29a-5[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29a-5.zip
Size

2.7MB
MD5

d0ec6ce4b055cbd36aac1d47929d69aa
SHA1

fa651756125b5676cff3335e4a1ccad2738ff345
SHA256

12a75b0aeb21b2dd4f2b121033d740adabf59593b676dc5c36f2894c1bcec305
SHA512

225d4cc05a4f38063d7cebb1870839164ccc628ccc62f74974641b72875858311498b642335999fefc26e58005b63b2d8995f291b2488749f38b209c89969736
SSDEEP

49152:2r1559c/EiYqcCT4jTSHdxOsDKbblSOjDexagc6Iy6X4uekmK9d4Tu4h:e35i/Eoh4jwqP0OsapXy6X69Ka

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/29AIntro.exe	upx

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/29A-5.EXE
unpack001/29AIntro.exe
unpack001/Binaries/Black Jack/Demiurg/demiurg.EXE
unpack001/Binaries/Bumblebee/Noise/Noise.exe
unpack001/Binaries/GriYo/Dengue/Dengue.exe
unpack003/RELEASE/CALLGATE.DLL
unpack003/RELEASE/CALLGATE.SYS
unpack003/RELEASE/CGATEAPP.EXE
unpack001/Binaries/Nemo/r0bin-&-m4rian/associate-nt4.exe
unpack001/Binaries/Nemo/r0bin-&-m4rian/associate-w2k.exe
unpack001/Binaries/Prizzy/Dream/Dream.exe
unpack001/Binaries/Super/Repus/Repus.exe
unpack001/XAUDIO.DLL

Files

29a-5.zip
.zip
29A-5.EXE
.exe windows:4 windows x86 arch:x86

da2a0f202827770c648a543d3dcd8ce5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xaudio

control_message_send
control_win32_params_to_message
player_new
player_delete
xaudio_get_api_version

kernel32

GetFileSize
VirtualFree
CreateFileA
VirtualAlloc
CloseHandle
ReadFile
OpenFile
GetPrivateProfileIntA
lstrcpyA
GetPrivateProfileStringA
GetModuleHandleA
LoadLibraryA
GetCurrentDirectoryA
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
GetLastError
WriteFile
GetFileType
GetStdHandle
SetHandleCount
HeapFree
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
GetProcAddress
TerminateProcess
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapAlloc

user32

KillTimer
DefWindowProcA
GetWindowLongA
GetClientRect
SetFocus
TranslateMessage
DispatchMessageA
GetMessageA
RegisterClassA
LoadCursorA
LoadIconA
SetTimer
UpdateWindow
ShowWindow
SetWindowLongA
CreateWindowExA
SystemParametersInfoA
GetSystemMenu
MessageBoxA
AppendMenuA
DialogBoxParamA
CallWindowProcA
InvalidateRect
DestroyWindow
EndDialog
GetDlgItemTextA
SetWindowTextA
SetWindowPos
ReleaseDC
IsWindowVisible
LoadImageA
GetDC
SendMessageA
PostQuitMessage
BringWindowToTop
EnableWindow

gdi32

CreatePalette
CreateCompatibleDC
CreateSolidBrush
CreateFontIndirectA
CreateHalftonePalette
DeleteDC
DeleteObject
SelectObject
GetObjectA
GetDIBColorTable
StretchBlt
RealizePalette
BitBlt
GetDeviceCaps
CreateCompatibleBitmap
GetClipBox
SelectPalette

