Zeus-translation[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Zeus-translation.zip
Size

11.4MB
MD5

e1d831fe3a59fe4fc14970ebce66f277
SHA1

6d54593953b4a0f40ea22897926afa1d48ad4e06
SHA256

177c0d44829888987f89988f21973d8364853a864103d5bda9269e2b82e4bc37
SHA512

cfe7997775e4d72e4821b83c1802ac05cada38f881986bfaf08da43fcc1572ef4056da019651213a2a91ba8e47031614d2536feeaabf0982a7f8b0c44119a2fd
SSDEEP

196608:es7N5W144Abhq/vAmgQdGQXKvNa7hI3C6XI8d7IwHehJxysBLncEp1ObaADGgJ:37NiF/vAmgSheSIRfhdHOxh7p0a5W

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Zeus-translation/output/builder/zsb.exe	upx
static1/unpack001/Zeus-translation/output/server/zsbcs.exe	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Zeus-translation/bin/7z.exe
unpack001/Zeus-translation/bin/FASM.EXE
unpack001/Zeus-translation/bin/PHP/ext/php_gmp.dll
unpack001/Zeus-translation/bin/PHP/ext/php_mbstring.dll
unpack001/Zeus-translation/bin/PHP/ext/php_sockets.dll
unpack001/Zeus-translation/bin/PHP/php.exe
unpack001/Zeus-translation/bin/PHP/php5ts.dll
unpack001/Zeus-translation/bin/bt.exe
unpack001/Zeus-translation/output/builder/bot.exe.txt
unpack001/Zeus-translation/output/builder/zsb.exe
unpack002/out.upx
unpack001/Zeus-translation/output/client32.bin
unpack001/Zeus-translation/output/server/zsbcs.exe
unpack003/out.upx
unpack001/Zeus-translation/source/other/zip.exe

Files

Zeus-translation.zip
.zip
Zeus-translation/README
Zeus-translation/README.txt
Zeus-translation/VNC.txt
Zeus-translation/bin/7z.exe
.exe windows:4 windows x86 arch:x86

709c92fb1b0d51e4048409976b042040

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysStringByteLen
SysFreeString

user32

CharUpperW
CharPrevA
CharUpperA
CharNextA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsncmp
wcslen
memcpy
fputc
fflush
fgetc
fclose
_iob
free
malloc
memmove
memcmp
fprintf
strlen
fputs
_purecall
__CxxFrameHandler
_CxxThrowException
_isatty
_fileno

kernel32

VirtualAlloc
GetTickCount
VirtualFree
WaitForSingleObject
SetEvent
InitializeCriticalSection
MapViewOfFile
GetProcessTimes
UnmapViewOfFile
OpenEventA
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
GetModuleHandleA
GlobalMemoryStatus
GetSystemInfo
FileTimeToSystemTime
CompareFileTime
GetProcAddress
GetCurrentProcess
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
CreateFileA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
GetTempFileNameW
GetTempFileNameA
GetTempPathW
GetTempPathA
SearchPathW
SearchPathA
GetCurrentDirectoryW
SetCurrentDirectoryW
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetCommandLineW
SetFileApisToOEM
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
SetConsoleMode
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
GetLastError
FreeLibrary
LoadLibraryExA
LoadLibraryA
AreFileApisANSI
SetCurrentDirectoryA
GetModuleFileNameA
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
GetWindowsDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
OpenFileMappingA

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zeus-translation/bin/FASM.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.flat
Size: 75KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 335B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zeus-translation/bin/PHP/ext/php_gmp.dll
.dll windows:5 windows x86 arch:x86

b6d41ebff66fba14f264a62b8d85d1f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\php-sdk\snap_5_3\vc9\x86\obj\Release_TS\php_gmp.pdb

Imports

php5ts

zend_register_list_destructors_ex
zend_register_long_constant
zend_register_string_constant
php_combined_lcg
add_assoc_resource_ex
zend_parse_parameters
_array_init
add_index_resource
add_index_long
zend_fetch_resource
zend_register_resource
_zend_list_delete
convert_to_long
php_error_docref0
php_info_print_table_start
php_info_print_table_row
php_info_print_table_end
_efree
_erealloc
_emalloc
_zval_copy_ctor_func

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcessId

msvcr90

_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
_time32
abort
fprintf
__iob_func
malloc
realloc
free
isspace
memset
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv

Exports

Exports

get_module

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zeus-translation/bin/PHP/ext/php_mbstring.dll
.dll windows:5 windows x86 arch:x86

c4d02a32d173be5d55235fb80fe4e154

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\php-sdk\snap_5_3\vc9\x86\obj\Release_TS\php_mbstring.pdb

Imports

php5ts

sapi_add_header_ex
php_strtoupper
zend_hash_destroy
php_mail
php_escape_shell_cmd
_zend_hash_init
zend_ini_string_ex
add_assoc_zval_ex
add_assoc_long_ex
convert_to_long
zend_hash_clean
_zval_ptr_dtor
ap_php_snprintf
add_index_bool
add_index_stringl
zend_eval_stringl
zend_make_compiled_string_description
add_next_index_stringl
add_next_index_long
add_next_index_string
spprintf
zend_parse_parameters
php_info_print_table_start
php_info_print_table_row
php_info_print_table_end
php_info_print_table_header
display_ini_entries
zend_hash_del_key_or_index
_safe_emalloc
zend_hash_find
executor_globals_id
_zend_hash_add_or_update
zend_unregister_ini_entries
zend_register_ini_entries
sapi_register_treat_data
zend_register_long_constant
php_trim
OnUpdateBool
sapi_unregister_post_entry
sapi_register_post_entries
zend_hash_internal_pointer_reset_ex
zend_hash_num_elements
zend_hash_get_current_data_ex
_convert_to_string
zend_hash_move_forward_ex
_erealloc
_zval_copy_ctor_func
_zval_dtor_func
_safe_malloc
sapi_read_standard_form_data
php_std_post_handler
rfc1867_post_handler
OnUpdateLong
zend_ini_boolean_displayer_cb
zend_ini_string
php_default_treat_data
_emalloc
_array_init
sapi_handle_post
_estrdup
sapi_globals_id
core_globals_id
zend_alter_ini_entry
_ecalloc
php_strtok_r
php_url_decode
php_error_docref0
_efree
_estrndup
sapi_module
add_assoc_string_ex
php_register_variable_safe

msvcr90

_strnicmp
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_vsnprintf
strcmp
strncpy
memmove
sprintf
calloc
isspace
iscntrl
memcpy
strtol
free
memchr
realloc
memset
malloc
__iob_func
fprintf
exit
strchr
_stricmp

kernel32

IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep

Exports

Exports

OnigAsciiPairAmbigCodes
OnigDefaultAmbigFlag
OnigDefaultSyntax
OnigEncAsciiCtypeTable
OnigEncAsciiToLowerCaseTable
OnigEncDefaultCharEncoding
OnigEncISO_8859_1_ToLowerCaseTable
OnigEnc_Unicode_ISO_8859_1_CtypeTable
OnigEncodingASCII
OnigEncodingBIG5
OnigEncodingEUC_CN
OnigEncodingEUC_JP
OnigEncodingEUC_KR
OnigEncodingEUC_TW
OnigEncodingGB18030
OnigEncodingISO_8859_1
OnigEncodingISO_8859_10
OnigEncodingISO_8859_11
OnigEncodingISO_8859_13
OnigEncodingISO_8859_14
OnigEncodingISO_8859_15
OnigEncodingISO_8859_16
OnigEncodingISO_8859_2
OnigEncodingISO_8859_3
OnigEncodingISO_8859_4
OnigEncodingISO_8859_5
OnigEncodingISO_8859_6
OnigEncodingISO_8859_7
OnigEncodingISO_8859_8
OnigEncodingISO_8859_9
OnigEncodingKOI8
OnigEncodingKOI8_R
OnigEncodingSJIS
OnigEncodingUTF16_BE
OnigEncodingUTF16_LE
OnigEncodingUTF32_BE
OnigEncodingUTF32_LE
OnigEncodingUTF8
OnigSyntaxASIS
OnigSyntaxEmacs
OnigSyntaxGnuRegex
OnigSyntaxGrep
OnigSyntaxJava
OnigSyntaxPerl
OnigSyntaxPerl_NG
OnigSyntaxPosixBasic
OnigSyntaxPosixExtended
OnigSyntaxRuby
__mbfl_allocators
get_module
mbfl_buffer_converter_delete
mbfl_buffer_converter_feed
mbfl_buffer_converter_feed_result
mbfl_buffer_converter_flush
mbfl_buffer_converter_getbuffer
mbfl_buffer_converter_illegal_mode
mbfl_buffer_converter_illegal_substchar
mbfl_buffer_converter_new
mbfl_buffer_converter_reset
mbfl_buffer_converter_result
mbfl_buffer_converter_strncat
mbfl_buffer_illegalchars
mbfl_convert_encoding
mbfl_convert_filter_copy
mbfl_convert_filter_delete
mbfl_convert_filter_devcat
mbfl_convert_filter_feed
mbfl_convert_filter_flush
mbfl_convert_filter_get_vtbl
mbfl_convert_filter_list
mbfl_convert_filter_new
mbfl_convert_filter_reset
mbfl_convert_filter_strcat
mbfl_encoding_detector_delete
mbfl_encoding_detector_feed
mbfl_encoding_detector_judge
mbfl_encoding_detector_new
mbfl_filt_conv_common_ctor
mbfl_filt_conv_common_dtor
mbfl_filt_conv_common_flush
mbfl_filt_conv_illegal_output
mbfl_filt_conv_pass
mbfl_filt_ident_common_ctor
mbfl_filt_ident_common_dtor
mbfl_filt_ident_false
mbfl_filt_ident_false_ctor
mbfl_filt_ident_true
mbfl_filter_output_null
mbfl_filter_output_pipe
mbfl_get_supported_encodings
mbfl_html_numeric_entity
mbfl_identify_encoding
mbfl_identify_encoding_name
mbfl_identify_encoding_no
mbfl_identify_filter_cleanup
mbfl_identify_filter_delete
mbfl_identify_filter_get_vtbl
mbfl_identify_filter_init
mbfl_identify_filter_new
mbfl_is_support_encoding
mbfl_ja_jp_hantozen
mbfl_memory_device_clear
mbfl_memory_device_devcat
mbfl_memory_device_init
mbfl_memory_device_output
mbfl_memory_device_output2
mbfl_memory_device_output4
mbfl_memory_device_realloc
mbfl_memory_device_reset
mbfl_memory_device_result
mbfl_memory_device_strcat
mbfl_memory_device_strncat
mbfl_memory_device_unput
mbfl_mime_header_decode
mbfl_mime_header_encode
mbfl_name2encoding
mbfl_name2language
mbfl_name2no_encoding
mbfl_name2no_language
mbfl_no2encoding
mbfl_no2language
mbfl_no2preferred_mime_name
mbfl_no_encoding2name
mbfl_no_language2name
mbfl_oddlen
mbfl_strcut
mbfl_strimwidth
mbfl_string_clear
mbfl_string_init
mbfl_string_init_set
mbfl_strlen
mbfl_strpos
mbfl_strwidth
mbfl_substr
mbfl_substr_count
mbfl_wchar_device_clear
mbfl_wchar_device_init
mbfl_wchar_device_output
mbstr_treat_data
mime_header_decoder_delete
mime_header_decoder_feed
mime_header_decoder_new
mime_header_decoder_result
mime_header_encoder_delete
mime_header_encoder_feed
mime_header_encoder_new
mime_header_encoder_result
onig_capture_tree_traverse
onig_copy_encoding
onig_copy_syntax
onig_copyright
onig_end
onig_error_code_to_str
onig_foreach_name
onig_free
onig_get_ambig_flag
onig_get_capture_tree
onig_get_default_ambig_flag
onig_get_encoding
onig_get_match_stack_limit_size
onig_get_options
onig_get_syntax
onig_get_syntax_behavior
onig_get_syntax_op
onig_get_syntax_op2
onig_get_syntax_options
onig_init
onig_match
onig_name_to_backref_number
onig_name_to_group_numbers
onig_new
onig_new_deluxe
onig_noname_group_capture_is_active
onig_number_of_capture_histories
onig_number_of_captures
onig_number_of_names
onig_region_clear
onig_region_copy
onig_region_free
onig_region_init
onig_region_new
onig_region_resize
onig_region_set
onig_search
onig_set_default_ambig_flag
onig_set_default_syntax
onig_set_match_stack_limit_size
onig_set_meta_char
onig_set_syntax_behavior
onig_set_syntax_op
onig_set_syntax_op2
onig_set_syntax_options
onig_set_verb_warn_func
onig_set_warn_func
onig_version
onigenc_always_false_is_allowed_reverse_match
onigenc_always_true_is_allowed_reverse_match
onigenc_ascii_get_all_pair_ambig_codes
onigenc_ascii_is_mbc_ambiguous
onigenc_ascii_mbc_to_normalize
onigenc_ess_tsett_get_all_comp_ambig_codes
onigenc_get_default_encoding
onigenc_get_left_adjust_char_head
onigenc_get_prev_char_head
onigenc_get_right_adjust_char_head
onigenc_get_right_adjust_char_head_with_prev
onigenc_init
onigenc_is_mbc_newline_0x0a
onigenc_iso_8859_1_get_all_pair_ambig_codes
onigenc_mb2_code_to_mbc
onigenc_mb2_code_to_mbc_first
onigenc_mb2_code_to_mbclen
onigenc_mb2_is_code_ctype
onigenc_mb4_code_to_mbc
onigenc_mb4_code_to_mbc_first
onigenc_mb4_code_to_mbclen
onigenc_mb4_is_code_ctype
onigenc_mbn_is_mbc_ambiguous
onigenc_mbn_mbc_to_code
onigenc_mbn_mbc_to_normalize
onigenc_not_support_get_ctype_code_range
onigenc_nothing_get_all_comp_ambig_codes
onigenc_set_default_caseconv_table
onigenc_set_default_encoding
onigenc_single_byte_code_to_mbc
onigenc_single_byte_code_to_mbc_first
onigenc_single_byte_code_to_mbclen
onigenc_single_byte_left_adjust_char_head
onigenc_single_byte_mbc_enc_len
onigenc_single_byte_mbc_to_code
onigenc_step
onigenc_step_back
onigenc_str_bytelen_null
onigenc_strlen
onigenc_strlen_null
onigenc_unicode_get_ctype_code_range
onigenc_unicode_is_code_ctype
onigenc_with_ascii_strncmp
php_mb_check_encoding_list
php_mb_convert_encoding
php_mb_encoding_translation
php_mb_gpc_encoding_converter
php_mb_gpc_encoding_detector
php_mb_gpc_mbchar_bytes
php_mb_mbchar_bytes
php_mb_mbchar_bytes_ex
php_mb_safe_strrchr
php_mb_safe_strrchr_ex
php_mb_stripos
php_mb_strrchr
php_turkish_tolower
php_turkish_toupper
php_unicode_convert_case
php_unicode_is_prop
php_unicode_tolower
php_unicode_totitle
php_unicode_toupper
re_adjust_startpos
re_alloc_pattern
re_compile_pattern
re_free_pattern
re_free_registers
re_match
re_mbcinit
re_search
re_set_casetable
regerror

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zeus-translation/bin/PHP/ext/php_sockets.dll
.dll windows:5 windows x86 arch:x86

5af692a0f71e5fb37b8bdf52b32ca41c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\php-sdk\snap_5_3\vc9\x86\obj\Release_TS\php_sockets.pdb

Imports

php5ts

socketpair
add_index_zval
convert_to_array
zend_hash_find
_array_init
add_assoc_long_ex
zend_wrong_param_count
ap_php_snprintf
zend_register_resource
inet_ntop
_estrndup
_erealloc
_zend_list_delete
php_set_sock_blocking
zend_parse_parameters
convert_to_long
_emalloc
_zval_ptr_dtor
zend_hash_num_elements
_zend_hash_init
zend_hash_get_current_key_ex
_zend_hash_index_update_or_next_insert
_zend_hash_add_or_update
zval_add_ref
zend_hash_destroy
zend_hash_internal_pointer_reset_ex
zend_hash_get_current_data_ex
zend_fetch_resource
zend_hash_move_forward_ex
php_info_print_table_start
php_info_print_table_row
php_info_print_table_end
zend_register_list_destructors_ex
zend_register_long_constant
inet_aton
inet_pton
php_error_docref0
_estrdup
_efree
_zval_copy_ctor_func
_zval_dtor_func

ws2_32

accept
shutdown
setsockopt
getsockopt
closesocket
WSAGetLastError
recv
WSASetLastError
freeaddrinfo
getaddrinfo
gethostbyname
getprotobyname
__WSAFDIsSet
select
listen
send
inet_ntoa
htons
getsockname
getpeername
socket
connect
bind
ntohs
recvfrom
sendto

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
FormatMessageA
LocalFree

msvcr90

__dllonexit
_lock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
memset
memcpy
_onexit
_except_handler4_common
_unlock

Exports

Exports

get_module
php_sockets_le_socket

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zeus-translation/bin/PHP/php.exe
.exe windows:5 windows x86 arch:x86

9a1aeacaaf3dd30c0ecbbdbcfb91d07f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\php-sdk\snap_5_3\vc9\x86\obj\Release_TS\php.pdb

Imports

php5ts

php_print_info
php_end_ob_buffers
php_request_startup
compiler_globals_id
get_zend_version
php_getopt
sapi_startup
ts_resource_ex
tsrm_startup
zend_load_extension
php_body_write
sapi_deactivate
zend_ini_deactivate
zend_is_auto_global
core_globals_id
php_execute_script
php_lint_script
zend_printf
open_file_for_scanning
zend_strip
php_get_highlight_struct
zend_highlight
zend_eval_string_ex
_php_stream_get_line
_estrndup
reflection_extension_ptr
reflection_class_ptr
reflection_method_ptr
reflection_function_ptr
_object_init_ex
zend_call_method
_zval_ptr_dtor
zend_exception_get_default
zend_read_property
reflection_ptr
zend_str_tolower_dup
zend_hash_find
display_ini_entries
php_info_print_module
php_ini_opened_path
php_ini_scanned_files
php_request_shutdown
php_module_shutdown
sapi_shutdown
tsrm_shutdown
virtual_fopen
_emalloc
_php_stream_open_wrapper_ex
zend_register_constant
gc_remove_zval_from_buffer
_efree
_php_stream_free
zend_strndup
_zend_hash_add_or_update
php_module_startup
sapi_globals_id
php_import_environment_variables
sapi_module
php_register_variable
php_handle_aborted_connection
zend_extensions
zend_llist_copy
zend_llist_sort
zend_llist_apply
zend_llist_destroy
_zend_hash_init
module_registry
zend_hash_copy
zend_qsort
zend_hash_sort
zend_hash_apply
zend_hash_destroy
php_printf
php_module_shutdown_wrapper
zend_error
executor_globals_id
zif_dl

msvcr90

_setmode
_stricmp
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
memcpy
_setjmp3
memset
_fmode
_fileno
malloc
strchr
isalnum
realloc
printf
fclose
strstr
getenv
exit
fgetc
ftell
fseek
rewind
strrchr
free
fprintf
fflush
_errno
__iob_func
fwrite
_strdup

kernel32

GetCurrentProcessId
Sleep
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
InterlockedExchange
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zeus-translation/bin/PHP/php.ini
Zeus-translation/bin/PHP/php5ts.dll
.dll windows:5 windows x86 arch:x86

6a771c1cf07a9010b9500888bd923508

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\php-sdk\snap_5_3\vc9\x86\obj\Release_TS\php5ts.pdb

Imports

oleaut32

VariantCopyInd
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
VarCmp
LHashValOfNameSys
SafeArrayGetVartype
VariantChangeType
GetActiveObject
SafeArrayPutElement
SafeArrayGetDim
SysAllocString
VariantInit
VariantClear
SysFreeString
VarImp
VarIdiv
VarEqv
VarDiv
VarAnd
VarMul
VarSu
VarCat
VarAdd
VarNot
VarNeg
VarInt
VarFix
VarAbs
VarRound
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayGetElement
LoadTypeLi
LoadRegTypeLi
VarMod
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysAllocStringByteLen
VarXor
VarPow
VarOr

advapi32

RegCloseKey
RegOpenKeyExA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
RegEnumKeyA
RegQueryValueA
DuplicateTokenEx
CreateProcessAsUserA
OpenThreadToken
OpenProcessToken
EqualSid
DuplicateToken
GetFileSecurityA
MapGenericMask
AccessCheck
GetTokenInformation
CopySid
GetLengthSid
ConvertSidToStringSidA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegQueryValueExA
RegNotifyChangeKeyValue
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
GetUserNameA

ws2_32

getpeername
inet_ntoa
ntohs
htons
socket
closesocket
getaddrinfo
freeaddrinfo
WSAStartup
WSAGetLastError
WSACleanup
getsockname
htonl
ioctlsocket
__WSAFDIsSet
select
WSASetLastError
getsockopt
connect
bind
setsockopt
accept
WSAStringToAddressA
WSAAddressToStringA
inet_addr
listen
send
recv
shutdown
sendto
recvfrom
gethostbyname
gethostname
ntohl
getservbyname
getservbyport
getprotobyname
gethostbyaddr
getprotobynumber

odbc32

ord13
ord23
ord9
ord15
ord14
ord10
ord4
ord6
ord18
ord63
ord19
ord51
ord45
ord3
ord49
ord48
ord12
ord72
ord58
ord21
ord17
ord57
ord11
ord43
ord59
ord7
ord41
ord50
ord1
ord2
ord20
ord61
ord42
ord70
ord53
ord52
ord67
ord66
ord65
ord47
ord60
ord56
ord40
ord54
ord16

kernel32

DuplicateHandle
GetBinaryTypeA
CreateProcessA
GetCurrentProcess
GetProcessHeap
MoveFileExA
SetLastError
GetStdHandle
CreatePipe
GetExitCodeProcess
MapViewOfFileEx
OpenFileMappingA
MultiByteToWideChar
InterlockedDecrement
GetTimeZoneInformation
GetLocalTime
GetCurrentProcessId
SetEnvironmentVariableA
GetEnvironmentVariableA
Sleep
GetDiskFreeSpaceA
LockFileEx
UnlockFileEx
InterlockedExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
GetComputerNameA
GetFileAttributesA
CreateHardLinkA
TerminateProcess
SetErrorMode
SetFilePointer
GetACP
CreateMutexA
ReleaseMutex
InterlockedCompareExchange
GetSystemDirectoryA
GetCurrentThread
GetSystemTime
SystemTimeToFileTime
SetFileTime
CreateFileA
DeviceIoControl
WideCharToMultiByte
GetFileAttributesExA
GetCurrentDirectoryA
FileTimeToSystemTime
TlsFree
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
TlsSetValue
CreateWaitableTimerA
SetWaitableTimer
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
CreateFileMappingA
GetFileSize
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
GetFileType
GetTempPathA
GetTempFileNameA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
LocalFree
FormatMessageA
GetVersion
GetVersionExA
GetLastError
OutputDebugStringA
LoadLibraryA
GetProcAddress
InterlockedIncrement
GetCurrentThreadId
CloseHandle
CreateEventA
WaitForSingleObject
SetEvent
IsDBCSLeadByte
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
FreeLibrary
GetFullPathNameA

ole32

CoInitialize
CoCreateInstance
CoCreateInstanceEx
MkParseDisplayName
CreateBindCtx
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoDisconnectObject
CoTaskMemAlloc
OleLoadFromStream
CLSIDFromProgID
CoUninitialize

user32

DefWindowProcA
SetTimer
PostQuitMessage
KillTimer
UnregisterClassA
DestroyWindow
SendMessageA
GetMessageA
CreateWindowExA
RegisterClassA
PostThreadMessageA
MessageBoxA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
PeekMessageA
GetSystemMetrics

dnsapi

DnsQuery_A
DnsRecordListFree

msvcr90

_tzset
__timezone
__daylight
strtok
_stat32
setvbuf
fseek
fflush
feof
ftell
_get_osfhandle
_access
strnlen
islower
isdigit
_isnan
_fpclass
localeconv
atol
asctime
_localtime32
_gmtime32
_ctime32
_environ
vsprintf
qsort
fwrite
_getpid
_memicmp
_strdup
_fdopen
_open_osfhandle
putchar
_mktime32
fgets
sscanf
iscntrl
isgraph
isprint
ispunct
isupper
isxdigit
floor
strftime
_CIatan2
_CIsqrt
_CIsin
_CIcos
_CIacos
_atoi64
strtod
strncat
strpbrk
strtoul
atof
strcspn
mblen
getc
_CIlog10
ceil
_CIlog
_CIexp
_CItan
_CIasin
_CIatan
_CIsinh
_CIcosh
_CItanh
_hypot
_CIfmod
strcat_s
strncpy_s
_close
strspn
_setmode
_fileno
remove
_creat
_mktemp
putc
ferror
strcmp
clearerr
abort
fputc
_vsnprintf
_wfopen
_stat64i32
_wstat64i32
vfprintf
strcpy_s
sprintf_s
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_dup
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_stricmp
_strnicmp
_isatty
_write
_unlink
_lseek
_read
_chsize
_open
_chmod
_mkdir
_rmdir
_getcwd
strerror
strncpy
setlocale
_set_invalid_parameter_handler
isalnum
strstr
_time32
isspace
_HUGE
fclose
fread
_fstat32
_finite
tolower
strcoll
_CIpow
toupper
printf
_errno
_controlfp_s
_beginthreadex
strrchr
strncmp
isalpha
memmove
strchr
memchr
getenv
__iob_func
fprintf
memcpy
strtol
exit
_putenv
_umask
rewind
atoi
_snprintf
fopen
memset
calloc
malloc
free
realloc
sprintf
_setjmp3
longjmp

Exports

Exports

GetSMErrorText
OnUpdateBaseDir
OnUpdateBool
OnUpdateLong
OnUpdateLongGEZero
OnUpdateReal
OnUpdateString
OnUpdateStringUnempty
PHP_3HAVAL128Init
PHP_3HAVAL160Init
PHP_3HAVAL192Init
PHP_3HAVAL224Init
PHP_3HAVAL256Init
PHP_3TIGERInit
PHP_4HAVAL128Init
PHP_4HAVAL160Init
PHP_4HAVAL192Init
PHP_4HAVAL224Init
PHP_4HAVAL256Init
PHP_4TIGERInit
PHP_5HAVAL128Init
PHP_5HAVAL160Init
PHP_5HAVAL192Init
PHP_5HAVAL224Init
PHP_5HAVAL256Init
PHP_ADLER32Copy
PHP_ADLER32Final
PHP_ADLER32Init
PHP_ADLER32Update
PHP_CRC32BFinal
PHP_CRC32BUpdate
PHP_CRC32Copy
PHP_CRC32Final
PHP_CRC32Init
PHP_CRC32Update
PHP_GOSTFinal
PHP_GOSTInit
PHP_GOSTUpdate
PHP_HAVAL128Final
PHP_HAVAL160Final
PHP_HAVAL192Final
PHP_HAVAL224Final
PHP_HAVAL256Final
PHP_HAVALUpdate
PHP_MD2Final
PHP_MD2Init
PHP_MD2Update
PHP_MD4Final
PHP_MD4Init
PHP_MD4Update
PHP_MD5Final
PHP_MD5Init
PHP_MD5Update
PHP_RIPEMD128Final
PHP_RIPEMD128Init
PHP_RIPEMD128Update
PHP_RIPEMD160Final
PHP_RIPEMD160Init
PHP_RIPEMD160Update
PHP_RIPEMD256Final
PHP_RIPEMD256Init
PHP_RIPEMD256Update
PHP_RIPEMD320Final
PHP_RIPEMD320Init
PHP_RIPEMD320Update
PHP_SALSA10Init
PHP_SALSA20Init
PHP_SALSAFinal
PHP_SALSAUpdate
PHP_SHA1Final
PHP_SHA1Init
PHP_SHA1Update
PHP_SHA224Final
PHP_SHA224Init
PHP_SHA224Update
PHP_SHA256Final
PHP_SHA256Init
PHP_SHA256Update
PHP_SHA384Final
PHP_SHA384Init
PHP_SHA384Update
PHP_SHA512Final
PHP_SHA512Init
PHP_SHA512Update
PHP_SNEFRUFinal
PHP_SNEFRUInit
PHP_SNEFRUUpdate
PHP_TIGER128Final
PHP_TIGER160Final
PHP_TIGER192Final
PHP_TIGERUpdate
PHP_WHIRLPOOLFinal
PHP_WHIRLPOOLInit
PHP_WHIRLPOOLUpdate
TSMClose
TSendMail
UTF8ToHtml
UTF8Toisolat1
ValidateFormat
XML_GetUserData
_DllMain@12
__docbDefaultSAXHandler
__htmlDefaultSAXHandler
__oldXMLWDcompatibility
__xmlBufferAllocScheme
__xmlDefaultBufferSize
__xmlDefaultSAXHandler
__xmlDefaultSAXLocator
__xmlDeregisterNodeDefaultValue
__xmlDoValidityCheckingDefaultValue
__xmlGenericError
__xmlGenericErrorContext
__xmlGetWarningsDefaultValue
__xmlIndentTreeOutput
__xmlKeepBlanksDefaultValue
__xmlLineNumbersDefaultValue
__xmlLoadExtDtdDefaultValue
__xmlParserDebugEntities
__xmlParserVersion
__xmlPedanticParserDefaultValue
__xmlRegisterNodeDefaultValue
__xmlSaveNoEmptyTags
__xmlSubstituteEntitiesDefaultValue
__xmlTreeIndentString
_array_init
_convert_to_string
_ecalloc
_efree
_emalloc
_erealloc
_estrdup
_estrndup
_libiconv_version
_mysqlnd_debug
_mysqlnd_end_psession
_mysqlnd_get_client_stats
_mysqlnd_init
_mysqlnd_palloc_free_cache
_mysqlnd_palloc_free_thd_cache_reference
_mysqlnd_palloc_init_cache
_mysqlnd_palloc_init_thd_cache
_mysqlnd_palloc_rinit
_mysqlnd_palloc_rshutdown
_mysqlnd_poll
_mysqlnd_restart_psession
_object_and_properties_init
_object_init
_object_init_ex
_php_emit_fd_setsize_warning
_php_error_log
_php_find_ps_module
_php_find_ps_serializer
_php_get_stream_filters_hash
_php_glob_stream_get_count
_php_glob_stream_get_path
_php_glob_stream_get_pattern
_php_math_basetolong
_php_math_basetozval
_php_math_longtobase
_php_math_number_format
_php_math_round
_php_math_zvaltobase
_php_regcomp@12
_php_regerror@16
_php_regexec@20
_php_regfree@4
_php_stream_alloc
_php_stream_cast
_php_stream_copy_to_mem
_php_stream_copy_to_stream
_php_stream_copy_to_stream_ex
_php_stream_eof
_php_stream_filter_alloc
_php_stream_filter_append
_php_stream_filter_flush
_php_stream_filter_prepend
_php_stream_flush
_php_stream_fopen
_php_stream_fopen_from_fd
_php_stream_fopen_from_file
_php_stream_fopen_from_pipe
_php_stream_fopen_temporary_file
_php_stream_fopen_tmpfile
_php_stream_fopen_with_path
_php_stream_free
_php_stream_get_line
_php_stream_get_url_stream_wrappers_hash
_php_stream_getc
_php_stream_make_seekable
_php_stream_memory_create
_php_stream_memory_get_buffer
_php_stream_memory_open
_php_stream_mkdir
_php_stream_mmap_range
_php_stream_mmap_unmap
_php_stream_mmap_unmap_ex
_php_stream_open_wrapper_as_file
_php_stream_open_wrapper_ex
_php_stream_opendir
_php_stream_passthru
_php_stream_printf
_php_stream_putc
_php_stream_puts
_php_stream_read
_php_stream_readdir
_php_stream_rmdir
_php_stream_scandir
_php_stream_seek
_php_stream_set_option
_php_stream_sock_open_from_socket
_php_stream_sock_open_host
_php_stream_stat
_php_stream_stat_path
_php_stream_tell
_php_stream_temp_create
_php_stream_temp_open
_php_stream_truncate_set_size
_php_stream_write
_php_stream_xport_create
_safe_emalloc
_safe_erealloc
_safe_malloc
_safe_realloc
_xml_zval_strdup
_zend_bailout
_zend_get_parameters_array
_zend_get_parameters_array_ex
_zend_hash_add_or_update
_zend_hash_index_update_or_next_insert
_zend_hash_init
_zend_hash_init_ex
_zend_hash_merge
_zend_hash_quick_add_or_update
_zend_list_addref
_zend_list_delete
_zend_list_find
_zend_mem_block_size
_zend_mm_alloc
_zend_mm_block_size
_zend_mm_free
_zend_mm_realloc
_zend_ts_hash_add_or_update
_zend_ts_hash_index_update_or_next_insert
_zend_ts_hash_init
_zend_ts_hash_init_ex
_zend_ts_hash_quick_add_or_update
_zval_copy_ctor_func
_zval_dtor_func
_zval_internal_dtor
_zval_internal_ptr_dtor
_zval_ptr_dtor
add_assoc_bool_ex
add_assoc_double_ex
add_assoc_function
add_assoc_long_ex
add_assoc_null_ex
add_assoc_resource_ex
add_assoc_string_ex
add_assoc_stringl_ex
add_assoc_zval_ex
add_char_to_string
add_function
add_get_assoc_string_ex
add_get_assoc_stringl_ex
add_get_index_double
add_get_index_long
add_get_index_string
add_get_index_stringl
add_index_bool
add_index_double
add_index_long
add_index_null
add_index_resource
add_index_string
add_index_stringl
add_index_zval
add_next_index_bool
add_next_index_double
add_next_index_long
add_next_index_null
add_next_index_resource
add_next_index_string
add_next_index_stringl
add_next_index_zval
add_property_bool_ex
add_property_double_ex
add_property_long_ex
add_property_null_ex
add_property_resource_ex
add_property_string_ex
add_property_stringl_ex
add_property_zval_ex
add_string_to_string
adler32
ap_php_asprintf
ap_php_slprintf
ap_php_snprintf
ap_php_vasprintf
ap_php_vslprintf
ap_php_vsnprintf
arcfour_LTX__is_block_algorithm
arcfour_LTX__mcrypt_algorithm_version
arcfour_LTX__mcrypt_decrypt
arcfour_LTX__mcrypt_encrypt
arcfour_LTX__mcrypt_get_algo_iv_size
arcfour_LTX__mcrypt_get_algorithms_name
arcfour_LTX__mcrypt_get_block_size
arcfour_LTX__mcrypt_get_key_size
arcfour_LTX__mcrypt_get_size
arcfour_LTX__mcrypt_get_supported_key_sizes
arcfour_LTX__mcrypt_self_test
arcfour_LTX__mcrypt_set_key
attribute
attributeDecl
basic_globals_id
bitwise_and_function
bitwise_not_function
bitwise_or_function
bitwise_xor_function
blowfish_LTX__is_block_algorithm
blowfish_LTX__mcrypt_algorithm_version
blowfish_LTX__mcrypt_decrypt
blowfish_LTX__mcrypt_encrypt
blowfish_LTX__mcrypt_get_algorithms_name
blowfish_LTX__mcrypt_get_block_size
blowfish_LTX__mcrypt_get_key_size
blowfish_LTX__mcrypt_get_size
blowfish_LTX__mcrypt_get_supported_key_sizes
blowfish_LTX__mcrypt_self_test
blowfish_LTX__mcrypt_set_key
blowfish_compat_LTX__is_block_algorithm
blowfish_compat_LTX__mcrypt_algorithm_version
blowfish_compat_LTX__mcrypt_decrypt
blowfish_compat_LTX__mcrypt_encrypt
blowfish_compat_LTX__mcrypt_get_algorithms_name
blowfish_compat_LTX__mcrypt_get_block_size
blowfish_compat_LTX__mcrypt_get_key_size
blowfish_compat_LTX__mcrypt_get_size
blowfish_compat_LTX__mcrypt_get_supported_key_sizes
blowfish_compat_LTX__mcrypt_self_test
blowfish_compat_LTX__mcrypt_set_key
boolean_not_function
boolean_xor_function
call_user_function
call_user_function_ex
cast_128_LTX__is_block_algorithm
cast_128_LTX__mcrypt_algorithm_version
cast_128_LTX__mcrypt_decrypt
cast_128_LTX__mcrypt_encrypt
cast_128_LTX__mcrypt_get_algorithms_name
cast_128_LTX__mcrypt_get_block_size
cast_128_LTX__mcrypt_get_key_size
cast_128_LTX__mcrypt_get_size
cast_128_LTX__mcrypt_get_supported_key_sizes
cast_128_LTX__mcrypt_self_test
cast_128_LTX__mcrypt_set_key
cast_256_LTX__is_block_algorithm
cast_256_LTX__mcrypt_algorithm_version
cast_256_LTX__mcrypt_decrypt
cast_256_LTX__mcrypt_encrypt
cast_256_LTX__mcrypt_get_algorithms_name
cast_256_LTX__mcrypt_get_block_size
cast_256_LTX__mcrypt_get_key_size
cast_256_LTX__mcrypt_get_size
cast_256_LTX__mcrypt_get_supported_key_sizes
cast_256_LTX__mcrypt_self_test
cast_256_LTX__mcrypt_set_key
cdataBlock
cfg_get_double
cfg_get_entry
cfg_get_long
cfg_get_string
characters
checkNamespace
comment
compare_function
compile_file
compile_filename
compile_string
compiler_globals_id
compress
compress2
compressBound
concat_function
config_zval_dtor
convert_scalar_to_number
convert_to_array
convert_to_boolean
convert_to_double
convert_to_long
convert_to_long_base
convert_to_null
convert_to_object
core_globals_id
crc32
decrement_function
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
des_LTX__is_block_algorithm
des_LTX__mcrypt_algorithm_version
des_LTX__mcrypt_decrypt
des_LTX__mcrypt_encrypt
des_LTX__mcrypt_get_algorithms_name
des_LTX__mcrypt_get_block_size
des_LTX__mcrypt_get_key_size
des_LTX__mcrypt_get_size
des_LTX__mcrypt_get_supported_key_sizes
des_LTX__mcrypt_self_test
des_LTX__mcrypt_set_key
destroy_op_array
destroy_zend_class
destroy_zend_function
display_ini_entries
display_link_numbers
div_function
do_bind_class
do_bind_function
do_bind_inherited_class
docbCreateFileParserCtxt
docbCreatePushParserCtxt
docbDefaultSAXHandlerInit
docbEncodeEntities
docbFreeParserCtxt
docbParseChunk
docbParseDoc
docbParseDocument
docbParseFile
docbSAXParseDoc
docbSAXParseFile
dom_node_class_entry
dom_object_get_node
dummy_indent
elementDecl
empty_fcall_info
empty_fcall_info_cache
endDocument
endElement
end_mcrypt
enigma_LTX__is_block_algorithm
enigma_LTX__mcrypt_algorithm_version
enigma_LTX__mcrypt_decrypt
enigma_LTX__mcrypt_encrypt
enigma_LTX__mcrypt_get_algo_iv_size
enigma_LTX__mcrypt_get_algorithms_name
enigma_LTX__mcrypt_get_block_size
enigma_LTX__mcrypt_get_key_size
enigma_LTX__mcrypt_get_size
enigma_LTX__mcrypt_get_supported_key_sizes
enigma_LTX__mcrypt_self_test
enigma_LTX__mcrypt_set_key
entityDecl
execute
execute_internal
executor_globals_id
expand_filepath
expand_filepath_ex
externalSubset
file_globals_id
file_handle_dtor
flock
fnmatch
free_estring
function_add_ref
gc_collect_cycles
gc_globals_ctor
gc_globals_dtor
gc_globals_id
gc_init
gc_remove_zval_from_buffer
gc_reset
gc_zobj_possible_root
gc_zval_possible_root
getColumnNumber
getEntity
getLineNumber
getNamespace
getParameterEntity
getPublicId
getSystemId
get_active_class_name
get_active_function_name
get_binary_op
get_crc_table
get_timezone_info
get_unary_op
get_zend_version
gettimeofday
glob
globalNamespace
globfree
gost_LTX__is_block_algorithm
gost_LTX__mcrypt_algorithm_version

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zeus-translation/bin/bt.exe
.exe windows:5 windows x64 arch:x64

d33a615bba480e545970a0c8765514fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE

Imports

kernel32

SetFilePointerEx
HeapFree
GetProcessHeap
IsBadReadPtr
WriteFile
GetConsoleMode
WriteConsoleW
CreateFileW
HeapAlloc
GetStdHandle
GetFileType
CreateFileMappingW
CloseHandle
LocalFree
ExitProcess
GetCommandLineW
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
HeapReAlloc
GetFileSizeEx

shlwapi

PathFindFileNameW
wvnsprintfW
StrChrW
PathUnquoteSpacesW

shell32

CommandLineToArgvW

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zeus-translation/bin/upx.exe
Zeus-translation/config.ini
Zeus-translation/configs/buildtools/config
Zeus-translation/configs/debug/config
Zeus-translation/configs/default/config
Zeus-translation/configs/full/config
Zeus-translation/geobase/GeoIPCountryWhois.csv
Zeus-translation/geobase/convert_maxmind_country.php
Zeus-translation/geobase/country[maxmind].txt
Zeus-translation/include/X11/keysymdef.h
Zeus-translation/include/imnact.h
Zeus-translation/include/iregexp2.h
Zeus-translation/include/mimeole.h
Zeus-translation/include/msoeapi.h
Zeus-translation/lib/x32/lde32.lib
Zeus-translation/lib/x32/ntdll.lib
Zeus-translation/lib/x64/lde64.lib
Zeus-translation/lib/x64/ntdll.lib
Zeus-translation/make.cmd
Zeus-translation/make/baseconfig.inc.php
Zeus-translation/make/buildconfig.inc.php
Zeus-translation/make/configsample.inc.php
Zeus-translation/make/installdata.inc.php
Zeus-translation/make/make.php
Zeus-translation/make/make.vcxproj
Zeus-translation/make/make.vcxproj.user
Zeus-translation/make/tools.inc.php
.ps1
Zeus-translation/make_debug.cmd
Zeus-translation/make_default.cmd
Zeus-translation/make_full.cmd
Zeus-translation/manual_en.html
.html
Zeus-translation/manual_ru.html
.html
Zeus-translation/output/builder/bot.exe.txt
.exe windows:5 windows x86 arch:x86

1c2489367a741a394ef5f46c06397c1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
WaitForMultipleObjects
lstrcmpiW
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
LocalFree
GetSystemTime
WriteProcessMemory
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
GetCurrentThreadId
ExitProcess
SetEvent
lstrcmpiA
WTSGetActiveConsoleSessionId
CreateEventW
MapViewOfFile
WriteFile
SetThreadPriority
VirtualProtectEx
TlsAlloc
TlsFree
GetFileAttributesExW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetLocalTime
ResetEvent
TlsGetValue
TlsSetValue
TerminateProcess
MoveFileExW
GetModuleFileNameW
GetUserDefaultUILanguage
GetThreadContext
SetThreadContext
GetProcessId
GetNativeSystemInfo
GetVersionExW
GetCommandLineW
SetErrorMode
GetComputerNameW
OpenEventW
DuplicateHandle
GetCurrentProcessId
VirtualQueryEx
SetFileTime
VirtualAlloc
GetProcAddress
SetLastError
GetLastError
OpenMutexW
GetFileSizeEx
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
IsBadReadPtr
GetProcessHeap
CreateFileW
GetTimeZoneInformation
ReadFile
Thread32Next
GetFileAttributesW
HeapCreate
HeapDestroy
ReadProcessMemory
Sleep
LoadLibraryW
WideCharToMultiByte
CreateFileMappingW
Thread32First
VirtualFree
GetCurrentThread
GetModuleHandleW
CreateDirectoryW
HeapFree
SetFilePointerEx
SystemTimeToFileTime
HeapAlloc
CreateProcessW
FreeLibrary
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
WaitForSingleObject
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
UnmapViewOfFile
GlobalLock

user32

OpenInputDesktop
MenuItemFromPoint
GetMenu
RegisterClassExW
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
PostThreadMessageW
DefMDIChildProcA
HiliteMenuItem
DefFrameProcA
SendMessageW
CallWindowProcA
EndMenu
CallWindowProcW
DefWindowProcW
DefFrameProcW
GetWindowThreadProcessId
GetMessageW
GetShellWindow
CharLowerW
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
GetSystemMetrics
MapVirtualKeyW
GetUpdateRgn
CharLowerBuffA
ExitWindowsEx
FillRect
DrawEdge
IntersectRect
EqualRect
PrintWindow
GetWindowRect
PostMessageW
GetParent
GetWindowInfo
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
MapWindowPoints
IsRectEmpty
DrawIcon
GetIconInfo
EndPaint
GetWindowDC
SetCapture
GetSubMenu
BeginPaint
GetMessageA
RegisterClassW
GetUpdateRect
DefDlgProcW
SetCursorPos
GetDCEx
ToUnicode
GetClipboardData
PeekMessageA
GetCursorPos
ReleaseCapture
GetMessagePos
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharToOemW
GetDC
GetWindowLongW
CharLowerA
RegisterClassExA
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
RegisterClassA
GetKeyboardState
TranslateMessage
DispatchMessageW
GetWindow
SendMessageTimeoutW
SetWindowLongW
CharUpperW
ReleaseDC
PeekMessageW
GetCapture

advapi32

GetLengthSid
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
EqualSid
RegEnumKeyExW
InitiateSystemShutdownExW
ConvertSidToStringSidW
IsWellKnownSid

shlwapi

wvnsprintfW
PathQuoteSpacesW
PathIsURLW
PathRenameExtensionW
StrStrIW
StrStrIA
StrCmpNIW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
UrlUnescapeA

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

RestoreDC
SaveDC
DeleteDC
GdiFlush
SetViewportOrgEx
SelectObject
CreateCompatibleDC
CreateDIBSection
GetDeviceCaps
GetDIBits
DeleteObject
SetRectRgn
CreateCompatibleBitmap

ws2_32

WSASetLastError
freeaddrinfo
socket
bind
recv
setsockopt
shutdown
getsockname
getpeername
recvfrom
sendto
WSASend
WSAEventSelect
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
closesocket
send
listen
accept
WSAGetLastError

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpAddRequestHeadersA
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zeus-translation/output/builder/config.bin
Zeus-translation/output/builder/config.txt
Zeus-translation/output/builder/webinjects.txt
.js
Zeus-translation/output/builder/zsb.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zeus-translation/output/client32.bin
.exe windows:5 windows x86 arch:x86

1c2489367a741a394ef5f46c06397c1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
WaitForMultipleObjects
lstrcmpiW
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
LocalFree
GetSystemTime
WriteProcessMemory
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
GetCurrentThreadId
ExitProcess
SetEvent
lstrcmpiA
WTSGetActiveConsoleSessionId
CreateEventW
MapViewOfFile
WriteFile
SetThreadPriority
VirtualProtectEx
TlsAlloc
TlsFree
GetFileAttributesExW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetLocalTime
ResetEvent
TlsGetValue
TlsSetValue
TerminateProcess
MoveFileExW
GetModuleFileNameW
GetUserDefaultUILanguage
GetThreadContext
SetThreadContext
GetProcessId
GetNativeSystemInfo
GetVersionExW
GetCommandLineW
SetErrorMode
GetComputerNameW
OpenEventW
DuplicateHandle
GetCurrentProcessId
VirtualQueryEx
SetFileTime
VirtualAlloc
GetProcAddress
SetLastError
GetLastError
OpenMutexW
GetFileSizeEx
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
IsBadReadPtr
GetProcessHeap
CreateFileW
GetTimeZoneInformation
ReadFile
Thread32Next
GetFileAttributesW
HeapCreate
HeapDestroy
ReadProcessMemory
Sleep
LoadLibraryW
WideCharToMultiByte
CreateFileMappingW
Thread32First
VirtualFree
GetCurrentThread
GetModuleHandleW
CreateDirectoryW
HeapFree
SetFilePointerEx
SystemTimeToFileTime
HeapAlloc
CreateProcessW
FreeLibrary
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
WaitForSingleObject
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
UnmapViewOfFile
GlobalLock

user32

OpenInputDesktop
MenuItemFromPoint
GetMenu
RegisterClassExW
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
PostThreadMessageW
DefMDIChildProcA
HiliteMenuItem
DefFrameProcA
SendMessageW
CallWindowProcA
EndMenu
CallWindowProcW
DefWindowProcW
DefFrameProcW
GetWindowThreadProcessId
GetMessageW
GetShellWindow
CharLowerW
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
GetSystemMetrics
MapVirtualKeyW
GetUpdateRgn
CharLowerBuffA
ExitWindowsEx
FillRect
DrawEdge
IntersectRect
EqualRect
PrintWindow
GetWindowRect
PostMessageW
GetParent
GetWindowInfo
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
MapWindowPoints
IsRectEmpty
DrawIcon
GetIconInfo
EndPaint
GetWindowDC
SetCapture
GetSubMenu
BeginPaint
GetMessageA
RegisterClassW
GetUpdateRect
DefDlgProcW
SetCursorPos
GetDCEx
ToUnicode
GetClipboardData
PeekMessageA
GetCursorPos
ReleaseCapture
GetMessagePos
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharToOemW
GetDC
GetWindowLongW
CharLowerA
RegisterClassExA
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
RegisterClassA
GetKeyboardState
TranslateMessage
DispatchMessageW
GetWindow
SendMessageTimeoutW
SetWindowLongW
CharUpperW
ReleaseDC
PeekMessageW
GetCapture

advapi32

GetLengthSid
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
EqualSid
RegEnumKeyExW
InitiateSystemShutdownExW
ConvertSidToStringSidW
IsWellKnownSid

shlwapi

wvnsprintfW
PathQuoteSpacesW
PathIsURLW
PathRenameExtensionW
StrStrIW
StrStrIA
StrCmpNIW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
UrlUnescapeA

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

RestoreDC
SaveDC
DeleteDC
GdiFlush
SetViewportOrgEx
SelectObject
CreateCompatibleDC
CreateDIBSection
GetDeviceCaps
GetDIBits
DeleteObject
SetRectRgn
CreateCompatibleBitmap

ws2_32

WSASetLastError
freeaddrinfo
socket
bind
recv
setsockopt
shutdown
getsockname
getpeername
recvfrom
sendto
WSASend
WSAEventSelect
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
closesocket
send
listen
accept
WSAGetLastError

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpAddRequestHeadersA
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zeus-translation/output/config
Zeus-translation/output/other/redir.php
Zeus-translation/output/other/sockslist.php
Zeus-translation/output/server/zsbcs.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Zeus-translation/output/server[php]/cp.php
.js
Zeus-translation/output/server[php]/gate.php
Zeus-translation/output/server[php]/install/geobase.txt
Zeus-translation/output/server[php]/install/index.php
Zeus-translation/output/server[php]/system/.htaccess
Zeus-translation/output/server[php]/system/botnet_bots.lng.en.php
Zeus-translation/output/server[php]/system/botnet_bots.lng.ru.php
Zeus-translation/output/server[php]/system/botnet_bots.php
Zeus-translation/output/server[php]/system/botnet_scripts.lng.en.php
Zeus-translation/output/server[php]/system/botnet_scripts.lng.ru.php
Zeus-translation/output/server[php]/system/botnet_scripts.php
Zeus-translation/output/server[php]/system/fsarc.php
Zeus-translation/output/server[php]/system/global.php
Zeus-translation/output/server[php]/system/jabberclass.php
.js
Zeus-translation/output/server[php]/system/lng.en.php
Zeus-translation/output/server[php]/system/lng.ru.php
Zeus-translation/output/server[php]/system/reports_db.lng.en.php
Zeus-translation/output/server[php]/system/reports_db.lng.ru.php
Zeus-translation/output/server[php]/system/reports_db.php
.js
Zeus-translation/output/server[php]/system/reports_files.lng.en.php
Zeus-translation/output/server[php]/system/reports_files.lng.ru.php
Zeus-translation/output/server[php]/system/reports_files.php
.js
Zeus-translation/output/server[php]/system/reports_jn.lng.en.php
Zeus-translation/output/server[php]/system/reports_jn.lng.ru.php
Zeus-translation/output/server[php]/system/reports_jn.php
Zeus-translation/output/server[php]/system/stats_main.lng.en.php
Zeus-translation/output/server[php]/system/stats_main.lng.ru.php
Zeus-translation/output/server[php]/system/stats_main.php
Zeus-translation/output/server[php]/system/stats_os.lng.en.php
Zeus-translation/output/server[php]/system/stats_os.lng.ru.php
Zeus-translation/output/server[php]/system/stats_os.php
Zeus-translation/output/server[php]/system/sys_info.lng.en.php
Zeus-translation/output/server[php]/system/sys_info.lng.ru.php
Zeus-translation/output/server[php]/system/sys_info.php
Zeus-translation/output/server[php]/system/sys_options.lng.en.php
Zeus-translation/output/server[php]/system/sys_options.lng.ru.php
Zeus-translation/output/server[php]/system/sys_options.php
Zeus-translation/output/server[php]/system/sys_user.lng.en.php
Zeus-translation/output/server[php]/system/sys_user.lng.ru.php
Zeus-translation/output/server[php]/system/sys_user.php
Zeus-translation/output/server[php]/system/sys_users.lng.en.php
Zeus-translation/output/server[php]/system/sys_users.lng.ru.php
Zeus-translation/output/server[php]/system/sys_users.php
Zeus-translation/output/server[php]/theme/failed.png
.png
Zeus-translation/output/server[php]/theme/footer.html
Zeus-translation/output/server[php]/theme/header.html
.html
Zeus-translation/output/server[php]/theme/index.php
.ps1
Zeus-translation/output/server[php]/theme/popupmenu.js
.js
Zeus-translation/output/server[php]/theme/small.html
.html
Zeus-translation/output/server[php]/theme/style.css
Zeus-translation/output/server[php]/theme/throbber.gif
.gif
Zeus-translation/source/bcserver/bcserver.vcxproj
Zeus-translation/source/bcserver/bcserver.vcxproj.user
Zeus-translation/source/bcserver/common.cpp
Zeus-translation/source/bcserver/core.cpp
Zeus-translation/source/bcserver/core.h
Zeus-translation/source/bcserver/defines.h
Zeus-translation/source/bcserver/language.h
Zeus-translation/source/bcserver/listen.cpp
Zeus-translation/source/builder/buildbot.cpp
Zeus-translation/source/builder/buildbot.h
Zeus-translation/source/builder/buildconfig.cpp
Zeus-translation/source/builder/buildconfig.h
Zeus-translation/source/builder/builder.cpp
Zeus-translation/source/builder/builder.vcxproj
Zeus-translation/source/builder/builder.vcxproj.user
Zeus-translation/source/builder/clients.h
Zeus-translation/source/builder/common.cpp
Zeus-translation/source/builder/defines.h
Zeus-translation/source/builder/info.cpp
Zeus-translation/source/builder/languages.cpp
Zeus-translation/source/builder/languages.h
Zeus-translation/source/builder/main.cpp
Zeus-translation/source/builder/main.h
Zeus-translation/source/builder/resources/cuimanifest.xml
.xml
Zeus-translation/source/builder/resources/guimanifest.xml
.xml
Zeus-translation/source/builder/resources/main.ico
Zeus-translation/source/builder/resources/main[original].ico
Zeus-translation/source/builder/resources/resources.aps
Zeus-translation/source/builder/resources/resources.h
Zeus-translation/source/builder/resources/resources.rc
Zeus-translation/source/builder/settings.cpp
Zeus-translation/source/builder/tools.cpp
Zeus-translation/source/builder/tools.h
Zeus-translation/source/buildtools/buildtools.vcxproj
Zeus-translation/source/buildtools/buildtools.vcxproj.user
Zeus-translation/source/buildtools/common.cpp
Zeus-translation/source/buildtools/core.cpp
Zeus-translation/source/buildtools/core.h
Zeus-translation/source/buildtools/defines.h
Zeus-translation/source/buildtools/language.h
Zeus-translation/source/buildtools/peinfo.cpp
Zeus-translation/source/buildtools/ror13.cpp
Zeus-translation/source/client/backconnectbot.cpp
Zeus-translation/source/client/backconnectbot.h
Zeus-translation/source/client/certstorehook.cpp
Zeus-translation/source/client/certstorehook.h
Zeus-translation/source/client/client.vcxproj
Zeus-translation/source/client/client.vcxproj.user
Zeus-translation/source/client/common.cpp
Zeus-translation/source/client/core.cpp
Zeus-translation/source/client/core.h
Zeus-translation/source/client/corecontrol.cpp
Zeus-translation/source/client/corecontrol.h
Zeus-translation/source/client/corehook.cpp
Zeus-translation/source/client/corehook.h
Zeus-translation/source/client/coreinject.cpp
Zeus-translation/source/client/coreinject.h
Zeus-translation/source/client/coreinstall.cpp
Zeus-translation/source/client/coreinstall.h
Zeus-translation/source/client/cryptedstrings.cpp
Zeus-translation/source/client/cryptedstrings.h
Zeus-translation/source/client/cryptedstrings.txt
Zeus-translation/source/client/defines.h
Zeus-translation/source/client/dynamicconfig.cpp
Zeus-translation/source/client/dynamicconfig.h
Zeus-translation/source/client/filesearch.cpp
Zeus-translation/source/client/filesearch.h
Zeus-translation/source/client/httpgrabber.cpp
Zeus-translation/source/client/httpgrabber.h
Zeus-translation/source/client/localconfig.cpp
Zeus-translation/source/client/localconfig.h
Zeus-translation/source/client/localsettings.cpp
Zeus-translation/source/client/localsettings.h
Zeus-translation/source/client/nspr4hook.cpp
Zeus-translation/source/client/nspr4hook.h
Zeus-translation/source/client/osenv.cpp
Zeus-translation/source/client/osenv.h
Zeus-translation/source/client/remotescript.cpp
Zeus-translation/source/client/remotescript.h
Zeus-translation/source/client/report.cpp
Zeus-translation/source/client/report.h
Zeus-translation/source/client/screenshot.cpp
Zeus-translation/source/client/screenshot.h
Zeus-translation/source/client/sockethook.cpp
Zeus-translation/source/client/sockethook.h
Zeus-translation/source/client/socks5server.cpp
Zeus-translation/source/client/socks5server.h
Zeus-translation/source/client/softwaregrabber.cpp
Zeus-translation/source/client/softwaregrabber.h
Zeus-translation/source/client/tcpserver.cpp
Zeus-translation/source/client/tcpserver.h
Zeus-translation/source/client/userhook.cpp
Zeus-translation/source/client/userhook.h
Zeus-translation/source/client/vnc/defines.h
Zeus-translation/source/client/vnc/rfb.cpp
Zeus-translation/source/client/vnc/rfb.h
Zeus-translation/source/client/vnc/vnckeyboard.cpp
Zeus-translation/source/client/vnc/vncmouse.cpp
Zeus-translation/source/client/vnc/vncpaint.cpp
Zeus-translation/source/client/vnc/vncserver.cpp
Zeus-translation/source/client/vnc/vncserver.h
Zeus-translation/source/client/winapitables.cpp
Zeus-translation/source/client/winapitables.h
Zeus-translation/source/client/windowstation.cpp
Zeus-translation/source/client/windowstation.h
Zeus-translation/source/client/wininethook.cpp
Zeus-translation/source/client/wininethook.h
Zeus-translation/source/common/backconnect.cpp
Zeus-translation/source/common/backconnect.h
Zeus-translation/source/common/baseoverlay.cpp
Zeus-translation/source/common/baseoverlay.h
Zeus-translation/source/common/binstorage.cpp
Zeus-translation/source/common/binstorage.h
Zeus-translation/source/common/botstatus.h
Zeus-translation/source/common/comlibrary.cpp
Zeus-translation/source/common/comlibrary.h
Zeus-translation/source/common/common.vcxproj
Zeus-translation/source/common/common.vcxproj.user
Zeus-translation/source/common/config.h
Zeus-translation/source/common/config0.cpp
Zeus-translation/source/common/config0.h
Zeus-translation/source/common/config1.cpp
Zeus-translation/source/common/config1.h
Zeus-translation/source/common/console.cpp
Zeus-translation/source/common/console.h
Zeus-translation/source/common/crypt.cpp
Zeus-translation/source/common/crypt.h
Zeus-translation/source/common/cui.cpp
Zeus-translation/source/common/cui.h
Zeus-translation/source/common/cui[en].h
Zeus-translation/source/common/debug.cpp
Zeus-translation/source/common/debug.h
Zeus-translation/source/common/defines.h
Zeus-translation/source/common/defines.php
Zeus-translation/source/common/disasm.cpp
Zeus-translation/source/common/disasm.h
Zeus-translation/source/common/fs.cpp
Zeus-translation/source/common/fs.h
Zeus-translation/source/common/gdi.cpp
Zeus-translation/source/common/gdi.h
Zeus-translation/source/common/generateddata.h
Zeus-translation/source/common/gui.cpp
Zeus-translation/source/common/gui.h
Zeus-translation/source/common/httpinject.cpp
Zeus-translation/source/common/httpinject.h
Zeus-translation/source/common/httptools.cpp
Zeus-translation/source/common/httptools.h
Zeus-translation/source/common/malwaretools.cpp
Zeus-translation/source/common/malwaretools.h
Zeus-translation/source/common/math.cpp
Zeus-translation/source/common/math.h
Zeus-translation/source/common/mem.cpp
Zeus-translation/source/common/mem.h
Zeus-translation/source/common/mscab.cpp
Zeus-translation/source/common/mscab.h
Zeus-translation/source/common/ntdll.h
Zeus-translation/source/common/peimage.cpp
Zeus-translation/source/common/peimage.h
Zeus-translation/source/common/process.cpp
Zeus-translation/source/common/process.h
Zeus-translation/source/common/registry.cpp
Zeus-translation/source/common/registry.h
Zeus-translation/source/common/sslsocket.cpp
Zeus-translation/source/common/sslsocket.h
Zeus-translation/source/common/str.cpp
Zeus-translation/source/common/str.h
Zeus-translation/source/common/sync.cpp
Zeus-translation/source/common/sync.h
Zeus-translation/source/common/threadsgroup.cpp
Zeus-translation/source/common/threadsgroup.h
Zeus-translation/source/common/time.cpp
Zeus-translation/source/common/time.h
Zeus-translation/source/common/ucl.cpp
Zeus-translation/source/common/ucl.h
Zeus-translation/source/common/wahook.cpp
Zeus-translation/source/common/wahook.h
Zeus-translation/source/common/wininet.cpp
Zeus-translation/source/common/wininet.h
Zeus-translation/source/common/winsecurity.cpp
Zeus-translation/source/common/winsecurity.h
Zeus-translation/source/common/wsocket.cpp
Zeus-translation/source/common/wsocket.h
Zeus-translation/source/common/xmlparser.cpp
Zeus-translation/source/common/xmlparser.h
Zeus-translation/source/other/httpinjects/bankofamerica.txt
Zeus-translation/source/other/httpinjects/paypal.txt
Zeus-translation/source/other/httpinjects/usaa.txt
Zeus-translation/source/other/redir.php
Zeus-translation/source/other/sockslist.php
Zeus-translation/source/other/webinjects.txt
.js
Zeus-translation/source/other/zip.exe
.exe windows:4 windows x86 arch:x86

1665839200a65d025db1cbab5f8050be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetSecurityDescriptorLength
GetKernelObjectSecurity

kernel32

GetVolumeInformationA
GetFileAttributesA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
CloseHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetVersion
GetFileType
GetFileTime
ReadFile
SetConsoleMode
GetConsoleMode
FindNextFileA
GetLastError
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
InterlockedExchange
CreateMutexA
lstrcpynA
GetDriveTypeA
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
MultiByteToWideChar
MoveFileA
SetStdHandle
HeapReAlloc
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetFilePointer
SetHandleCount
GetStdHandle
GetStartupInfoA
WriteFile
FlushFileBuffers
WideCharToMultiByte
UnhandledExceptionFilter
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetEndOfFile
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
VirtualProtect
GetSystemInfo
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryA
RtlUnwind
LCMapStringA
LCMapStringW
GetLocaleInfoW
DeleteFileA
SetFileAttributesA
GetFileInformationByHandle
PeekNamedPipe
RemoveDirectoryA
SetEnvironmentVariableW
GetCurrentDirectoryA
GetExitCodeProcess
CreateProcessA

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Zeus-translation/source/server[php]/cp.php
.js
Zeus-translation/source/server[php]/gate.php
Zeus-translation/source/server[php]/install/index.php
Zeus-translation/source/server[php]/server.vcxproj
Zeus-translation/source/server[php]/server.vcxproj.user
Zeus-translation/source/server[php]/system/.htaccess
Zeus-translation/source/server[php]/system/botnet_bots.lng.en.php
Zeus-translation/source/server[php]/system/botnet_bots.lng.ru.php
Zeus-translation/source/server[php]/system/botnet_bots.php
Zeus-translation/source/server[php]/system/botnet_scripts.lng.en.php
Zeus-translation/source/server[php]/system/botnet_scripts.lng.ru.php
Zeus-translation/source/server[php]/system/botnet_scripts.php
Zeus-translation/source/server[php]/system/fsarc.php
Zeus-translation/source/server[php]/system/global.php
Zeus-translation/source/server[php]/system/jabberclass.php
.js
Zeus-translation/source/server[php]/system/lng.en.php
Zeus-translation/source/server[php]/system/lng.ru.php
Zeus-translation/source/server[php]/system/reports_db.lng.en.php
Zeus-translation/source/server[php]/system/reports_db.lng.ru.php
Zeus-translation/source/server[php]/system/reports_db.php
.js
Zeus-translation/source/server[php]/system/reports_files.lng.en.php
Zeus-translation/source/server[php]/system/reports_files.lng.ru.php
Zeus-translation/source/server[php]/system/reports_files.php
.js
Zeus-translation/source/server[php]/system/reports_jn.lng.en.php
Zeus-translation/source/server[php]/system/reports_jn.lng.ru.php
Zeus-translation/source/server[php]/system/reports_jn.php
Zeus-translation/source/server[php]/system/stats_main.lng.en.php
Zeus-translation/source/server[php]/system/stats_main.lng.ru.php
Zeus-translation/source/server[php]/system/stats_main.php
Zeus-translation/source/server[php]/system/stats_os.lng.en.php
Zeus-translation/source/server[php]/system/stats_os.lng.ru.php
Zeus-translation/source/server[php]/system/stats_os.php
Zeus-translation/source/server[php]/system/sys_info.lng.en.php
Zeus-translation/source/server[php]/system/sys_info.lng.ru.php
Zeus-translation/source/server[php]/system/sys_info.php
Zeus-translation/source/server[php]/system/sys_options.lng.en.php
Zeus-translation/source/server[php]/system/sys_options.lng.ru.php
Zeus-translation/source/server[php]/system/sys_options.php
Zeus-translation/source/server[php]/system/sys_user.lng.en.php
Zeus-translation/source/server[php]/system/sys_user.lng.ru.php
Zeus-translation/source/server[php]/system/sys_user.php
Zeus-translation/source/server[php]/system/sys_users.lng.en.php
Zeus-translation/source/server[php]/system/sys_users.lng.ru.php
Zeus-translation/source/server[php]/system/sys_users.php
Zeus-translation/source/server[php]/theme/failed.png
.png
Zeus-translation/source/server[php]/theme/footer.html
Zeus-translation/source/server[php]/theme/header.html
.html
Zeus-translation/source/server[php]/theme/index.php
.ps1
Zeus-translation/source/server[php]/theme/popupmenu.js
.js
Zeus-translation/source/server[php]/theme/small.html
.html
Zeus-translation/source/server[php]/theme/style.css
Zeus-translation/source/server[php]/theme/throbber.gif
.gif
Zeus-translation/temp/bcserver/win32/bcserver.map
Zeus-translation/temp/bcserver/win32/common.obj
Zeus-translation/temp/bcserver/win32/core.obj
Zeus-translation/temp/bcserver/win32/listen.obj
Zeus-translation/temp/builder/win32/0.res
Zeus-translation/temp/builder/win32/buildbot.obj
Zeus-translation/temp/builder/win32/buildconfig.obj
Zeus-translation/temp/builder/win32/builder.map
Zeus-translation/temp/builder/win32/builder.obj
Zeus-translation/temp/builder/win32/common.obj
Zeus-translation/temp/builder/win32/info.obj
Zeus-translation/temp/builder/win32/languages.obj
Zeus-translation/temp/builder/win32/main.obj
Zeus-translation/temp/builder/win32/settings.obj
Zeus-translation/temp/builder/win32/tools.obj
Zeus-translation/temp/client/win32/backconnectbot.obj
Zeus-translation/temp/client/win32/certstorehook.obj
Zeus-translation/temp/client/win32/client.map
Zeus-translation/temp/client/win32/common.obj
Zeus-translation/temp/client/win32/core.obj
Zeus-translation/temp/client/win32/corecontrol.obj
Zeus-translation/temp/client/win32/corehook.obj
Zeus-translation/temp/client/win32/coreinject.obj
Zeus-translation/temp/client/win32/coreinstall.obj
Zeus-translation/temp/client/win32/cryptedstrings.obj
Zeus-translation/temp/client/win32/dynamicconfig.obj
Zeus-translation/temp/client/win32/filesearch.obj
Zeus-translation/temp/client/win32/httpgrabber.obj
Zeus-translation/temp/client/win32/localconfig.obj
Zeus-translation/temp/client/win32/localsettings.obj
Zeus-translation/temp/client/win32/nspr4hook.obj
Zeus-translation/temp/client/win32/osenv.obj
Zeus-translation/temp/client/win32/remotescript.obj
Zeus-translation/temp/client/win32/report.obj
Zeus-translation/temp/client/win32/rfb.obj
Zeus-translation/temp/client/win32/screenshot.obj
Zeus-translation/temp/client/win32/sockethook.obj
Zeus-translation/temp/client/win32/socks5server.obj
Zeus-translation/temp/client/win32/softwaregrabber.obj
Zeus-translation/temp/client/win32/tcpserver.obj
Zeus-translation/temp/client/win32/userhook.obj
Zeus-translation/temp/client/win32/vnckeyboard.obj
Zeus-translation/temp/client/win32/vncmouse.obj
Zeus-translation/temp/client/win32/vncpaint.obj
Zeus-translation/temp/client/win32/vncserver.obj
Zeus-translation/temp/client/win32/winapitables.obj
Zeus-translation/temp/client/win32/windowstation.obj
Zeus-translation/temp/client/win32/wininethook.obj
Zeus-translation/temp/server/php/botnet_bots.lng.en.php
Zeus-translation/temp/server/php/botnet_bots.lng.ru.php
Zeus-translation/temp/server/php/botnet_bots.php
Zeus-translation/temp/server/php/botnet_scripts.lng.en.php
Zeus-translation/temp/server/php/botnet_scripts.lng.ru.php
Zeus-translation/temp/server/php/botnet_scripts.php
Zeus-translation/temp/server/php/cp.php
.js
Zeus-translation/temp/server/php/fsarc.php
Zeus-translation/temp/server/php/gate.php
Zeus-translation/temp/server/php/global.php
Zeus-translation/temp/server/php/index.php
.ps1
Zeus-translation/temp/server/php/jabberclass.php
.js
Zeus-translation/temp/server/php/lng.en.php
Zeus-translation/temp/server/php/lng.ru.php
Zeus-translation/temp/server/php/reports_db.lng.en.php
Zeus-translation/temp/server/php/reports_db.lng.ru.php
Zeus-translation/temp/server/php/reports_db.php
.js
Zeus-translation/temp/server/php/reports_files.lng.en.php
Zeus-translation/temp/server/php/reports_files.lng.ru.php
Zeus-translation/temp/server/php/reports_files.php
.js
Zeus-translation/temp/server/php/reports_jn.lng.en.php
Zeus-translation/temp/server/php/reports_jn.lng.ru.php
Zeus-translation/temp/server/php/reports_jn.php
Zeus-translation/temp/server/php/stats_main.lng.en.php
Zeus-translation/temp/server/php/stats_main.lng.ru.php
Zeus-translation/temp/server/php/stats_main.php
Zeus-translation/temp/server/php/stats_os.lng.en.php
Zeus-translation/temp/server/php/stats_os.lng.ru.php
Zeus-translation/temp/server/php/stats_os.php
Zeus-translation/temp/server/php/sys_info.lng.en.php
Zeus-translation/temp/server/php/sys_info.lng.ru.php
Zeus-translation/temp/server/php/sys_info.php
Zeus-translation/temp/server/php/sys_options.lng.en.php
Zeus-translation/temp/server/php/sys_options.lng.ru.php
Zeus-translation/temp/server/php/sys_options.php
Zeus-translation/temp/server/php/sys_user.lng.en.php
Zeus-translation/temp/server/php/sys_user.lng.ru.php
Zeus-translation/temp/server/php/sys_user.php
Zeus-translation/temp/server/php/sys_users.lng.en.php
Zeus-translation/temp/server/php/sys_users.lng.ru.php
Zeus-translation/temp/server/php/sys_users.php
Zeus-translation/zeus.sln
Zeus-translation/zeus.suo

Sharing

General

Malware Config

Signatures

Files

709c92fb1b0d51e4048409976b042040

Headers

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 784B

Headers

File Characteristics

Sections

.flat Size: 75KB - Virtual size: 99KB

.idata Size: 512B - Virtual size: 335B

.reloc Size: 6KB - Virtual size: 6KB

b6d41ebff66fba14f264a62b8d85d1f7

Headers

File Characteristics

PDB Paths

Imports

php5ts

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

c4d02a32d173be5d55235fb80fe4e154

Headers

File Characteristics

PDB Paths

Imports

php5ts

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 192KB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 49KB - Virtual size: 49KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

5af692a0f71e5fb37b8bdf52b32ca41c

Headers

File Characteristics

PDB Paths

Imports

php5ts

ws2_32

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 972B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

9a1aeacaaf3dd30c0ecbbdbcfb91d07f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 784B

.flat
Size: 75KB - Virtual size: 99KB

.idata
Size: 512B - Virtual size: 335B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 192KB - Virtual size: 192KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 49KB - Virtual size: 49KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 972B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 32KB - Virtual size: 148KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 190KB - Virtual size: 190KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 228B

.text
Size: 129KB - Virtual size: 129KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 5KB