6211b2ece65746560d9b9123acfe8fe7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6211b2ece65746560d9b9123acfe8fe7_JaffaCakes118
Size

3.7MB
MD5

6211b2ece65746560d9b9123acfe8fe7
SHA1

ee29b6d93e0afc60458c0f0542fd1a8ab36c1e9e
SHA256

f585210da745a18123b21e4840958b735086b230c37e3ba912aff048826ff114
SHA512

148b87a5d4edd71fd835f002b1ed9ad763d97be13048ebda35b3abd0655ade3ba9f1916e4ee1a422cf07c488197897842a51653f483cda76bd3bc2af84b986d8
SSDEEP

98304:2qKO1xSwIoUdoDICGD+to8NL9TsOuMkROeSQfwBOk1x+rgpLjQ:xNx3lUiICCuLuvNGEMxxG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/norton/Norton 2011 TrialReset v3.1.0.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack003/out.upx	autoit_exe

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/norton/Norton 2011 TrialReset v3.1.0.exe
unpack003/out.upx

Files

6211b2ece65746560d9b9123acfe8fe7_JaffaCakes118
.rar
norton/28-4-2011/Symantec Norton 360/Norton 360.txt
norton/28-4-2011/Symantec Norton Anti Virus Symantec Norton Internet Security Symantec Norton 360/Norton Anti Virus 2011.txt
norton/28-4-2011/Symantec Norton Anti Virus Symantec Norton Internet Security Symantec Norton 360/Norton Internet Security 2011.txt
norton/28-4-2011/سفن إفري ويك.mht
.eml .js polyglot
- http://7everyweek.com/user/
- http://7everyweek.com/user/?mid=15
- http://7everyweek.com/user/?mid=26
- http://7everyweek.com/user/?mid=41
- http://forums.7everyweek.com/
- http://forums.7everyweek.com/#
- http://forums.7everyweek.com/#%C7%E1%C3%DE%D3%DC%DC%C7%E3-%C7%E1%CA%DA%E1%ED%E3%ED%C9
- http://forums.7everyweek.com/#%C7%E1%DF%E3%C8%ED%E6%CA%D1-%E6%C7%E1%C5%E4%CA%D1%E4%CA
- http://forums.7everyweek.com/#%C7%E1%E3%E4%CA%CF%EC-%C7%E1%C5%CF%C7%D1%ED
- http://forums.7everyweek.com/#%C7%E1%E3%E4%CA%CF%EC-%C7%E1%C5%DA%E1%C7%E3%EC
- http://forums.7everyweek.com/#%C7%E1%E3%E4%CA%CF%ED-%C7%E1%DA%C7%E3
- http://forums.7everyweek.com/#%DE%D3%E3-%C7%E1%CC%E6%C7%E1-%E6-%C7%E1%C2%ED%DD%E6%E4
- http://forums.7everyweek.com/#%E3%E4%CA%CF%EC-%C7%E1%CA%CC%C7%D1%C9-%C7%E1%C5%E1%DF%CA%D1%E6%E4%ED%C9
- http://forums.7everyweek.com/#%E3%E4%CA%CF%EC-%C7%E1%CA%D3%E1%ED%C9
- http://forums.7everyweek.com/#%E3%E4%CA%CF%EC-%C7%E1%CF%E6%D1%C7%CA
- http://forums.7everyweek.com/#%E3%E4%CA%CF%EC-%C7%E1%E3%D3%C7%C8%DE%C9
- http://forums.7everyweek.com/#%E4%D8%E6%ED%D1-%C7%E1%E3%E6%C7%DE%DA-%E6%C7%E1%E3%E4%CA%CF%ED%C7%CA
- http://forums.7everyweek.com/#top
- http://forums.7everyweek.com/?nojs=1#community
- http://forums.7everyweek.com/?nojs=1#usercptools
- http://forums.7everyweek.com/admincp/index.php
- http://forums.7everyweek.com/bnnr.php
- http://forums.7everyweek.com/bnnr.php?do=z&id=1
- http://forums.7everyweek.com/bnnr.php?do=z&id=2
- http://forums.7everyweek.com/bnnr.php?do=z&id=3
- http://forums.7everyweek.com/bnnr.php?do=z&id=4
- http://forums.7everyweek.com/calendar.php
- http://forums.7everyweek.com/cv_rss_feeds.php
- http://forums.7everyweek.com/external.php?type=html
- http://forums.7everyweek.com/external.php?type=rss
- http://forums.7everyweek.com/external.php?type=rss2
- http://forums.7everyweek.com/external.php?type=xml
- http://forums.7everyweek.com/f10.html
- http://forums.7everyweek.com/f103.html
- http://forums.7everyweek.com/f105.html
- http://forums.7everyweek.com/f106.html
- http://forums.7everyweek.com/f107.html
- http://forums.7everyweek.com/f108.html
- http://forums.7everyweek.com/f110.html
- http://forums.7everyweek.com/f111.html
- http://forums.7everyweek.com/f112.html
- http://forums.7everyweek.com/f114.html
- http://forums.7everyweek.com/f117.html
- http://forums.7everyweek.com/f14.html
- http://forums.7everyweek.com/f15.html
- http://forums.7everyweek.com/f16.html
- http://forums.7everyweek.com/f17.html
- http://forums.7everyweek.com/f18.html
- http://forums.7everyweek.com/f19.html
- http://forums.7everyweek.com/f2.html
- http://forums.7everyweek.com/f20.html
- http://forums.7everyweek.com/f21.html
- http://forums.7everyweek.com/f22.html
- http://forums.7everyweek.com/f23.html
- http://forums.7everyweek.com/f24.html
- http://forums.7everyweek.com/f25.html
- http://forums.7everyweek.com/f26.html
- http://forums.7everyweek.com/f3.html
- http://forums.7everyweek.com/f36.html
- http://forums.7everyweek.com/f37.html
- http://forums.7everyweek.com/f38.html
- http://forums.7everyweek.com/f4.html
- http://forums.7everyweek.com/f46.html
- http://forums.7everyweek.com/f47.html
- http://forums.7everyweek.com/f48.html
- http://forums.7everyweek.com/f49.html
- http://forums.7everyweek.com/f54.html
- http://forums.7everyweek.com/f56.html
- http://forums.7everyweek.com/f62.html
- http://forums.7everyweek.com/f64.html
- http://forums.7everyweek.com/f65.html
- http://forums.7everyweek.com/f70.html
- http://forums.7everyweek.com/f71.html
- http://forums.7everyweek.com/f72.html
- http://forums.7everyweek.com/f73.html
- http://forums.7everyweek.com/f75.html
- http://forums.7everyweek.com/f76.html
- http://forums.7everyweek.com/f78.html
- http://forums.7everyweek.com/f79.html
- http://forums.7everyweek.com/f80.html
- http://forums.7everyweek.com/f81.html
- http://forums.7everyweek.com/f82.html
- http://forums.7everyweek.com/f85.html
- http://forums.7everyweek.com/f86.html
- http://forums.7everyweek.com/f88.html
- http://forums.7everyweek.com/f9.html
- http://forums.7everyweek.com/f90.html
- http://forums.7everyweek.com/f91.html
- http://forums.7everyweek.com/f98.html
- http://forums.7everyweek.com/faq.php
- http://forums.7everyweek.com/forumdisplay.php?do=markread
- http://forums.7everyweek.com/groups/
- http://forums.7everyweek.com/login.php?do=logout&logouthash=1279221405-65f649d1454c4f39260fe44a5e7e5ccb8367c297
- http://forums.7everyweek.com/memberlist.html
- http://forums.7everyweek.com/members/albums.html
- http://forums.7everyweek.com/misc.php?do=cybareginv
- http://forums.7everyweek.com/misc.php?do=cybaregman
- http://forums.7everyweek.com/misc.php?do=cyberstats
- http://forums.7everyweek.com/misc.php?do=disablestats
- http://forums.7everyweek.com/misc.php?do=topposters
- http://forums.7everyweek.com/modcp/index.php
- http://forums.7everyweek.com/online.php
- http://forums.7everyweek.com/private.php
- http://forums.7everyweek.com/profile.php?do=buddylist
- http://forums.7everyweek.com/profile.php?do=editoptions
- http://forums.7everyweek.com/profile.php?do=editprofile
- http://forums.7everyweek.com/profile.php?do=editsignature
- http://forums.7everyweek.com/register.php
- http://forums.7everyweek.com/search.php
- http://forums.7everyweek.com/search.php?do=getdaily
- http://forums.7everyweek.com/search.php?do=getnew
- http://forums.7everyweek.com/sendmessage.php
- http://forums.7everyweek.com/showgroups.php
- http://forums.7everyweek.com/sitemap/
- http://forums.7everyweek.com/subscription.php
- http://forums.7everyweek.com/t10206-new-post.html
- http://forums.7everyweek.com/t10206-post74351.html#post74351
- http://forums.7everyweek.com/t10745-new-post.html
- http://forums.7everyweek.com/t10745-post61719.html#post61719
- http://forums.7everyweek.com/t10788-new-post.html
- http://forums.7everyweek.com/t10788-post73283.html#post73283
- http://forums.7everyweek.com/t11365-new-post.html
- http://forums.7everyweek.com/t11365-post59423.html#post59423
- http://forums.7everyweek.com/t11939-new-post.html
- http://forums.7everyweek.com/t11939-post68246.html#post68246
- http://forums.7everyweek.com/t12146-last-post.html
- http://forums.7everyweek.com/t12146.html
- http://forums.7everyweek.com/t12417-last-post.html
- http://forums.7everyweek.com/t12417.html
- http://forums.7everyweek.com/t13090-new-post.html
- http://forums.7everyweek.com/t13090-post74398.html#post74398
- http://forums.7everyweek.com/t13559-new-post.html
- http://forums.7everyweek.com/t13559-post74269.html#post74269
- http://forums.7everyweek.com/t13650-last-post.html
- http://forums.7everyweek.com/t13650.html
- http://forums.7everyweek.com/t13667-last-post.html
- http://forums.7everyweek.com/t13667.html
- http://forums.7everyweek.com/t13671-last-post.html
- http://forums.7everyweek.com/t13671.html
- http://forums.7everyweek.com/t13720-last-post.html
- http://forums.7everyweek.com/t13720.html
- http://forums.7everyweek.com/t13986-new-post.html
- http://forums.7everyweek.com/t13986-post72284.html#post72284
- http://forums.7everyweek.com/t14044-new-post.html
- http://forums.7everyweek.com/t14044-post69517.html#post69517
- http://forums.7everyweek.com/t14352-new-post.html
- http://forums.7everyweek.com/t14352-post74190.html#post74190
- http://forums.7everyweek.com/t14579-new-post.html
- http://forums.7everyweek.com/t14579-post73453.html#post73453
- http://forums.7everyweek.com/t14592-new-post.html
- http://forums.7everyweek.com/t14592-post72351.html#post72351
- http://forums.7everyweek.com/t14630-new-post.html
- http://forums.7everyweek.com/t14630-post71818.html#post71818
- http://forums.7everyweek.com/t14642-new-post.html
- http://forums.7everyweek.com/t14642-post71863.html#post71863
- http://forums.7everyweek.com/t14740-new-post.html
- http://forums.7everyweek.com/t14740-post73341.html#post73341
- http://forums.7everyweek.com/t14743-new-post.html
- http://forums.7everyweek.com/t14743-post72207.html#post72207
- http://forums.7everyweek.com/t14769-new-post.html
- http://forums.7everyweek.com/t14769-post73357.html#post73357
- http://forums.7everyweek.com/t14858-new-post.html
- http://forums.7everyweek.com/t14858-post74264.html#post74264
- http://forums.7everyweek.com/t14868-new-post.html
- http://forums.7everyweek.com/t14868-post72509.html#post72509
- http://forums.7everyweek.com/t14923-new-post.html
- http://forums.7everyweek.com/t14923-post73805.html#post73805
- http://forums.7everyweek.com/t14930-new-post.html
- http://forums.7everyweek.com/t14930-post73552.html#post73552
- http://forums.7everyweek.com/t14940-new-post.html
- http://forums.7everyweek.com/t14940-post72864.html#post72864
- http://forums.7everyweek.com/t14985-new-post.html
- http://forums.7everyweek.com/t14985-post74289.html#post74289
- http://forums.7everyweek.com/t15042-new-post.html
- http://forums.7everyweek.com/t15042-post73238.html#post73238
- http://forums.7everyweek.com/t15059-new-post.html
- http://forums.7everyweek.com/t15059-post73314.html#post73314
- http://forums.7everyweek.com/t15074-new-post.html
- http://forums.7everyweek.com/t15074-post74078.html#post74078
- http://forums.7everyweek.com/t15148-new-post.html
- http://forums.7everyweek.com/t15148-post73720.html#post73720
- http://forums.7everyweek.com/t15150-new-post.html
- http://forums.7everyweek.com/t15150-post73715.html#post73715
- http://forums.7everyweek.com/t15176-new-post.html
- http://forums.7everyweek.com/t15176-post74412.html#post74412
- http://forums.7everyweek.com/t15176.html
- http://forums.7everyweek.com/t15199-new-post.html
- http://forums.7everyweek.com/t15199-post74409.html#post74409
- http://forums.7everyweek.com/t15199.html
- http://forums.7everyweek.com/t15231-new-post.html
- http://forums.7everyweek.com/t15231-post74160.html#post74160
- http://forums.7everyweek.com/t15234-new-post.html
- http://forums.7everyweek.com/t15234-post74165.html#post74165
- http://forums.7everyweek.com/t15245-new-post.html
- http://forums.7everyweek.com/t15245-post74330.html#post74330
- http://forums.7everyweek.com/t15246-new-post.html
- http://forums.7everyweek.com/t15246-post74323.html#post74323
- http://forums.7everyweek.com/t15255-new-post.html
- http://forums.7everyweek.com/t15255-post74222.html#post74222
- http://forums.7everyweek.com/t15256-new-post.html
- http://forums.7everyweek.com/t15256.html
- http://forums.7everyweek.com/t15268-new-post.html
- http://forums.7everyweek.com/t15268-post74300.html#post74300
- http://forums.7everyweek.com/t15274-new-post.html
- http://forums.7everyweek.com/t15274-post74306.html#post74306
- http://forums.7everyweek.com/t15282-new-post.html
- http://forums.7everyweek.com/t15282-post74334.html#post74334
- http://forums.7everyweek.com/t15284-new-post.html
- http://forums.7everyweek.com/t15284-post74336.html#post74336
- http://forums.7everyweek.com/t15289-new-post.html
- http://forums.7everyweek.com/t15289-post74414.html#post74414
- http://forums.7everyweek.com/t15289.html
- http://forums.7everyweek.com/t15292-new-post.html
- http://forums.7everyweek.com/t15292-post74372.html#post74372
- http://forums.7everyweek.com/t15293-new-post.html
- http://forums.7everyweek.com/t15293-post74373.html#post74373
- http://forums.7everyweek.com/t15301-new-post.html
- http://forums.7everyweek.com/t15301.html
- http://forums.7everyweek.com/t15309-new-post.html
- http://forums.7everyweek.com/t15309-post74392.html#post74392
- http://forums.7everyweek.com/t15310-new-post.html
- http://forums.7everyweek.com/t15310-post74397.html#post74397
- http://forums.7everyweek.com/t15311-new-post.html
- http://forums.7everyweek.com/t15311-post74396.html#post74396
- http://forums.7everyweek.com/t15313-new-post.html
- http://forums.7everyweek.com/t15313-post74400.html#post74400
- http://forums.7everyweek.com/t15315-new-post.html
- http://forums.7everyweek.com/t15315.html
- http://forums.7everyweek.com/t15316-new-post.html
- http://forums.7everyweek.com/t15316.html
- http://forums.7everyweek.com/t15317-new-post.html
- http://forums.7everyweek.com/t15317.html
- http://forums.7everyweek.com/t15318-new-post.html
- http://forums.7everyweek.com/t15318-post74405.html#post74405
- http://forums.7everyweek.com/t15318.html
- http://forums.7everyweek.com/t15319-new-post.html
- http://forums.7everyweek.com/t15319-post74411.html#post74411
- http://forums.7everyweek.com/t15319.html
- http://forums.7everyweek.com/t1989.html
- http://forums.7everyweek.com/t201-new-post.html
- http://forums.7everyweek.com/t201-post73952.html#post73952
- http://forums.7everyweek.com/t2609.html
- http://forums.7everyweek.com/t3125-new-post.html
- http://forums.7everyweek.com/t3125-post70207.html#post70207
- http://forums.7everyweek.com/t3665.html
- http://forums.7everyweek.com/t3684-last-post.html
- http://forums.7everyweek.com/t3684.html
- http://forums.7everyweek.com/t4352.html
- http://forums.7everyweek.com/t5166-last-post.html
- http://forums.7everyweek.com/t5166.html
- http://forums.7everyweek.com/t602.html
- http://forums.7everyweek.com/t6323.html
- http://forums.7everyweek.com/t7184-last-post.html
- http://forums.7everyweek.com/t7184.html
- http://forums.7everyweek.com/t8934.html
- http://forums.7everyweek.com/t8980-new-post.html
- http://forums.7everyweek.com/t8980-post63162.html#post63162
- http://forums.7everyweek.com/t9461-new-post.html
- http://forums.7everyweek.com/t9461-post71164.html#post71164
- http://forums.7everyweek.com/t9710-last-post.html
- http://forums.7everyweek.com/t9710.html
- http://forums.7everyweek.com/tags/
- http://forums.7everyweek.com/u1.html
- http://forums.7everyweek.com/u1052.html
- http://forums.7everyweek.com/u116.html
- http://forums.7everyweek.com/u120.html
- http://forums.7everyweek.com/u1260.html
- http://forums.7everyweek.com/u1349.html
- http://forums.7everyweek.com/u1474.html
- http://forums.7everyweek.com/u156.html
- http://forums.7everyweek.com/u1851.html
- http://forums.7everyweek.com/u2010.html
- http://forums.7everyweek.com/u2450.html
- http://forums.7everyweek.com/u27.html
- http://forums.7everyweek.com/u3022.html
- http://forums.7everyweek.com/u334.html
- http://forums.7everyweek.com/u39.html
- http://forums.7everyweek.com/u43.html
- http://forums.7everyweek.com/u4355.html
- http://forums.7everyweek.com/u4877.html
- http://forums.7everyweek.com/u5.html
- http://forums.7everyweek.com/u5086.html
- http://forums.7everyweek.com/u535.html
- http://forums.7everyweek.com/u5422.html
- http://forums.7everyweek.com/u5859.html
- http://forums.7everyweek.com/u6101.html
- http://forums.7everyweek.com/u6383.html
- http://forums.7everyweek.com/u639.html
- http://forums.7everyweek.com/u6700.html
- http://forums.7everyweek.com/u7692.html
- http://forums.7everyweek.com/u7759.html
- http://forums.7everyweek.com/u7762.html
- http://forums.7everyweek.com/u78.html
- http://forums.7everyweek.com/u8082.html
- http://forums.7everyweek.com/u8501.html
- http://forums.7everyweek.com/u8637.html
- http://forums.7everyweek.com/u8648.html
- http://forums.7everyweek.com/u8777.html
- http://forums.7everyweek.com/u8809.html
- http://forums.7everyweek.com/u8919.html
- http://forums.7everyweek.com/u8992.html
- http://forums.7everyweek.com/u9.html
- http://forums.7everyweek.com/u9015.html
- http://forums.7everyweek.com/u9153.html
- http://forums.7everyweek.com/u9173.html
- http://forums.7everyweek.com/u9257.html
- http://forums.7everyweek.com/u9287.html
- http://forums.7everyweek.com/u9333.html
- http://forums.7everyweek.com/u9346.html
- http://forums.7everyweek.com/u9347.html
- http://forums.7everyweek.com/u9353.html
- http://forums.7everyweek.com/u9358.html
- http://forums.7everyweek.com/u9359.html
- http://forums.7everyweek.com/u9360.html
- http://forums.7everyweek.com/u9361.html
- http://forums.7everyweek.com/u9362.html
- http://forums.7everyweek.com/u9363.html
- http://forums.7everyweek.com/u9364.html
- http://forums.7everyweek.com/u9365.html
- http://forums.7everyweek.com/u9366.html
- http://forums.7everyweek.com/u9367.html
- http://forums.7everyweek.com/u9368.html
- http://forums.7everyweek.com/u9369.html
- http://forums.7everyweek.com/u9370.html
- http://forums.7everyweek.com/u9371.html
- http://forums.7everyweek.com/u9372.html
- http://forums.7everyweek.com/usercp.php
- http://localhost/c_news_letter.php?
- http://localhost/c_news_letter.php?do=send_news_letter
- http://www.addthis.com/bookmark.php
- http://www.d3m-vb.net/vb
- http://www.feedage.com/feeds/5014621/%D8%B3%D9%81%D9%86-%D8%A5%D9%81%D8%B1%D9%8A-%D9%88%D9%8A%D9%83
- http://www.feedage.com/subscribe.php?fid=5014621&s=alesti
- http://www.feedage.com/subscribe.php?fid=5014621&s=aol
- http://www.feedage.com/subscribe.php?fid=5014621&s=bloglines
- http://www.feedage.com/subscribe.php?fid=5014621&s=feedagealerts
- http://www.feedage.com/subscribe.php?fid=5014621&s=feedagegroups
- http://www.feedage.com/subscribe.php?fid=5014621&s=fwicki
- http://www.feedage.com/subscribe.php?fid=5014621&s=google
- http://www.feedage.com/subscribe.php?fid=5014621&s=iping-it
- http://www.feedage.com/subscribe.php?fid=5014621&s=live
- http://www.feedage.com/subscribe.php?fid=5014621&s=msn
- http://www.feedage.com/subscribe.php?fid=5014621&s=netvibes
- http://www.feedage.com/subscribe.php?fid=5014621&s=newsburst
- http://www.feedage.com/subscribe.php?fid=5014621&s=newsgator
- http://www.feedage.com/subscribe.php?fid=5014621&s=pageflakes
- http://www.feedage.com/subscribe.php?fid=5014621&s=rojo
- http://www.feedage.com/subscribe.php?fid=5014621&s=spokentoyou
- http://www.feedage.com/subscribe.php?fid=5014621&s=yahoo
- http://www.leenkat.com/vb
- Show all
attachment-10
.gif
attachment-100
.js
attachment-101
.js
attachment-102
.js
attachment-103
.js
attachment-11
.gif
attachment-12
.gif
attachment-13
.gif
attachment-15
.gif
attachment-16
.jpg
attachment-18
.gif
attachment-2
.gif
attachment-28
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-56
.gif
attachment-6
.gif
attachment-60
.gif
attachment-66
.gif
attachment-68
.gif
attachment-7
.gif
attachment-70
.gif
attachment-71
.gif
attachment-72
.gif
attachment-73
.gif
attachment-74
.gif
attachment-75
.gif
attachment-76
.gif
attachment-77
.gif
attachment-78
.gif
attachment-79
.gif
attachment-8
.gif
attachment-80
.gif
attachment-81
.gif
attachment-82
.gif
attachment-83
.gif
attachment-84
.gif
attachment-85
.gif
attachment-86
.gif
attachment-87
.gif
attachment-88
.gif
attachment-89
.gif
attachment-9
.gif
attachment-91
.gif
attachment-92
.gif
attachment-93
.gif
attachment-94
attachment-95
.js
attachment-96
.js
attachment-97
.js
attachment-98
.js
attachment-99
.js
email-html-1.txt
.html .js polyglot
norton/28-4-2011/هام جدا.txt
norton/Norton 2011 TrialReset v3.1.0.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
norton/سرح تركيب كراك النورتن.jpg
.jpg
norton/سفن إفري ويك.mht
.eml .js polyglot
- http://7everyweek.com/user/
- http://7everyweek.com/user/?mid=15
- http://7everyweek.com/user/?mid=26
- http://7everyweek.com/user/?mid=41
- http://forums.7everyweek.com/
- http://forums.7everyweek.com/#
- http://forums.7everyweek.com/#%C7%E1%C3%DE%D3%DC%DC%C7%E3-%C7%E1%CA%DA%E1%ED%E3%ED%C9
- http://forums.7everyweek.com/#%C7%E1%DF%E3%C8%ED%E6%CA%D1-%E6%C7%E1%C5%E4%CA%D1%E4%CA
- http://forums.7everyweek.com/#%C7%E1%E3%E4%CA%CF%EC-%C7%E1%C5%CF%C7%D1%ED
- http://forums.7everyweek.com/#%C7%E1%E3%E4%CA%CF%EC-%C7%E1%C5%DA%E1%C7%E3%EC
- http://forums.7everyweek.com/#%C7%E1%E3%E4%CA%CF%ED-%C7%E1%DA%C7%E3
- http://forums.7everyweek.com/#%DE%D3%E3-%C7%E1%CC%E6%C7%E1-%E6-%C7%E1%C2%ED%DD%E6%E4
- http://forums.7everyweek.com/#%E3%E4%CA%CF%EC-%C7%E1%CA%CC%C7%D1%C9-%C7%E1%C5%E1%DF%CA%D1%E6%E4%ED%C9
- http://forums.7everyweek.com/#%E3%E4%CA%CF%EC-%C7%E1%CA%D3%E1%ED%C9
- http://forums.7everyweek.com/#%E3%E4%CA%CF%EC-%C7%E1%CF%E6%D1%C7%CA
- http://forums.7everyweek.com/#%E3%E4%CA%CF%EC-%C7%E1%E3%D3%C7%C8%DE%C9
- http://forums.7everyweek.com/#%E4%D8%E6%ED%D1-%C7%E1%E3%E6%C7%DE%DA-%E6%C7%E1%E3%E4%CA%CF%ED%C7%CA
- http://forums.7everyweek.com/#top
- http://forums.7everyweek.com/?nojs=1#community
- http://forums.7everyweek.com/?nojs=1#usercptools
- http://forums.7everyweek.com/admincp/index.php
- http://forums.7everyweek.com/bnnr.php
- http://forums.7everyweek.com/bnnr.php?do=z&id=1
- http://forums.7everyweek.com/bnnr.php?do=z&id=2
- http://forums.7everyweek.com/bnnr.php?do=z&id=3
- http://forums.7everyweek.com/bnnr.php?do=z&id=4
- http://forums.7everyweek.com/calendar.php
- http://forums.7everyweek.com/cv_rss_feeds.php
- http://forums.7everyweek.com/external.php?type=html
- http://forums.7everyweek.com/external.php?type=rss
- http://forums.7everyweek.com/external.php?type=rss2
- http://forums.7everyweek.com/external.php?type=xml
- http://forums.7everyweek.com/f10.html
- http://forums.7everyweek.com/f103.html
- http://forums.7everyweek.com/f105.html
- http://forums.7everyweek.com/f106.html
- http://forums.7everyweek.com/f107.html
- http://forums.7everyweek.com/f108.html
- http://forums.7everyweek.com/f110.html
- http://forums.7everyweek.com/f111.html
- http://forums.7everyweek.com/f112.html
- http://forums.7everyweek.com/f114.html
- http://forums.7everyweek.com/f117.html
- http://forums.7everyweek.com/f14.html
- http://forums.7everyweek.com/f15.html
- http://forums.7everyweek.com/f16.html
- http://forums.7everyweek.com/f17.html
- http://forums.7everyweek.com/f18.html
- http://forums.7everyweek.com/f19.html
- http://forums.7everyweek.com/f2.html
- http://forums.7everyweek.com/f20.html
- http://forums.7everyweek.com/f21.html
- http://forums.7everyweek.com/f22.html
- http://forums.7everyweek.com/f23.html
- http://forums.7everyweek.com/f24.html
- http://forums.7everyweek.com/f25.html
- http://forums.7everyweek.com/f26.html
- http://forums.7everyweek.com/f3.html
- http://forums.7everyweek.com/f36.html
- http://forums.7everyweek.com/f37.html
- http://forums.7everyweek.com/f38.html
- http://forums.7everyweek.com/f4.html
- http://forums.7everyweek.com/f46.html
- http://forums.7everyweek.com/f47.html
- http://forums.7everyweek.com/f48.html
- http://forums.7everyweek.com/f49.html
- http://forums.7everyweek.com/f54.html
- http://forums.7everyweek.com/f56.html
- http://forums.7everyweek.com/f62.html
- http://forums.7everyweek.com/f64.html
- http://forums.7everyweek.com/f65.html
- http://forums.7everyweek.com/f70.html
- http://forums.7everyweek.com/f71.html
- http://forums.7everyweek.com/f72.html
- http://forums.7everyweek.com/f73.html
- http://forums.7everyweek.com/f75.html
- http://forums.7everyweek.com/f76.html
- http://forums.7everyweek.com/f78.html
- http://forums.7everyweek.com/f79.html
- http://forums.7everyweek.com/f80.html
- http://forums.7everyweek.com/f81.html
- http://forums.7everyweek.com/f82.html
- http://forums.7everyweek.com/f85.html
- http://forums.7everyweek.com/f86.html
- http://forums.7everyweek.com/f88.html
- http://forums.7everyweek.com/f9.html
- http://forums.7everyweek.com/f90.html
- http://forums.7everyweek.com/f91.html
- http://forums.7everyweek.com/f98.html
- http://forums.7everyweek.com/faq.php
- http://forums.7everyweek.com/forumdisplay.php?do=markread
- http://forums.7everyweek.com/groups/
- http://forums.7everyweek.com/login.php?do=logout&logouthash=1279221405-65f649d1454c4f39260fe44a5e7e5ccb8367c297
- http://forums.7everyweek.com/memberlist.html
- http://forums.7everyweek.com/members/albums.html
- http://forums.7everyweek.com/misc.php?do=cybareginv
- http://forums.7everyweek.com/misc.php?do=cybaregman
- http://forums.7everyweek.com/misc.php?do=cyberstats
- http://forums.7everyweek.com/misc.php?do=disablestats
- http://forums.7everyweek.com/misc.php?do=topposters
- http://forums.7everyweek.com/modcp/index.php
- http://forums.7everyweek.com/online.php
- http://forums.7everyweek.com/private.php
- http://forums.7everyweek.com/profile.php?do=buddylist
- http://forums.7everyweek.com/profile.php?do=editoptions
- http://forums.7everyweek.com/profile.php?do=editprofile
- http://forums.7everyweek.com/profile.php?do=editsignature
- http://forums.7everyweek.com/register.php
- http://forums.7everyweek.com/search.php
- http://forums.7everyweek.com/search.php?do=getdaily
- http://forums.7everyweek.com/search.php?do=getnew
- http://forums.7everyweek.com/sendmessage.php
- http://forums.7everyweek.com/showgroups.php
- http://forums.7everyweek.com/sitemap/
- http://forums.7everyweek.com/subscription.php
- http://forums.7everyweek.com/t10206-new-post.html
- http://forums.7everyweek.com/t10206-post74351.html#post74351
- http://forums.7everyweek.com/t10745-new-post.html
- http://forums.7everyweek.com/t10745-post61719.html#post61719
- http://forums.7everyweek.com/t10788-new-post.html
- http://forums.7everyweek.com/t10788-post73283.html#post73283
- http://forums.7everyweek.com/t11365-new-post.html
- http://forums.7everyweek.com/t11365-post59423.html#post59423
- http://forums.7everyweek.com/t11939-new-post.html
- http://forums.7everyweek.com/t11939-post68246.html#post68246
- http://forums.7everyweek.com/t12146-last-post.html
- http://forums.7everyweek.com/t12146.html
- http://forums.7everyweek.com/t12417-last-post.html
- http://forums.7everyweek.com/t12417.html
- http://forums.7everyweek.com/t13090-new-post.html
- http://forums.7everyweek.com/t13090-post74398.html#post74398
- http://forums.7everyweek.com/t13559-new-post.html
- http://forums.7everyweek.com/t13559-post74269.html#post74269
- http://forums.7everyweek.com/t13650-last-post.html
- http://forums.7everyweek.com/t13650.html
- http://forums.7everyweek.com/t13667-last-post.html
- http://forums.7everyweek.com/t13667.html
- http://forums.7everyweek.com/t13671-last-post.html
- http://forums.7everyweek.com/t13671.html
- http://forums.7everyweek.com/t13720-last-post.html
- http://forums.7everyweek.com/t13720.html
- http://forums.7everyweek.com/t13986-new-post.html
- http://forums.7everyweek.com/t13986-post72284.html#post72284
- http://forums.7everyweek.com/t14044-new-post.html
- http://forums.7everyweek.com/t14044-post69517.html#post69517
- http://forums.7everyweek.com/t14352-new-post.html
- http://forums.7everyweek.com/t14352-post74190.html#post74190
- http://forums.7everyweek.com/t14579-new-post.html
- http://forums.7everyweek.com/t14579-post73453.html#post73453
- http://forums.7everyweek.com/t14592-new-post.html
- http://forums.7everyweek.com/t14592-post72351.html#post72351
- http://forums.7everyweek.com/t14630-new-post.html
- http://forums.7everyweek.com/t14630-post71818.html#post71818
- http://forums.7everyweek.com/t14642-new-post.html
- http://forums.7everyweek.com/t14642-post71863.html#post71863
- http://forums.7everyweek.com/t14740-new-post.html
- http://forums.7everyweek.com/t14740-post73341.html#post73341
- http://forums.7everyweek.com/t14743-new-post.html
- http://forums.7everyweek.com/t14743-post72207.html#post72207
- http://forums.7everyweek.com/t14769-new-post.html
- http://forums.7everyweek.com/t14769-post73357.html#post73357
- http://forums.7everyweek.com/t14858-new-post.html
- http://forums.7everyweek.com/t14858-post74264.html#post74264
- http://forums.7everyweek.com/t14868-new-post.html
- http://forums.7everyweek.com/t14868-post72509.html#post72509
- http://forums.7everyweek.com/t14923-new-post.html
- http://forums.7everyweek.com/t14923-post73805.html#post73805
- http://forums.7everyweek.com/t14930-new-post.html
- http://forums.7everyweek.com/t14930-post73552.html#post73552
- http://forums.7everyweek.com/t14940-new-post.html
- http://forums.7everyweek.com/t14940-post72864.html#post72864
- http://forums.7everyweek.com/t14985-new-post.html
- http://forums.7everyweek.com/t14985-post74289.html#post74289
- http://forums.7everyweek.com/t15042-new-post.html
- http://forums.7everyweek.com/t15042-post73238.html#post73238
- http://forums.7everyweek.com/t15059-new-post.html
- http://forums.7everyweek.com/t15059-post73314.html#post73314
- http://forums.7everyweek.com/t15074-new-post.html
- http://forums.7everyweek.com/t15074-post74078.html#post74078
- http://forums.7everyweek.com/t15148-new-post.html
- http://forums.7everyweek.com/t15148-post73720.html#post73720
- http://forums.7everyweek.com/t15150-new-post.html
- http://forums.7everyweek.com/t15150-post73715.html#post73715
- http://forums.7everyweek.com/t15176-new-post.html
- http://forums.7everyweek.com/t15176-post74412.html#post74412
- http://forums.7everyweek.com/t15176.html
- http://forums.7everyweek.com/t15199-new-post.html
- http://forums.7everyweek.com/t15199-post74409.html#post74409
- http://forums.7everyweek.com/t15199.html
- http://forums.7everyweek.com/t15231-new-post.html
- http://forums.7everyweek.com/t15231-post74160.html#post74160
- http://forums.7everyweek.com/t15234-new-post.html
- http://forums.7everyweek.com/t15234-post74165.html#post74165
- http://forums.7everyweek.com/t15245-new-post.html
- http://forums.7everyweek.com/t15245-post74330.html#post74330
- http://forums.7everyweek.com/t15246-new-post.html
- http://forums.7everyweek.com/t15246-post74323.html#post74323
- http://forums.7everyweek.com/t15255-new-post.html
- http://forums.7everyweek.com/t15255-post74222.html#post74222
- http://forums.7everyweek.com/t15256-new-post.html
- http://forums.7everyweek.com/t15256.html
- http://forums.7everyweek.com/t15268-new-post.html
- http://forums.7everyweek.com/t15268-post74300.html#post74300
- http://forums.7everyweek.com/t15274-new-post.html
- http://forums.7everyweek.com/t15274-post74306.html#post74306
- http://forums.7everyweek.com/t15282-new-post.html
- http://forums.7everyweek.com/t15282-post74334.html#post74334
- http://forums.7everyweek.com/t15284-new-post.html
- http://forums.7everyweek.com/t15284-post74336.html#post74336
- http://forums.7everyweek.com/t15289-new-post.html
- http://forums.7everyweek.com/t15289-post74414.html#post74414
- http://forums.7everyweek.com/t15289.html
- http://forums.7everyweek.com/t15292-new-post.html
- http://forums.7everyweek.com/t15292-post74372.html#post74372
- http://forums.7everyweek.com/t15293-new-post.html
- http://forums.7everyweek.com/t15293-post74373.html#post74373
- http://forums.7everyweek.com/t15301-new-post.html
- http://forums.7everyweek.com/t15301.html
- http://forums.7everyweek.com/t15309-new-post.html
- http://forums.7everyweek.com/t15309-post74392.html#post74392
- http://forums.7everyweek.com/t15310-new-post.html
- http://forums.7everyweek.com/t15310-post74397.html#post74397
- http://forums.7everyweek.com/t15311-new-post.html
- http://forums.7everyweek.com/t15311-post74396.html#post74396
- http://forums.7everyweek.com/t15313-new-post.html
- http://forums.7everyweek.com/t15313-post74400.html#post74400
- http://forums.7everyweek.com/t15315-new-post.html
- http://forums.7everyweek.com/t15315.html
- http://forums.7everyweek.com/t15316-new-post.html
- http://forums.7everyweek.com/t15316.html
- http://forums.7everyweek.com/t15317-new-post.html
- http://forums.7everyweek.com/t15317.html
- http://forums.7everyweek.com/t15318-new-post.html
- http://forums.7everyweek.com/t15318-post74405.html#post74405
- http://forums.7everyweek.com/t15318.html
- http://forums.7everyweek.com/t15319-new-post.html
- http://forums.7everyweek.com/t15319-post74411.html#post74411
- http://forums.7everyweek.com/t15319.html
- http://forums.7everyweek.com/t1989.html
- http://forums.7everyweek.com/t201-new-post.html
- http://forums.7everyweek.com/t201-post73952.html#post73952
- http://forums.7everyweek.com/t2609.html
- http://forums.7everyweek.com/t3125-new-post.html
- http://forums.7everyweek.com/t3125-post70207.html#post70207
- http://forums.7everyweek.com/t3665.html
- http://forums.7everyweek.com/t3684-last-post.html
- http://forums.7everyweek.com/t3684.html
- http://forums.7everyweek.com/t4352.html
- http://forums.7everyweek.com/t5166-last-post.html
- http://forums.7everyweek.com/t5166.html
- http://forums.7everyweek.com/t602.html
- http://forums.7everyweek.com/t6323.html
- http://forums.7everyweek.com/t7184-last-post.html
- http://forums.7everyweek.com/t7184.html
- http://forums.7everyweek.com/t8934.html
- http://forums.7everyweek.com/t8980-new-post.html
- http://forums.7everyweek.com/t8980-post63162.html#post63162
- http://forums.7everyweek.com/t9461-new-post.html
- http://forums.7everyweek.com/t9461-post71164.html#post71164
- http://forums.7everyweek.com/t9710-last-post.html
- http://forums.7everyweek.com/t9710.html
- http://forums.7everyweek.com/tags/
- http://forums.7everyweek.com/u1.html
- http://forums.7everyweek.com/u1052.html
- http://forums.7everyweek.com/u116.html
- http://forums.7everyweek.com/u120.html
- http://forums.7everyweek.com/u1260.html
- http://forums.7everyweek.com/u1349.html
- http://forums.7everyweek.com/u1474.html
- http://forums.7everyweek.com/u156.html
- http://forums.7everyweek.com/u1851.html
- http://forums.7everyweek.com/u2010.html
- http://forums.7everyweek.com/u2450.html
- http://forums.7everyweek.com/u27.html
- http://forums.7everyweek.com/u3022.html
- http://forums.7everyweek.com/u334.html
- http://forums.7everyweek.com/u39.html
- http://forums.7everyweek.com/u43.html
- http://forums.7everyweek.com/u4355.html
- http://forums.7everyweek.com/u4877.html
- http://forums.7everyweek.com/u5.html
- http://forums.7everyweek.com/u5086.html
- http://forums.7everyweek.com/u535.html
- http://forums.7everyweek.com/u5422.html
- http://forums.7everyweek.com/u5859.html
- http://forums.7everyweek.com/u6101.html
- http://forums.7everyweek.com/u6383.html
- http://forums.7everyweek.com/u639.html
- http://forums.7everyweek.com/u6700.html
- http://forums.7everyweek.com/u7692.html
- http://forums.7everyweek.com/u7759.html
- http://forums.7everyweek.com/u7762.html
- http://forums.7everyweek.com/u78.html
- http://forums.7everyweek.com/u8082.html
- http://forums.7everyweek.com/u8501.html
- http://forums.7everyweek.com/u8637.html
- http://forums.7everyweek.com/u8648.html
- http://forums.7everyweek.com/u8777.html
- http://forums.7everyweek.com/u8809.html
- http://forums.7everyweek.com/u8919.html
- http://forums.7everyweek.com/u8992.html
- http://forums.7everyweek.com/u9.html
- http://forums.7everyweek.com/u9015.html
- http://forums.7everyweek.com/u9153.html
- http://forums.7everyweek.com/u9173.html
- http://forums.7everyweek.com/u9257.html
- http://forums.7everyweek.com/u9287.html
- http://forums.7everyweek.com/u9333.html
- http://forums.7everyweek.com/u9346.html
- http://forums.7everyweek.com/u9347.html
- http://forums.7everyweek.com/u9353.html
- http://forums.7everyweek.com/u9358.html
- http://forums.7everyweek.com/u9359.html
- http://forums.7everyweek.com/u9360.html
- http://forums.7everyweek.com/u9361.html
- http://forums.7everyweek.com/u9362.html
- http://forums.7everyweek.com/u9363.html
- http://forums.7everyweek.com/u9364.html
- http://forums.7everyweek.com/u9365.html
- http://forums.7everyweek.com/u9366.html
- http://forums.7everyweek.com/u9367.html
- http://forums.7everyweek.com/u9368.html
- http://forums.7everyweek.com/u9369.html
- http://forums.7everyweek.com/u9370.html
- http://forums.7everyweek.com/u9371.html
- http://forums.7everyweek.com/u9372.html
- http://forums.7everyweek.com/usercp.php
- http://localhost/c_news_letter.php?
- http://localhost/c_news_letter.php?do=send_news_letter
- http://www.addthis.com/bookmark.php
- http://www.d3m-vb.net/vb
- http://www.feedage.com/feeds/5014621/%D8%B3%D9%81%D9%86-%D8%A5%D9%81%D8%B1%D9%8A-%D9%88%D9%8A%D9%83
- http://www.feedage.com/subscribe.php?fid=5014621&s=alesti
- http://www.feedage.com/subscribe.php?fid=5014621&s=aol
- http://www.feedage.com/subscribe.php?fid=5014621&s=bloglines
- http://www.feedage.com/subscribe.php?fid=5014621&s=feedagealerts
- http://www.feedage.com/subscribe.php?fid=5014621&s=feedagegroups
- http://www.feedage.com/subscribe.php?fid=5014621&s=fwicki
- http://www.feedage.com/subscribe.php?fid=5014621&s=google
- http://www.feedage.com/subscribe.php?fid=5014621&s=iping-it
- http://www.feedage.com/subscribe.php?fid=5014621&s=live
- http://www.feedage.com/subscribe.php?fid=5014621&s=msn
- http://www.feedage.com/subscribe.php?fid=5014621&s=netvibes
- http://www.feedage.com/subscribe.php?fid=5014621&s=newsburst
- http://www.feedage.com/subscribe.php?fid=5014621&s=newsgator
- http://www.feedage.com/subscribe.php?fid=5014621&s=pageflakes
- http://www.feedage.com/subscribe.php?fid=5014621&s=rojo
- http://www.feedage.com/subscribe.php?fid=5014621&s=spokentoyou
- http://www.feedage.com/subscribe.php?fid=5014621&s=yahoo
- http://www.leenkat.com/vb
- Show all
attachment-10
.gif
attachment-100
.js
attachment-101
.js
attachment-102
.js
attachment-103
.js
attachment-11
.gif
attachment-12
.gif
attachment-13
.gif
attachment-15
.gif
attachment-16
.jpg
attachment-18
.gif
attachment-2
.gif
attachment-28
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-56
.gif
attachment-6
.gif
attachment-60
.gif
attachment-66
.gif
attachment-68
.gif
attachment-7
.gif
attachment-70
.gif
attachment-71
.gif
attachment-72
.gif
attachment-73
.gif
attachment-74
.gif
attachment-75
.gif
attachment-76
.gif
attachment-77
.gif
attachment-78
.gif
attachment-79
.gif
attachment-8
.gif
attachment-80
.gif
attachment-81
.gif
attachment-82
.gif
attachment-83
.gif
attachment-84
.gif
attachment-85
.gif
attachment-86
.gif
attachment-87
.gif
attachment-88
.gif
attachment-89
.gif
attachment-9
.gif
attachment-91
.gif
attachment-92
.gif
attachment-93
.gif
attachment-94
attachment-95
.js
attachment-96
.js
attachment-97
.js
attachment-98
.js
attachment-99
.js
email-html-1.txt
.html .js polyglot
norton/هام جدا.txt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 472KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 31KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 39KB - Virtual size: 38KB

UPX0
Size: - Virtual size: 472KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 31KB - Virtual size: 32KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 39KB - Virtual size: 38KB