comctl32

ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon
ord17

shell32

Shell_NotifyIconA
ShellExecuteA

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
29A-5.IDX
29AIntro.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Articles/29A-5.001
Articles/29A-5.002
Articles/29A-5.003
Articles/29A-5.004
Articles/29A-5.005
Articles/29A-5.006
Articles/29A-5.007
Articles/29A-5.008
.vbs
Articles/29A-5.009
Articles/29A-5.010
Articles/29A-5.011
Articles/29A-5.012
Articles/29A-5.013
Articles/29A-5.017
Articles/29A-5.018
Articles/29A-5.019
Articles/29A-5.020
Articles/29A-5.021
Articles/29A-5.022
Articles/29A-5.023
Articles/29A-5.024
.vbs
Articles/29a-5.016
Binaries/Black Jack/Demiurg/demiurg.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4096.0MB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4096.0MB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Binaries/Bumblebee/COMPRESS/COMPRESS.EXE
Binaries/Bumblebee/Noise/Noise.exe
.exe windows:4 windows x86 arch:x86

62cf9425408854bd87e995a446c180b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
DragAcceptFiles
ShellAboutA
SHGetSpecialFolderPathA
DragQueryFileA
DragFinish

kernel32

DeleteFileA
_lcreat
_lopen
_lwrite
LocalUnlock
_llseek
LocalFree
LocalAlloc
_lclose
GlobalAlloc
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpiA
GetStartupInfoA
GetModuleHandleA
ExitProcess
lstrcpynA
LocalLock
LocalReAlloc
GetProfileStringA
RtlMoveMemory
lstrlenA
FindClose
lstrcmpA
FindFirstFileA
CreateFileA
lstrcatA
GetLastError
GetLocaleInfoA
MulDiv
lstrcpyA
GlobalUnlock
GlobalFree
GetCommandLineA
_lread
GlobalLock

user32

wsprintfA
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetMenu
LoadStringA
LoadAcceleratorsA
GetSystemMenu
RegisterWindowMessageA
SetWindowLongA
CreateWindowExA
LoadCursorA
RegisterClassExA
GetSystemMetrics
UpdateWindow
CharPrevA
GetClientRect
PeekMessageA
SetDlgItemTextA
TabbedTextOutA
CreateDialogParamA
EnableWindow
GetWindowTextA
SendDlgItemMessageA
GetDlgCtrlID
ChildWindowFromPoint
ScreenToClient
GetCursorPos
GetDlgItemTextA
GetSubMenu
CheckMenuItem
CharNextA
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
PostQuitMessage
IsIconic
DestroyWindow
MessageBeep
MessageBoxA
DefWindowProcA
EnableMenuItem
GetLastActivePopup
ShowWindow
EndDialog
SetForegroundWindow
WinHelpA
LoadIconA
GetDC
ReleaseDC
SetCursor
SendMessageA
GetFocus
PostMessageA
SetFocus
InvalidateRect
MoveWindow
DispatchMessageA
GetMessageA
SetWindowTextA

gdi32

GetStockObject
GetObjectA
GetDeviceCaps
SelectObject
DeleteObject
AbortDoc
EndDoc
DeleteDC
StartPage
StartDocA
EndPage
GetTextExtentPointA
CreateFontA
SetAbortProc
SetBkMode
SetMapMode
GetTextMetricsA
SetWindowExtEx
SetViewportExtEx
LPtoDP
CreateDCA
GetTextCharset
CreateFontIndirectA

comdlg32

GetOpenFileNameA
ChooseFontA
FindTextA
PageSetupDlgA
GetSaveFileNameA
CommDlgExtendedError
GetFileTitleA

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Binaries/Clau/Troodoon/Troodon.ico
Binaries/GriYo/Dengue/Dengue.exe
.exe windows:4 windows x86 arch:x86

8462b60f6dff3170e8e893be76732af3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetCommandLineA
ExitProcess
GetModuleHandleA

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 171B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Binaries/HenKy/Adonai/Callgate Release.zip
.zip
CALLGATE.LIB
CGATEAPP.C
CGATEAPP.MAK
CGATEAPP.MDP
CGATEAPP.NCB
GATE.H
README.TXT
RELEASE/CALLGATE.DLL
.dll windows:4 windows x86 arch:x86

4a23478f8948059ac181c8eb9f761bf9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetLastError
GetCurrentDirectoryA
DeviceIoControl
HeapDestroy
GetCPInfo
GetModuleFileNameA
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapCreate
CloseHandle
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
SetStdHandle
SetFilePointer
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
LoadLibraryA
FlushFileBuffers

user32

wsprintfA

advapi32

DeleteService
ControlService
OpenSCManagerA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA

Exports

Exports

_CreateCallGate@12
_FreeCallGate@4

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RELEASE/CALLGATE.SYS
.sys windows:3 windows x86 arch:x86

c615d44bb4c517b8a946783ec8d23d44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

IoCreateSymbolicLink
vsprintf
KeI386ReleaseGdtSelectors
KeI386SetGdtSelector
KeI386AllocateGdtSelectors
IoDeleteDevice
DbgPrint
RtlInitUnicodeString
IoCreateDevice
IofCompleteRequest
IoDeleteSymbolicLink

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 416B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 192B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RELEASE/CGATEAPP.EXE
.exe windows:4 windows x86 arch:x86

c7e0c1b0d5d180a6ba25d63e4882a3c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

callgate

_CreateCallGate@12
_FreeCallGate@4

kernel32

SetHandleCount
GetOEMCP
GetCommandLineA
GetVersion
ExitProcess
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
HeapFree
GetFileType
GetStdHandle
GetStartupInfoA
HeapCreate
WriteFile
HeapAlloc
GetProcAddress
LoadLibraryA
GetLastError
FlushFileBuffers
SetFilePointer
SetStdHandle
CloseHandle

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 105B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RING0.ASM
RING0.OBJ
Binaries/HenKy/Adonai/Callgate Source.zip
.zip
CALLGATE.C
CALLGATE.H
CGATEAPP.C
MAKEFILE
RING0.ASM
Release/CGATEAPP.obj
Release/cgatedll.obj
SOURCES
build.log
cgateapp.mak
cgateapp.mdp
cgateapp.ncb
cgatedll.c
cgatedll.def
cgatedll.mak
cgatedll.mdp
cgatedll.ncb
obj/_objects.mac
obj/i386/callgate.obj
readme.txt
ring0.obj
Binaries/IZan/H0rtiga/H0RTIGA.ZIP
.zip
client/h0rtclient.exe.sig
h0rtiga.txt
h0rtiga.txt.sig
server/h0rtserver.exe.sig
Binaries/Lord Julus/Behold PE/Behold PE 4.0.rar
.rar
BEHOLDPE.EXE
FILE_ID.DIZ
Binaries/MaskBits/Pirus/PHPBUG.ZIP
.zip
hello.php
readme.txt
Binaries/Nemo/r0bin-&-m4rian/associate-nt4.exe
.exe windows:4 windows x86 arch:x86

1049d63f905316e23ac8385e3100e474

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA

msvcrt

_initterm
__p___initenv
printf
_adjust_fdiv
exit
_exit
_XcptFilter
__set_app_type
_except_handler3
_controlfp
strrchr
sprintf
getchar
__p__commode
__p__fmode
__getmainargs
__setusermatherr

kernel32

lstrcatA
LocalAlloc
lstrcpyA
lstrlenA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Binaries/Nemo/r0bin-&-m4rian/associate-w2k.exe
.exe windows:5 windows x86 arch:x86

59ab29227ad4d016037f1113bbc35a9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA

msvcrt

exit
__p___initenv
_XcptFilter
printf
__setusermatherr
_exit
strrchr
sprintf
__p__fmode
__set_app_type
_except_handler3
_controlfp
getchar
_adjust_fdiv
__p__commode
__getmainargs
_initterm

kernel32

LocalAlloc
lstrcpyA
lstrlenA
lstrcatA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Binaries/Nemo/r0bin-&-m4rian/m4rian.dz
.vbs
Binaries/Nemo/r0bin-&-m4rian/r0bin.cmd
.cmd .vbs
Binaries/Prizzy/Dream/Dream.exe
.exe windows:4 windows x86 arch:x86

62cf9425408854bd87e995a446c180b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
DragAcceptFiles
ShellAboutA
SHGetSpecialFolderPathA
DragQueryFileA
DragFinish

kernel32

DeleteFileA
_lcreat
_lopen
_lwrite
LocalUnlock
_llseek
LocalFree
LocalAlloc
_lclose
GlobalAlloc
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpiA
GetStartupInfoA
GetModuleHandleA
ExitProcess
lstrcpynA
LocalLock
LocalReAlloc
GetProfileStringA
RtlMoveMemory
lstrlenA
FindClose
lstrcmpA
FindFirstFileA
CreateFileA
lstrcatA
GetLastError
GetLocaleInfoA
MulDiv
lstrcpyA
GlobalUnlock
GlobalFree
GetCommandLineA
_lread
GlobalLock

user32

wsprintfA
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetMenu
LoadStringA
LoadAcceleratorsA
GetSystemMenu
RegisterWindowMessageA
SetWindowLongA
CreateWindowExA
LoadCursorA
RegisterClassExA
GetSystemMetrics
UpdateWindow
CharPrevA
GetClientRect
PeekMessageA
SetDlgItemTextA
TabbedTextOutA
CreateDialogParamA
EnableWindow
GetWindowTextA
SendDlgItemMessageA
GetDlgCtrlID
ChildWindowFromPoint
ScreenToClient
GetCursorPos
GetDlgItemTextA
GetSubMenu
CheckMenuItem
CharNextA
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
PostQuitMessage
IsIconic
DestroyWindow
MessageBeep
MessageBoxA
DefWindowProcA
EnableMenuItem
GetLastActivePopup
ShowWindow
EndDialog
SetForegroundWindow
WinHelpA
LoadIconA
GetDC
ReleaseDC
SetCursor
SendMessageA
GetFocus
PostMessageA
SetFocus
InvalidateRect
MoveWindow
DispatchMessageA
GetMessageA
SetWindowTextA

gdi32

GetStockObject
GetObjectA
GetDeviceCaps
SelectObject
DeleteObject
AbortDoc
EndDoc
DeleteDC
StartPage
StartDocA
EndPage
GetTextExtentPointA
CreateFontA
SetAbortProc
SetBkMode
SetMapMode
GetTextMetricsA
SetWindowExtEx
SetViewportExtEx
LPtoDP
CreateDCA
GetTextCharset
CreateFontIndirectA

comdlg32

GetOpenFileNameA
ChooseFontA
FindTextA
PageSetupDlgA
GetSaveFileNameA
CommDlgExtendedError
GetFileTitleA

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Binaries/Rajaat/RRRACC/RRRAC103.ZIP
.zip
ANTIETA.RRR
DSA2.RRR
RRRACC.DOC
RRRACC.EXE
RRRACC.PL
SQUATTER.RRR
Binaries/Super/Repus/Repus.exe
.exe windows:1 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

CODE
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Binaries/T-2000/Chainsaw/BLACK.ICO
Binaries/T-2000/Chainsaw/WININET.LIB
Binaries/The WalruS/Furio/FURIO.DOC
.doc windows office2003
Binaries/The WalruS/Karma/KARMA.DOC
.doc .vbs windows office2003 polyglot
Binaries/The WalruS/WMVG/WMVG10.ZIP
.zip
WMVG/Font/COMIC.TTF
WMVG/Font/Font.txt
WMVG/ReadMe.txt
WMVG/Revisions.txt
WMVG/WMVG.doc
.doc windows office2003
WMVG/file_id.diz
Binaries/Vecna/Muazzin SDK/Muazzin SDK.zip
.zip
Binaries/VirusBuster/Virsort 2000 Special Edition for 29A #5/vs2000.exe
Binaries/Z0MBiE/KME32/KME32-30.ZIP
.zip
Binaries/Z0MBiE/PGN/PGN.RAR
.rar
Binaries/f0re/Icecubes/ICECUBES.ICO
Binaries/jackie/One/ONE.DOC
.doc windows office2003
Config/BG.BMP
Config/Music.mp3
Config/Reader.ini
Config/SDATA.29A
Editorial/29A-5.001
Editorial/29A-5.002
Editorial/29A-5.003
Editorial/29A-5.004
Editorial/29A-5.005
Editorial/29A-5.006
Editorial/29A-5.007
Editorial/29A-5.008
Editorial/29A-5.009
Editorial/29A-5.010
Editorial/29A-5.011
Editorial/29A-5.012
Editorial/29A-5.013
File-id.diz
Utilities/29A-5.001
Utilities/29A-5.002
Utilities/29A-5.003
Utilities/29A-5.004
Utilities/29A-5.005
Utilities/29A-5.006
.js
Viruses/CMD/29A-5.001
.vbs
Viruses/DOS/29A-5.001
Viruses/HLP/29A-5.001
Viruses/Linux/29A-5.001
Viruses/Linux/29A-5.002
Viruses/Macro/29A-5.001
.vbs
Viruses/Macro/29A-5.003
.vbs
Viruses/WORM/29A-5.001
Viruses/WORM/29A-5.002
Viruses/WORM/29A-5.003
Viruses/WORM/29A-5.004
.vbs
Viruses/WORM/29A-5.005
Viruses/Win2000/29A-5.001
Viruses/Win32/29A-5.001
Viruses/Win32/29A-5.002
Viruses/Win32/29A-5.003
Viruses/Win32/29A-5.004
Viruses/Win32/29A-5.005
Viruses/Win32/29A-5.006
Viruses/Win32/29A-5.007
Viruses/Win32/29A-5.008
Viruses/Win32/29A-5.009
.vbs
Viruses/Win32/29A-5.010
Viruses/Win32/29A-5.011
Viruses/Win32/29A-5.012
Viruses/Win32/29A-5.013
Viruses/Win9x/29A-5.001
Viruses/Win9x/29A-5.002
Viruses/Win9x/29A-5.003
Viruses/Win9x/29A-5.004
Viruses/Win9x/29A-5.005
Viruses/Win9x/29A-5.006
Viruses/Win9x/29A-5.007
Viruses/Win9x/29A-5.008
Viruses/Win9x/29A-5.009
Viruses/WinNT/29A-5.001
XAUDIO.DLL
.dll windows:4 windows x86 arch:x86

b84326523745c614e392316bb9812e37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
Sleep
InterlockedIncrement
SetThreadPriority
WaitForSingleObject
CreateThread
CreateEventA
GetCurrentThreadId
GetCurrentThread
TlsSetValue
TlsAlloc
CloseHandle
SetEvent
TlsFree
TlsGetValue
GetThreadPriority
GetSystemTime
LoadLibraryA
GetProcAddress
GetExitCodeThread
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
SetLastError
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
GetModuleHandleA
RtlUnwind
ReadFile
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileA
FlushFileBuffers
SetStdHandle
InterlockedExchange
GetLocaleInfoA
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
FileTimeToLocalFileTime
GetFileInformationByHandle
FileTimeToSystemTime
PeekNamedPipe

user32

MsgWaitForMultipleObjects
PostMessageA
PostThreadMessageA
PeekMessageA
GetMessageA

winmm

waveOutOpen
waveOutReset
waveOutRestart
waveOutGetVolume
waveOutSetPlaybackRate
waveOutClose
mixerGetLineInfoA
waveOutGetNumDevs
mixerGetDevCapsA
mixerOpen
mixerSetControlDetails
waveOutSetVolume
waveOutPause
mixerGetControlDetailsA
waveOutWrite
waveOutPrepareHeader
mixerClose
waveOutGetDevCapsA
waveOutUnprepareHeader
mixerGetLineControlsA

wsock32

bind
recvfrom
select
ntohl
ntohs
getsockname
closesocket
accept
WSAGetLastError
listen
recv
htonl
htons
socket
gethostbyname
connect
sendto
send
WSACleanup
WSAStartup

Exports

Exports

audio_output_module_register
control_message_from_bytes
control_message_get
control_message_send
control_message_send_I
control_message_send_II
control_message_send_III
control_message_send_IIII
control_message_send_IPI
control_message_send_N
control_message_send_P
control_message_send_S
control_message_send_SI
control_message_send_SS
control_message_to_bytes
control_message_to_win32_params
control_message_wait
control_procedure_delete
control_procedure_new
control_procedure_set_priority
control_win32_params_to_message
decoder_add_environment_listener
decoder_codec_get_equalizer
decoder_codec_set_equalizer
decoder_decode
decoder_delete
decoder_get_environment_integer
decoder_get_environment_string
decoder_input_add_filter
decoder_input_close
decoder_input_delete
decoder_input_filters_list
decoder_input_module_query
decoder_input_module_register
decoder_input_new
decoder_input_open
decoder_input_read
decoder_input_remove_filter
decoder_input_seek_to_offset
decoder_input_seek_to_position
decoder_input_seek_to_time
decoder_input_seek_to_timecode
decoder_input_send_message
decoder_new
decoder_output_add_filter
decoder_output_close
decoder_output_delete
decoder_output_filters_list
decoder_output_get_control
decoder_output_module_query
decoder_output_module_register
decoder_output_new
decoder_output_open
decoder_output_remove_filter
decoder_output_send_message
decoder_output_set_control
decoder_output_write
decoder_play
decoder_remove_environment_listener
decoder_set_environment_integer
decoder_set_environment_string
decoder_unset_environment
decoder_version
file_input_module_register
file_output_module_register
memory_input_module_register
player_delete
player_get_priority
player_new
player_set_priority
stream_input_module_register
xaudio_error_string
xaudio_get_api_version

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da2a0f202827770c648a543d3dcd8ce5

Headers

File Characteristics

Imports

xaudio

kernel32

user32

gdi32

comctl32

shell32

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 125KB - Virtual size: 128KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 512B - Virtual size: 4KB

DATA Size: - Virtual size: 16KB

.idata Size: 4096.0MB - Virtual size: 4KB

.reloc Size: 4096.0MB - Virtual size: 4KB

62cf9425408854bd87e995a446c180b9

Headers

File Characteristics

Imports

shell32

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 4KB - Virtual size: 2KB

8462b60f6dff3170e8e893be76732af3

Headers

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 4KB - Virtual size: 171B

.idata Size: 4KB - Virtual size: 228B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 52B

4a23478f8948059ac181c8eb9f761bf9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 204B

.data Size: 4KB - Virtual size: 25KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

c615d44bb4c517b8a946783ec8d23d44

Headers

File Characteristics

Imports

ntoskrnl.exe

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 125KB - Virtual size: 128KB

UPX2
Size: 512B - Virtual size: 4KB

CODE
Size: 512B - Virtual size: 4KB

DATA
Size: - Virtual size: 16KB

.idata
Size: 4096.0MB - Virtual size: 4KB

.reloc
Size: 4096.0MB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 171B

.idata
Size: 4KB - Virtual size: 228B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 52B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 204B

.data
Size: 4KB - Virtual size: 25KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.idata
Size: 416B - Virtual size: 386B

.reloc
Size: 192B - Virtual size: 166B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 512B - Virtual size: 105B

.data
Size: 4KB - Virtual size: 8KB

.idata
Size: 1024B - Virtual size: 892B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 56B

.reloc
Size: 512B - Virtual size: 442B

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 60B

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 16KB

CODE
Size: 4KB - Virtual size: 8KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB