ws[.]zip | Triage

Resubmissions

16/08/2024, 16:11

240816-tmzv9axepq 3

16/08/2024, 16:10

240816-tmh8haxenp 10

14/08/2024, 16:40

240814-t6rzrascqh 10

Sharing

Copy URL Twitter E-mail

General

Target

ws.zip
Size

1.3MB
MD5

e85f4223e3d2ae3f0f3ba4566db7d4c1
SHA1

3bb7806cfaa2f89753353b54cc4c063de45b1d16
SHA256

ff2ac477f84ecd0c6bf4e864b1365d0ec164cd848fafe378686748d2e19f613d
SHA512

2ba0d5a26f5adcdedb3c0983e763ab1a628408a508641dedb2c675747d3543277357a6cc9baaa208fe0a75fe7bad8838d28a8fcb582499e7468966ce9302f958
SSDEEP

24576:lVvEP51CWhUilho3dNnsyuf1/zVjrU1lFbnD6W5AnwGS2DKaoIh3juyf9kXRXyPY:lVv6jWivKsJ1hUfZnm8AdxnNzkXRyP4

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ws/Scylla_v0.9.8/Plugins/ImpRec_Plugins/Imprec_Wrapper_DLL.dll
unpack001/ws/Scylla_v0.9.8/Plugins/ImpRec_Plugins/PECompact 2.7.x.dll
unpack001/ws/Scylla_v0.9.8/Plugins/PECompact.dll
unpack001/ws/Scylla_v0.9.8/Plugins/PESpin_x64_v1.dll
unpack001/ws/Scylla_v0.9.8/Plugins/ScyllaToImprecTree.exe
unpack001/ws/Scylla_v0.9.8/Scylla_x64.dll
unpack001/ws/Scylla_v0.9.8/Scylla_x64.exe
unpack001/ws/Scylla_v0.9.8/Scylla_x86.dll
unpack001/ws/Scylla_v0.9.8/Scylla_x86.exe
unpack001/ws/Windowsecurity.exe

Files

ws.zip
.zip
ws/Scylla_v0.9.8/Plugins/ImpRec_Plugins/Imprec_Wrapper_DLL.dll
.dll windows:5 windows x86 arch:x86

2cc949eb4a30d30d1f52f498bbe8b989

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
SetFilePointer
lstrlenA
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetCurrentProcess
WriteFile
LoadLibraryW
lstrcatA
GetLastError
GetProcAddress
CreateFileMappingA
GetModuleFileNameA
DuplicateHandle
CloseHandle
OpenFileMappingA
lstrcpyW
HeapSize
GetStringTypeW
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
IsProcessorFeaturePresent

user32

wsprintfA

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ws/Scylla_v0.9.8/Plugins/ImpRec_Plugins/PECompact 2.7.x.dll
.dll windows:4 windows x86 arch:x86

ff22697165d98bb65eb88dc24cc02224

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
MapViewOfFile
UnmapViewOfFile
CloseHandle

Exports

Exports

Trace

Sections

.text
Size: 188B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ws/Scylla_v0.9.8/Plugins/Include_Headers/ScyllaPlugin.h
ws/Scylla_v0.9.8/Plugins/PECompact.dll
.dll windows:5 windows x86 arch:x86

975af53aefe81e8a738538bdcad22789

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
SetFilePointer
lstrlenA
MapViewOfFile
UnmapViewOfFile
WriteFile
lstrcatA
GetModuleFileNameA
CloseHandle
OpenFileMappingA
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Exports

Exports

ScyllaPluginNameW

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ws/Scylla_v0.9.8/Plugins/PESpin_x64_v1.dll
.dll windows:5 windows x64 arch:x64

1c111dfbeaca7d25a4d7a0291a58856c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
SetFilePointer
lstrlenA
MapViewOfFile
UnmapViewOfFile
WriteFile
lstrcatA
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA
CloseHandle
OpenFileMappingA
GetStringTypeW
MultiByteToWideChar
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
GetModuleFileNameW
LCMapStringW
HeapSize

user32

wsprintfA

Exports

Exports

ScyllaPluginNameW

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ws/Scylla_v0.9.8/Plugins/ScyllaToImprecTree.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ws/Scylla_v0.9.8/Plugins/Sources/Imprec_Wrapper_DLL.cpp
ws/Scylla_v0.9.8/Plugins/Sources/PECompact.cpp
ws/Scylla_v0.9.8/Plugins/Sources/PESpin_x64_v1.cpp
ws/Scylla_v0.9.8/Plugins/Sources/scyllatoimprectree.rar
.rar
ScyllaToImprecTree.sln
ScyllaToImprecTree/Form1.Designer.cs
ScyllaToImprecTree/Form1.cs
ScyllaToImprecTree/Form1.resx
.vbs
ScyllaToImprecTree/Program.cs
ScyllaToImprecTree/Properties/AssemblyInfo.cs
ScyllaToImprecTree/Properties/Resources.Designer.cs
.vbs
ScyllaToImprecTree/Properties/Resources.resx
.vbs
ScyllaToImprecTree/Properties/Settings.Designer.cs
ScyllaToImprecTree/Properties/Settings.settings
ScyllaToImprecTree/ScyllaToImprecTree.csproj
ScyllaToImprecTree/app.config
.xml
ws/Scylla_v0.9.8/Scylla.ini
ws/Scylla_v0.9.8/Scylla_Exports.txt
ws/Scylla_v0.9.8/Scylla_README.txt
ws/Scylla_v0.9.8/Scylla_x64.dll
.dll windows:5 windows x64 arch:x64

a4b192fb7f7c9235dafc61f7c2ce1c63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceW
LoadResource
SetUnhandledExceptionFilter
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
lstrlenW
SetLastError
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
GetVersion
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
FindFirstFileW
FindClose
FindNextFileW
CopyFileW
ReadProcessMemory
GetFileSizeEx
VirtualProtectEx
WideCharToMultiByte
GetVersionExW
GetSystemInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
HeapReAlloc
GetLastError
GetStdHandle
HeapDestroy
HeapCreate
HeapSetInformation
GetStringTypeW
ExitProcess
HeapSize
Sleep
FlsAlloc
FlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
GetCommandLineA
FlsSetValue
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
lstrlenA
CreateFileW
MultiByteToWideChar
CreateFileMappingW
MapViewOfFile
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
ResumeThread
WriteProcessMemory
CloseHandle
GetExitCodeThread
VirtualAllocEx
SetThreadPriority
LoadLibraryW
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
FreeLibrary
GlobalFree
RaiseException
FlushInstructionCache
GlobalUnlock
MulDiv
GlobalAlloc
GlobalLock
GetCurrentProcess
QueryDosDeviceW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileStringW
GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualQueryEx
GetModuleHandleW
LCMapStringW
UnmapViewOfFile

user32

LoadIconW
DragDetect
IsDialogMessageW
GetMenu
IntersectRect
InflateRect
GetKeyState
EnableMenuItem
GetSysColor
GetActiveWindow
AdjustWindowRectEx
SetCapture
PostQuitMessage
ScreenToClient
LoadAcceleratorsW
AppendMenuW
DialogBoxParamW
ReleaseCapture
EnableWindow
GetMessagePos
DestroyAcceleratorTable
GetMessageW
TranslateAcceleratorW
GetWindowTextLengthW
SetDlgItemTextW
ReleaseDC
CharNextW
TranslateMessage
PeekMessageW
CreateDialogParamW
DispatchMessageW
UpdateWindow
LoadImageW
GetDC
GetDesktopWindow
DestroyIcon
SetFocus
ClientToScreen
CloseClipboard
MonitorFromPoint
TrackPopupMenu
GetSubMenu
IsClipboardFormatAvailable
MessageBeep
GetWindowLongPtrW
InvalidateRect
LoadMenuW
GetClipboardData
GetWindowTextW
EmptyClipboard
SetWindowLongW
RedrawWindow
ShowWindow
IsWindow
OpenClipboard
MessageBoxW
IsWindowVisible
SetWindowLongPtrW
SetClipboardData
DestroyMenu
GetDlgCtrlID
CallWindowProcW
DefWindowProcW
DestroyWindow
GetWindowRect
GetParent
GetClientRect
GetWindowLongW
MonitorFromWindow
GetDlgItem
EndDialog
SetWindowPos
CreateWindowExW
SendMessageW
MapWindowPoints
SetWindowTextW
GetMonitorInfoW
GetWindow
CreatePopupMenu
UnregisterClassA

gdi32

GetObjectW
DeleteObject
CreateFontIndirectW
GetDeviceCaps
GetClipBox
CreatePatternBrush
CreateRectRgn
CombineRgn
CreateRectRgnIndirect
SelectClipRgn
SelectObject
CreateBitmap
PatBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathAppendW
PathRemoveFileSpecW

comctl32

ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

psapi

GetModuleFileNameExW
GetMappedFileNameW
EnumProcessModules
GetProcessImageFileNameW

imagehlp

CheckSumMappedFile

Exports

Exports

ScyllaDumpCurrentProcessA
ScyllaDumpCurrentProcessW
ScyllaDumpProcessA
ScyllaDumpProcessW
ScyllaIatFixAutoW
ScyllaIatSearch
ScyllaRebuildFileA
ScyllaRebuildFileW
ScyllaStartGui
ScyllaVersionInformationA
ScyllaVersionInformationDword
ScyllaVersionInformationW

