BUTTONS.BTN
CALENDAR/CAL.EXE
CALENDAR/CALSOUND.ANI
CGMIMP.FLT
CHKBOOK/CHKBOOK.BTN
CHKBOOK/CHKBOOK.EXE
CHKBOOK/CHKESRV.DLL
CHKBOOK/CHKTIP.TPR
CHKBOOK/LEXX.ACT
CHKBOOK/ONLINE.DOC
.rtf .doc
CMDIALOG.VBX
COMPOBJ.DLL
CTL3DV2.DLL
DVA.386
HOME/BALLOON.ANI
HOME/CATRUG.ANI
HOME/CHOOSER.EXE
HOME/DRAGON.ANI
HOME/FIRE.ANI
HOME/FIRE1.ANI
HOME/FISH1.ANI
HOME/FOUNTN2.ANI
HOME/GEOSAFAR.ANI
HOME/HOME.EXE
HOME/JACKNBOX.ANI
HOME/KNOCKNOK.ANI
HOME/LAVALAMP.ANI
HOME/PANCAKES.ANI
HOME/PLANE.ANI
HOME/REVDOOR.ANI
HOME/RLDOOR.ANI
HOME/RRDOOR.ANI
HOME/SHELLSND.ANI
HOME/SLDOOR.ANI
HOME/SLIDESHO.ANI
HOME/SRDOOR.ANI
HOME/TOYCHEST.ANI
IFFPCX.DLL
IFFTIFF.DLL
LETTER/BORDERS.IBD
LETTER/CAT.DAT
LETTER/CAT.IDX
LETTER/LETTER.BTN
LETTER/LETTER.EXE
LETTER/LETTIP.TPR
LETTER/STYLE.DAT
LHANDW.TTF
MAILROOM/MAILROOM.BTN
MAILROOM/MAILROOM.EXE
MAILROOM/MRTIPS.TPR
MAPIRPC.REG
MAPISP.EXE
MAPIU.DLL
MAPIX.DLL
MEDV12.DLL
MSABC110.DLL
MSAES110.DLL
MSAFINX.DLL
MSAJT110.DLL
MSAJU110.DLL
MSFTREG.DLL
.vbs
MSINFO.EXE
MSPST.DLL
MSSPELL.DLL
MSSP_AM.LEX
MVFS12.DLL
MVSRCH12.DLL
MVTTL12.DLL
NOTEBOOK/FINANCE/CANFLAG.WMF
NOTEBOOK/FINANCE/FINANCE.BTN
NOTEBOOK/FINANCE/FINANCE.MDB
NOTEBOOK/FINANCE/FINANCE.MVB
NOTEBOOK/FINANCE/USFLAG.WMF
NOTEBOOK/HOME/H01.WMF
NOTEBOOK/HOME/H02.WMF
NOTEBOOK/HOME/H03.WMF
NOTEBOOK/HOME/H04.WMF
NOTEBOOK/HOME/H05.WMF
NOTEBOOK/HOME/H06.WMF
NOTEBOOK/HOME/H07.WMF
NOTEBOOK/HOME/H11.WMF
NOTEBOOK/HOME/H12.WMF
NOTEBOOK/HOME/H15.WMF
NOTEBOOK/HOME/H17.WMF
NOTEBOOK/HOME/H18.WMF
NOTEBOOK/HOME/H19.WMF
NOTEBOOK/HOME/H21.WMF
NOTEBOOK/HOME/H25.WMF
NOTEBOOK/HOME/HOME.BTN
NOTEBOOK/HOME/HOME.MDB
NOTEBOOK/HOME/HOME.MVB
NOTEBOOK/HOME/HX03.WMF
NOTEBOOK/NBTIPS.TPR
NOTEBOOK/NOTEBOOK.BTN
NOTEBOOK/NOTEBOOK.EXE
NOTEBOOK/NOTES.BMP
OLE2.DLL
OLE2.REG
OLE2CONV.DLL
OLE2DISP.DLL
OLE2NLS.DLL
OLE2PROX.DLL
PCXIMP.FLT
QDOC.DLL
S3.EXE
SAFARI/ANIMALS/19ANLBG.WMF
SAFARI/ANIMALS/19ANLFRM.WMF
SAFARI/ANIMALS/ANIM/19ANLAN.ANI
SAFARI/ANIMALS/B_BOX/19ANL01.WMF
SAFARI/ANIMALS/B_BOX/19ANL02.WMF
SAFARI/ANIMALS/B_BOX/19ANL03.WMF
SAFARI/ANIMALS/B_BOX/19ANL04.WMF
SAFARI/ANIMALS/B_BOX/19ANL06.WMF
SAFARI/ANIMALS/B_BOX/19ANL07.WMF
SAFARI/ANIMALS/B_BOX/19ANL08.WMF
SAFARI/ANIMALS/B_BOX/19ANL09.WMF
SAFARI/ANIMALS/B_BOX/19ANL10.WMF
SAFARI/ANIMALS/B_BOX/19ANL11.WMF
SAFARI/ANIMALS/B_BOX/19ANL12.WMF
SAFARI/ANIMALS/B_BOX/19ANL13.WMF
SAFARI/ANIMALS/GLOSSARY/00ANLMV.MVB
SAFARI/ANIMALS/PREVBAR1.WMF
SAFARI/GEO.TPR
SAFARI/GEOGRAPH/01BASBG.WMF
SAFARI/GEOGRAPH/02BASBG.WMF
SAFARI/GEOGRAPH/03BASBG.WMF
SAFARI/GEOGRAPH/04BASBG.WMF
SAFARI/GEOGRAPH/05BASBG.WMF
SAFARI/GEOGRAPH/06BASBG.WMF
SAFARI/GEOGRAPH/07BASBG.WMF
SAFARI/GEOGRAPH/08BASBG.WMF