Sections

.text
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ws/Scylla_v0.9.8/Scylla_x64.exe
.exe windows:5 windows x64 arch:x64

bcac76bb6976db70842f08f6e2e54ce6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadResource
SetUnhandledExceptionFilter
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
lstrlenW
SetLastError
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
GetVersion
CreateFileW
SetFilePointer
SetEndOfFile
ReadFile
FindFirstFileW
FindClose
FindNextFileW
WriteFile
CopyFileW
ReadProcessMemory
GetFileSizeEx
VirtualProtectEx
WideCharToMultiByte
GetVersionExW
GetSystemInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetHandleCount
HeapReAlloc
FindResourceW
GetStdHandle
HeapCreate
HeapSetInformation
GetStringTypeW
ExitProcess
HeapSize
Sleep
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
GetStartupInfoW
GetCommandLineW
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
GetLastError
lstrlenA
MultiByteToWideChar
CreateFileMappingW
MapViewOfFile
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
ResumeThread
WriteProcessMemory
CloseHandle
GetExitCodeThread
VirtualAllocEx
SetThreadPriority
LoadLibraryW
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
FreeLibrary
GlobalFree
RaiseException
FlushInstructionCache
GlobalUnlock
MulDiv
GlobalAlloc
GlobalLock
GetCurrentProcess
QueryDosDeviceW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileStringW
GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualQueryEx
GetModuleHandleW
LCMapStringW
UnmapViewOfFile

user32

LoadIconW
DragDetect
IntersectRect
IsDialogMessageW
GetMenu
AppendMenuW
InflateRect
GetKeyState
GetSysColor
GetActiveWindow
AdjustWindowRectEx
ReleaseCapture
SetCapture
PostQuitMessage
ScreenToClient
LoadAcceleratorsW
ReleaseDC
DialogBoxParamW
EnableWindow
GetMessagePos
DestroyAcceleratorTable
GetMessageW
CharNextW
TranslateAcceleratorW
GetWindowTextLengthW
SetDlgItemTextW
EnableMenuItem
TranslateMessage
PeekMessageW
CreateDialogParamW
DispatchMessageW
UpdateWindow
LoadImageW
GetDC
GetDesktopWindow
DestroyIcon
SetFocus
ClientToScreen
CloseClipboard
MonitorFromPoint
TrackPopupMenu
GetSubMenu
IsClipboardFormatAvailable
MessageBeep
GetWindowLongPtrW
InvalidateRect
LoadMenuW
GetClipboardData
GetWindowTextW
EmptyClipboard
SetWindowLongW
RedrawWindow
ShowWindow
IsWindow
OpenClipboard
MessageBoxW
IsWindowVisible
SetWindowLongPtrW
SetClipboardData
DestroyMenu
GetDlgCtrlID
CallWindowProcW
DefWindowProcW
DestroyWindow
GetWindowRect
GetParent
GetClientRect
GetWindowLongW
MonitorFromWindow
GetDlgItem
EndDialog
SetWindowPos
CreateWindowExW
SendMessageW
MapWindowPoints
SetWindowTextW
GetMonitorInfoW
GetWindow
CreatePopupMenu
UnregisterClassA

gdi32

GetObjectW
DeleteObject
CreateFontIndirectW
GetDeviceCaps
GetClipBox
CreatePatternBrush
CreateRectRgn
CombineRgn
CreateRectRgnIndirect
SelectClipRgn
SelectObject
PatBlt
CreateBitmap

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathAppendW
PathRemoveFileSpecW

comctl32

ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

psapi

GetModuleFileNameExW
GetMappedFileNameW
EnumProcessModules
GetProcessImageFileNameW

imagehlp

CheckSumMappedFile

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ws/Scylla_v0.9.8/Scylla_x64.lib
ws/Scylla_v0.9.8/Scylla_x64.map
ws/Scylla_v0.9.8/Scylla_x86.dll
.dll windows:5 windows x86 arch:x86

e6bc99b225199cc89f30d44d09453207

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceW
LoadResource
SetUnhandledExceptionFilter
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
SizeofResource
LeaveCriticalSection
lstrlenW
SetLastError
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
GetVersion
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW
CopyFileW
ReadProcessMemory
GetFileSizeEx
VirtualProtectEx
WideCharToMultiByte
GetVersionExW
GetSystemInfo
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentProcess
QueryPerformanceCounter
GetEnvironmentStringsW
FreeLibrary
GetEnvironmentStrings
GetLastError
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
GetModuleFileNameA
GetStdHandle
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
HeapSize
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
SetStdHandle
FlushFileBuffers
CreateFileA
GlobalFree
RaiseException
GetConsoleMode
FlushInstructionCache
GlobalUnlock
MulDiv
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
QueryDosDeviceW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileStringW
GetModuleHandleA
lstrlenA
CreateFileW
MultiByteToWideChar
CreateFileMappingW
MapViewOfFile
ResumeThread
WriteProcessMemory
CloseHandle
GetExitCodeThread
VirtualAllocEx
SetThreadPriority
LoadLibraryW
VirtualFreeEx
CreateRemoteThread
FreeEnvironmentStringsA
WaitForSingleObject
GlobalAlloc
FreeEnvironmentStringsW
GlobalLock
LoadLibraryA
GetProcAddress
VirtualQueryEx
GetModuleHandleW
GetTickCount
UnmapViewOfFile

user32

InflateRect
LoadAcceleratorsW
DialogBoxParamW
PostQuitMessage
GetKeyState
SetCapture
IsDialogMessageW
GetMenu
LoadIconW
DragDetect
IntersectRect
ReleaseDC
EnableMenuItem
ScreenToClient
TranslateAcceleratorW
GetWindowTextLengthW
SetDlgItemTextW
GetSysColor
CreatePopupMenu
GetActiveWindow
AdjustWindowRectEx
ReleaseCapture
EnableWindow
GetMessagePos
DestroyAcceleratorTable
GetMessageW
CharNextW
TranslateMessage
PeekMessageW
CreateDialogParamW
DispatchMessageW
UpdateWindow
LoadImageW
GetDC
GetDesktopWindow
DestroyIcon
SetFocus
ClientToScreen
CloseClipboard
MonitorFromPoint
TrackPopupMenu
GetSubMenu
IsClipboardFormatAvailable
MessageBeep
InvalidateRect
LoadMenuW
GetClipboardData
GetWindowTextW
EmptyClipboard
SetWindowLongW
RedrawWindow
ShowWindow
IsWindow
OpenClipboard
MessageBoxW
IsWindowVisible
SetClipboardData
DestroyMenu
GetDlgCtrlID
CallWindowProcW
DefWindowProcW
DestroyWindow
GetWindowRect
GetParent
GetClientRect
GetWindowLongW
MonitorFromWindow
GetDlgItem
EndDialog
SetWindowPos
CreateWindowExW
SendMessageW
MapWindowPoints
SetWindowTextW
GetMonitorInfoW
GetWindow
AppendMenuW
UnregisterClassA

gdi32

CreateBitmap
SelectObject
SelectClipRgn
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
CreatePatternBrush
GetClipBox
GetDeviceCaps
CreateFontIndirectW
DeleteObject
GetObjectW
PatBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathAppendW

comctl32

InitCommonControlsEx
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create

psapi

GetModuleFileNameExW
GetMappedFileNameW
EnumProcessModules
GetProcessImageFileNameW

imagehlp

CheckSumMappedFile

Exports

Exports

ScyllaDumpCurrentProcessA
ScyllaDumpCurrentProcessW
ScyllaDumpProcessA
ScyllaDumpProcessW
ScyllaIatFixAutoW
ScyllaIatSearch
ScyllaRebuildFileA
ScyllaRebuildFileW
ScyllaStartGui
ScyllaVersionInformationA
ScyllaVersionInformationDword
ScyllaVersionInformationW

Sections

.text
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ws/Scylla_v0.9.8/Scylla_x86.exe
.exe windows:5 windows x86 arch:x86

13f803d90a1a8166ecfc4197841a663f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
SetUnhandledExceptionFilter
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
SizeofResource
LeaveCriticalSection
lstrlenW
SetLastError
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
GetVersion
CreateFileW
SetFilePointer
SetEndOfFile
ReadFile
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW
WriteFile
CopyFileW
ReadProcessMemory
GetFileSizeEx
VirtualProtectEx
WideCharToMultiByte
GetVersionExW
GetSystemInfo
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetCurrentProcess
GetCurrentProcessId
GetTickCount
FreeLibrary
GetCommandLineW
GetEnvironmentStringsW
FindResourceW
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
GetModuleFileNameA
GetStdHandle
HeapReAlloc
HeapCreate
ExitProcess
HeapSize
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
FlushFileBuffers
CreateFileA
GlobalFree
RaiseException
FlushInstructionCache
SetStdHandle
GlobalUnlock
MulDiv
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
QueryDosDeviceW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileStringW
GetModuleHandleA
LoadLibraryA
GetLastError
lstrlenA
MultiByteToWideChar
CreateFileMappingW
MapViewOfFile
ResumeThread
WriteProcessMemory
CloseHandle
GetExitCodeThread
VirtualAllocEx
SetThreadPriority
LoadLibraryW
VirtualFreeEx
CreateRemoteThread
FreeEnvironmentStringsW
WaitForSingleObject
GlobalAlloc
QueryPerformanceCounter
GlobalLock
GetProcAddress
VirtualQueryEx
GetModuleHandleW
GetSystemTimeAsFileTime
UnmapViewOfFile

user32

GetMenu
IsDialogMessageW
LoadIconW
InflateRect
SetCapture
PostQuitMessage
LoadAcceleratorsW
DialogBoxParamW
GetKeyState
DragDetect
IntersectRect
ReleaseDC
EnableMenuItem
GetSysColor
ScreenToClient
TranslateAcceleratorW
GetWindowTextLengthW
SetDlgItemTextW
CreatePopupMenu
GetActiveWindow
AdjustWindowRectEx
ReleaseCapture
EnableWindow
GetMessagePos
DestroyAcceleratorTable
GetMessageW
CharNextW
TranslateMessage
PeekMessageW
CreateDialogParamW
DispatchMessageW
UpdateWindow
LoadImageW
GetDC
GetDesktopWindow
DestroyIcon
SetFocus
ClientToScreen
CloseClipboard
MonitorFromPoint
TrackPopupMenu
GetSubMenu
IsClipboardFormatAvailable
MessageBeep
InvalidateRect
LoadMenuW
GetClipboardData
GetWindowTextW
EmptyClipboard
SetWindowLongW
RedrawWindow
ShowWindow
IsWindow
OpenClipboard
MessageBoxW
IsWindowVisible
SetClipboardData
DestroyMenu
GetDlgCtrlID
CallWindowProcW
DefWindowProcW
DestroyWindow
GetWindowRect
GetParent
GetClientRect
GetWindowLongW
MonitorFromWindow
GetDlgItem
EndDialog
SetWindowPos
CreateWindowExW
SendMessageW
MapWindowPoints
SetWindowTextW
GetMonitorInfoW
GetWindow
AppendMenuW
UnregisterClassA

gdi32

CreateBitmap
SelectObject
SelectClipRgn
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
CreatePatternBrush
GetClipBox
GetDeviceCaps
CreateFontIndirectW
DeleteObject
GetObjectW
PatBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteValueW

shell32

ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathAppendW

comctl32

InitCommonControlsEx
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create

psapi

GetModuleFileNameExW
GetMappedFileNameW
EnumProcessModules
GetProcessImageFileNameW

imagehlp

CheckSumMappedFile

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ws/Scylla_v0.9.8/Scylla_x86.lib
ws/Scylla_v0.9.8/Scylla_x86.map
ws/Windowsecurity.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

2cc949eb4a30d30d1f52f498bbe8b989

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 2KB

ff22697165d98bb65eb88dc24cc02224

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 188B - Virtual size: 4KB

.rdata Size: 228B - Virtual size: 4KB

.reloc Size: 20B - Virtual size: 28B

975af53aefe81e8a738538bdcad22789

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 1KB

1c111dfbeaca7d25a4d7a0291a58856c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 444B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

a4b192fb7f7c9235dafc61f7c2ce1c63

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 188B - Virtual size: 4KB

.rdata
Size: 228B - Virtual size: 4KB

.reloc
Size: 20B - Virtual size: 28B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 444B

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 311KB - Virtual size: 311KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 39KB - Virtual size: 98KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 306KB - Virtual size: 305KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 39KB - Virtual size: 99KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 305KB - Virtual size: 304KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 36KB - Virtual size: 94KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 20KB - Virtual size: 20KB