SAFARI/GEOGRAPH/13BASBG.WMF
SAFARI/GEOGRAPH/14BASBG.WMF
SAFARI/GEOGRAPH/15BASBG.WMF
SAFARI/GEOGRAPH/16BASBG.WMF
SAFARI/GEOGRAPH/17BASBG.WMF
SAFARI/GEOGRAPH/18BASBG.WMF
SAFARI/GEOGRAPH/ANIM/01BASAN.ANI
SAFARI/GEOGRAPH/ANIM/08BASAN.ANI
SAFARI/GEOGRAPH/B_BOX/08BAS01.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS02.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS03.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS04.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS05.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS06.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS07.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS08.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS09.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS10.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS13.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS15.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS16.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS17.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS19.WMF
SAFARI/GEOGRAPH/B_BOX/08BAS20.WMF
SAFARI/GEOGRAPH/GLOSSARY/01BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/02BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/03BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/04BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/05BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/06BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/07BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/08BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/09BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/10BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/11BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/12BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/13BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/14BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/15BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/16BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/17BASMV.MVB
SAFARI/GEOGRAPH/GLOSSARY/18BASMV.MVB
SAFARI/GEOGRAPH/STAR_BLK.WMF
SAFARI/SAFARI.EXE
SAFARI/SAFARI.MDB
SAFARI/SBSBATCH.PIF
SAFARI/SCIENCE/12SCIBG.WMF
SAFARI/SCIENCE/ANIM/12SCIAN.ANI
SAFARI/SCIENCE/GLOSSARY/00SCIMV.MVB
SAFARI/SYSTEM/CLOCK.ANI
SAFARI/SYSTEM/FLASHOR1.ANI
SAFARI/SYSTEM/FLASHVR1.ANI
SAFARI/SYSTEM/GEOSOUND.ANI
SAFARI/SYSTEM/HANK.ACT
SAFARIBS.DLL
STDOLE.TLB
STORAGE.DLL
SVGA.EXE
SYSTEM.MDB
TIFFIMP.FLT
TYPELIB.DLL
UBACKUP.EXE
UBACKUPX.EXE
UEXTRA.DLL
UMAIL.DLL
UMAILCC.VBX
UMEDVIEW.VBX
UMLM5.DLL
UMLM532.DLL
.dll windows:1 windows x86 arch:x86

40f46ae39e38fbee6bc1398683e9fca3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA

kernel32

GlobalAlloc
DeleteFileA
CloseHandle
GetLastError
CreateFileA
GetCurrentProcessId
SetFileAttributesA
GetFileAttributesA
FlushFileBuffers
SetFilePointer
GetFileSize
WriteFile
ReadFile
MoveFileA
lstrlenA
LocalFree
LocalUnlock
LocalLock
LocalAlloc
lstrcatA
GlobalFree
GetVersion

msvcrt20

_splitpath
memmove
strchr
_makepath
strncpy
rename
strncat
free
strstr
_strnicmp
__p__pctype
_isctype
__p___mb_cur_max
strtok
strncmp
remove
_itoa
_access
_findclose
_findfirst
_findnext
_strupr
_ultoa
time
strrchr
localtime
toupper
sprintf
_initterm
atoi
malloc

Exports

Exports

MCIAddAddressDesc
MCIAddAttachmentDesc
MCIAddFaxRecipient
MCIAddInternetRecipient
MCIAddPostalRecipient
MCIAddRemsRecipient
MCIAddSubscriberRecipient
MCIAddTelexRecipient
MCIAddX400Recipient
MCICloseMessage
MCICloseSession
MCIDeriveReply
MCIGetAddressDesc
MCIGetAttachmentDesc
MCIGetEnvelopeDesc
MCIGetErrorDesc
MCIGetStringField
MCIGetText
MCIGetTextSize
MCIGetTextSizeAlt
MCIMoveMessage
MCINewMessage
MCINewMessageAlt
MCIOpenMessage
MCIOpenMessageAlt
MCIOpenSession
MCIOpenSessionAlt
MCIRemoveAddress
MCIRemoveAttachment
MCISaveMessage
MCISaveMessageAs
MCISetAddressDesc
MCISetAttachmentDesc
MCISetEnvelopeDesc
MCISetSubject
MCISetText
MCISetTextDesc

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 24B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMLMM.DLL
UMLMM32.DLL
.dll windows:1 windows x86 arch:x86

37fe083cf797b3fad317411af70205c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

umlmnp32

MnpSend
MnpSetDTR
MnpClose
MnpConnect
MnpOpen
MnpFlushInput
MnpDisconnect
MnpReceiveXtd
MnpFlushOutput

user32

GetWindowLongA
MessageBoxA
DestroyWindow
CreateWindowExA
SetWindowLongA
DefWindowProcA
wsprintfA
RegisterClassA
UnregisterClassA

kernel32

WriteFile
ReadFile
GetFileAttributesA
SetCommBreak
lstrcatA
lstrlenA
MoveFileA
GetFileSize
SetFilePointer
GetVersion
GlobalAlloc
GlobalFree
GetCommModemStatus
CreateEventA
DeleteFileA
LocalUnlock
SetFileAttributesA
LocalAlloc
ClearCommBreak
FlushFileBuffers
CloseHandle
GetLastError
CreateFileA
SetCommState
LocalLock
LocalFree
GetTickCount
ResetEvent
WaitForSingleObject
SetEvent
GetCurrentProcessId

msvcrt20

malloc
_stricmp
_initterm
strncat
remove
strchr
_ultoa
_access
memmove
strrchr
__p___mb_cur_max
_isctype
__p__pctype
getenv
strtok
_assert
_strnicmp
_fullpath
_makepath
_splitpath
strncpy
sprintf
strncmp
_strupr
_findclose
_findfirst
_findnext
strstr
localtime
time
toupper

Exports

Exports

MMAbortPoll
MMAbortSlave
MMAutoPoll
MMCloseSession
MMConfigureAccount
MMConfigureBoxes
MMConfigureConnect
MMConfigureHandling
MMConfigureMail
MMConfigureMcd
MMConfigureModem
MMConfigureNetwork
MMConfigurePort
MMConfigureSafe
MMConfigureTranscript
MMConfigureUsers
MMConnect
MMConnectMcd
MMDisconnect
MMDownloadMessage
MMGetCompletion
MMGetCompletionMsg
MMGetExtendedErrorMsg
MMGetPollReport
MMGetPollStatus
MMGetSubject
MMGetToFrom
MMGetVersionMsg
MMLogMessage
MMLogin
MMMakeUniqueFile
MMOpenSession
MMOpenSessionAlt
MMReadConfiguration
MMScanFolder
MMSetLogFile
MMSetMeter
MMSetMonitor
MMSetService
MMUploadAbort
MMUploadAttachment
MMUploadEnvelope
MMUploadMessage
MMUploadSend
MMUploadText
MailerWndProc

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 280B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMLMNP.DLL
UMLMNP32.DLL
.dll windows:1 windows x86 arch:x86

1229227c197eef3aa9e11a732fad650b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA

kernel32

GetCommProperties
WaitCommEvent
CloseHandle
TerminateThread
ReleaseMutex
SetEvent
SetCommMask
PurgeComm
SetCommState
GetCommState
WaitForSingleObject
ReadFile
WriteFile
ClearCommError
LocalLock
LocalAlloc
LocalFree
LocalUnlock
CreateMutexA
IsBadWritePtr
SetLastError
GetLastError
GetCurrentProcess
GetVersion
CreateEventA
CreateThread
SetCommTimeouts
CreateFileA
EscapeCommFunction
ResetEvent
WaitForMultipleObjects
SetThreadPriority
GetTickCount
GetCommModemStatus
GetOverlappedResult
GlobalFree
GlobalAlloc

msvcrt20

malloc
getenv
_initterm
memchr

Exports

Exports

MnpClose
MnpConnect
MnpDisconnect
MnpFlushInput
MnpFlushOutput
MnpOpen
MnpReceive
MnpReceiveXtd
MnpSend
MnpSetDTR
MnpTrace

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMLXP.DLL
UMLXP32.DLL
.dll windows:1 windows x86 arch:x86

0a0e83c3b5b2b78fc1b86f797a840518

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
EnterCriticalSection
GetTickCount
lstrcpyA
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
GetPrivateProfileStringA
GetProfileStringA
GetPrivateProfileIntA
FindClose
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
DeleteFileA
CloseHandle
WriteFile
GetLastError
CreateFileA
ReadFile
FindNextFileA
FindFirstFileA
GetProfileIntA
FileTimeToDosDateTime
FileTimeToLocalFileTime
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
SetErrorMode
LoadLibraryA
GetFullPathNameA
LeaveCriticalSection
GetFileSize

user32

LoadStringA
TranslateMessage
PeekMessageA
DispatchMessageA
CharUpperA
CharUpperBuffA
wsprintfA

msvcrt20

_splitpath
_ultoa
time
_makepath
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
strncpy
_stricmp
strncat
localtime
atoi
strchr
_itoa
strtol

mapiu32

OpenStreamOnFile@24
OpenTnefStream@28
UlAddRef@4

Exports

Exports

ServiceEntry
XPProviderInit

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UPIC.MDB
UPICOLE.DLL
URESTORE.EXE
USPREAD.VBX
UTOBJECT.DLL
UTOPIA.DLL
UTOPIA.MDB
UTOPIA.REG
UTOPIAWA.REG
UTOPIAWA/UTOPIAWA.EXE
UWAOLE.DLL
UWMF.DLL
VBDB300.DLL
VBOA300.DLL
VBRUN300.DLL
VER.DLL
VSHARE.386
WAVEMIX.INI
WAVMIX16.DLL
WING.DLL
WINGDE.DLL
WINGDIB.DRV
WINGPAL.WND
_mssetup.exe
acmsetup.exe
acmsetup.hlp
mscpydis.dll
mssetup.dll
usetup.dll
utopia.stf
UTOPIA.INF
Microsoft Bob 1.00 (OEM)(CD)/media-disk01.png
.png
Microsoft Bob 1.00 (OEM)(CD)/winworldpc.com.txt

Sharing

General

Malware Config

Signatures

Files

40f46ae39e38fbee6bc1398683e9fca3

Headers

File Characteristics

Imports

user32

kernel32

msvcrt20

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 53KB

.bss Size: - Virtual size: 24B

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 2KB

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 2KB - Virtual size: 1KB

37fe083cf797b3fad317411af70205c9

Headers

File Characteristics

Imports

umlmnp32

user32

kernel32

msvcrt20

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 102KB

.bss Size: - Virtual size: 280B

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 15KB - Virtual size: 15KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 884B

.reloc Size: 4KB - Virtual size: 3KB

1229227c197eef3aa9e11a732fad650b

Headers

File Characteristics

Imports

user32

kernel32

msvcrt20

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.bss Size: - Virtual size: 12B

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 544B

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 286B

.rsrc Size: 1024B - Virtual size: 876B

.reloc Size: 1024B - Virtual size: 668B

0a0e83c3b5b2b78fc1b86f797a840518

Headers

File Characteristics

Imports

kernel32

user32

msvcrt20

mapiu32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 1024B - Virtual size: 835B

.data Size: 2KB - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 248B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 53KB - Virtual size: 53KB

.bss
Size: - Virtual size: 24B

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 103KB - Virtual size: 102KB

.bss
Size: - Virtual size: 280B

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 15KB - Virtual size: 15KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 884B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 15KB

.bss
Size: - Virtual size: 12B

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 544B

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 286B

.rsrc
Size: 1024B - Virtual size: 876B

.reloc
Size: 1024B - Virtual size: 668B

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 1024B - Virtual size: 835B

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 248B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB