29a-8[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29a-8.zip
Size

2.9MB
MD5

3e1ea9cfe1647d0b214a83de64a9caf3
SHA1

6ec7d2f4a09d187d671db7b4e7a9013b7b43769e
SHA256

37ea068b568a004bdec47212f8efe05b32e587896a9250576bc2e619c719d3c8
SHA512

93c1aa1ace627f8ee0ba1ee3abc6bd38009c242f39caafd51a2d70158bc45d87bf67a6c436a1364de172b2afec2352f8e203b5a3ab032d02e718f88b8fea395d
SSDEEP

49152:CBlC5P4wXQPT5MJo+6pSRu1kvHqabGCczbq+oV6YVhFXKGn/S8Bl8vF9/ivLC8uJ:Cr8jyqoJpSU1zVbzbRoV1VhFXXnrf8aA

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/xaudio.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/29a-8.exe	upx
static1/unpack001/xaudio.dll	upx

Unsigned PE 21 IoCs

Checks for missing Authenticode signature.

resource
unpack001/29a-8.exe
unpack002/out.upx
unpack003/RXEdit.exe
unpack003/load.exe
unpack004/C-BOT.EXE
unpack005/BINFINAL/TEST2.EXE
unpack006/klogski.exe
unpack007/RUNELF.EXE
unpack007/RUN_ELF.EXE
unpack008/p26.sys
unpack008/sysloader.exe
unpack009/NOTEPAD.EXE
unpack009/pib.exe
unpack009/pibx.exe
unpack001/Utilities/29A-8.013/editor/Release/RXEdit.exe
unpack001/Utilities/29A-8.013/editor/Release/load.exe
unpack001/Utilities/29A-8.013/loader/load.exe
unpack001/Utilities/29A-8.014/delayload/delayload.dll
unpack001/Utilities/29A-8.014/pib/pibx.exe
unpack001/Utilities/29A-8.017/KbHookdll/KbHook.dll
unpack001/xaudio.dll

Files

29a-8.zip
.zip
29A-8.IDX
29a-8.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Articles/29A-8.001
Articles/29A-8.002
Articles/29A-8.003
Articles/29A-8.004
Articles/29A-8.005
Articles/29A-8.006
Articles/29A-8.007
Articles/29A-8.008
Articles/29A-8.009
Articles/29A-8.010
Articles/29A-8.011
Articles/29A-8.012
.vbs
Articles/29A-8.013
.js
Articles/29A-8.014
.js
Articles/29A-8.015
Articles/29A-8.016
Articles/29A-8.018
Articles/29A-8.019
Articles/29A-8.020
Articles/29A-8.021
Articles/29a-8.017
Binaries/9XRX.RAR
.rar
RX.VXD
RXEdit.exe
.exe windows:4 windows x86 arch:x86

e53905fd5dd79768366764a45fb95aae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetFilePointer
CreateFileA
lstrcatA
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
GetSystemInfo

user32

GetDlgItemTextA
GetDlgItem
SendMessageA
EndDialog
MessageBoxA
DialogBoxParamA

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RXFile.VXD
load.exe
.exe windows:4 windows x86 arch:x86

d02dea54a2e240738850d37843543736

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
DeviceIoControl
ExitProcess
GetCurrentProcessId
CreateFileA
Sleep

Sections

.text
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Binaries/C-BOT.RAR
.rar
C-BOT.EXE
.exe windows:4 windows x86 arch:x86

cae7a177f6290fb144f3a521eb3b16b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrlenA
_lcreat
_lwrite
_lclose
GetWindowsDirectoryA
lstrcmpiA
WinExec

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey

wsock32

send
WSAStartup
socket
gethostbyname
connect
recv
WSACleanup

Sections

.text
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Binaries/COMPACT.RAR
.rar
BINFINAL/TEST2.EXE
.exe windows:4 windows x86 arch:x86

16ce05e36e0bfb536b11d1a7840d795a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

printf

Sections

.text
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SRC/MKSTAGE0.BAT
SRC/MKSTAGE1.BAT
SRC/MKSTAGE2.BAT
SRC/MKSTAGE3.BAT
SRC/STUB.ASM
SRC/TEST.C
SRC/TEST2.C
Binaries/KLOGSKI.RAR
.rar
klogski.exe
.exe windows:4 windows x86 arch:x86

eb0e12acfe85d9a5010989aafcbfa1e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetKeyNameTextA
GetKeyboardState
GetMessageA
GetForegroundWindow
GetKeyState
SetWindowsHookExA
ToAscii
CallNextHookEx
GetWindowTextA
RegisterHotKey
UnhookWindowsHookEx

kernel32

GetModuleHandleA
ExitProcess

msvcrt

fopen
fclose
fflush
fprintf

Sections

.text
Size: 1024B - Virtual size: 598B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Binaries/LOADELF.RAR
.rar
HELLO.ELF
.elf linux x86
RUNELF.EXE
.exe windows:4 windows x86 arch:x86

92c3b87a8625cebd485cf41f53d71bcc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
CreateFileA
ExitProcess
GetFileSize
GlobalAlloc
ReadFile
VirtualAlloc
CloseHandle
lstrcmpA
GetStdHandle
GetCommandLineA
WriteFile

user32

wsprintfA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RUN_ELF.EXE
.exe windows:4 windows x86 arch:x86

98a32c14a43d6d05ba8557366d6524bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateFileA
ExitProcess
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LoadLibraryA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
WideCharToMultiByte
WriteFile
lstrcmpA

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Binaries/OBROTHER.RAR
.rar
p26.sys
.sys windows:5 windows x86 arch:x86

e5f031e5bde133fb1058ccf1a907a1a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

sprintf
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
IoDeleteSymbolicLink
ZwClose
ZwWriteFile
wcscpy
ZwCreateFile
PsGetCurrentThreadId
IoGetCurrentProcess
RtlUnicodeStringToAnsiString
wcslen
MmIsAddressValid
KeServiceDescriptorTable

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 480B - Virtual size: 452B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 192B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sysloader.exe
.exe windows:4 windows x86 arch:x86

6e8a5a757e8530e971709c5886fdf13f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
LoadLibraryA
GetProcAddress
CreateProcessA
WaitForSingleObject
DeviceIoControl
ResumeThread
GetLastError
GetCurrentDirectoryA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
SetFilePointer
GetOEMCP
SetEndOfFile
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
CloseHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetStdHandle
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringW
GetStringTypeA
FlushFileBuffers
MultiByteToWideChar
LCMapStringA
GetCPInfo
GetStringTypeW
ReadFile
GetACP

user32

EndDialog
GetDlgItemTextA
MessageBoxA
DialogBoxParamA

advapi32

OpenServiceA
CloseServiceHandle
OpenSCManagerA
CreateServiceA
DeleteService
StartServiceA
ControlService

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Binaries/PIBRELEASE.RAR
.rar
BuildLog.htm
.html
NOTEPAD.EXE
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fuck
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
StdAfx.obj
pib.exe
.exe windows:4 windows x86 arch:x86

585107700c21771fdb14321e1c6bdec7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

comdlg32

GetOpenFileNameA

kernel32

GetLocaleInfoA
GetCurrentProcessId
OutputDebugStringA
GetTickCount
lstrcmpiA
VirtualAlloc
lstrcpyA
GetProcAddress
LoadLibraryA
VirtualProtect
CloseHandle
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
DeleteFileA
VirtualFree
lstrlenA
SetCurrentDirectoryA
Sleep
CreateThread
GetCurrentDirectoryA
GetCurrentThreadId
QueryPerformanceCounter
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
VirtualQuery
InterlockedExchange
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
GetSystemTimeAsFileTime
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetSystemInfo

user32

DialogBoxParamA
LoadMenuA
GetSubMenu
GetCursorPos
TrackPopupMenu
EndDialog
IsDlgButtonChecked
GetDlgItemTextA
SetDlgItemTextA
MessageBoxA
GetDlgItem
SendMessageA
wsprintfA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pib.obj
pib.rar
.rar
pib.res
pibx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fuck
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
smain.dat
vc70.idb
Binaries/SETG.RAR
.rar
Binaries/TCPIP-C.RAR
.rar
Binaries/TLSDEMO.RAR
.rar
Binaries/VCL32-10.ZIP
.zip
Config/issue.ini
Config/theme.bmp
Config/theme.mp3
Editorial/29A-8.001
Editorial/29A-8.002
Editorial/29A-8.003
Editorial/29A-8.004
Editorial/29A-8.005
Editorial/29A-8.006
Editorial/29A-8.007
Editorial/29A-8.008
Editorial/29A-8.009
FILE_ID.DIZ
Utilities/29A-8.001/description.txt
Utilities/29A-8.001/loader/sysloader.c
Utilities/29A-8.001/loader/sysloader/icon1.ico
Utilities/29A-8.001/loader/sysloader/p26res.rct
Utilities/29A-8.001/loader/sysloader/resource.h
Utilities/29A-8.001/loader/sysloader/spyrc.rc
Utilities/29A-8.001/loader/sysloader/sysloader.dsp
Utilities/29A-8.001/loader/sysloader/sysloader.dsw
Utilities/29A-8.001/main.c
Utilities/29A-8.001/makefile
Utilities/29A-8.001/ntifs.h
Utilities/29A-8.001/p26.dsp
Utilities/29A-8.001/p26.dsw
Utilities/29A-8.001/p26res.rct
Utilities/29A-8.001/sources
Utilities/29A-8.002/armpoly.c
Utilities/29A-8.002/make.bat
Utilities/29A-8.002/poly.c
Utilities/29A-8.002/w32test.c
Utilities/29A-8.003/elfheader.inc
Utilities/29A-8.003/ftpd.asm
Utilities/29A-8.003/ftpd.s
Utilities/29A-8.003/import.inc
Utilities/29A-8.003/make.bat
Utilities/29A-8.003/make.sh
.sh linux
Utilities/29A-8.003/peheader.inc
Utilities/29A-8.003/syscall.inc
Utilities/29A-8.003/useful.inc
Utilities/29A-8.004/elf.h
Utilities/29A-8.004/elf.inc
Utilities/29A-8.004/handlers.cpp
Utilities/29A-8.004/handlers.inc
Utilities/29A-8.004/libc.cpp
Utilities/29A-8.004/readme.txt
Utilities/29A-8.004/run_elf.cpp
Utilities/29A-8.004/runelf.asm
Utilities/29A-8.005/COMMON/LIST.CPP
.js
Utilities/29A-8.005/COMMON/LOG.CPP
Utilities/29A-8.005/COMMON/MZ.HPP
Utilities/29A-8.005/COMMON/PE.HPP
Utilities/29A-8.005/COMMON/ZALLOC.CPP
Utilities/29A-8.005/HOOY.CPP
Utilities/29A-8.005/HOOY.HPP
Utilities/29A-8.005/MISTFALL.CPP
.vbs
Utilities/29A-8.005/MISTFALL.HPP
Utilities/29A-8.006/_FINDPrime.INC
Utilities/29A-8.006/_KEYGEN.INC
Utilities/29A-8.006/_MUL.INC
Utilities/29A-8.006/_SHORTgcd.INC
Utilities/29A-8.006/_SHORTmod.INC
Utilities/29A-8.006/_TESTPrime.INC
Utilities/29A-8.006/_common.inc
Utilities/29A-8.006/_divmod.inc
Utilities/29A-8.006/_modexp.inc
Utilities/29A-8.006/_modinv.inc
Utilities/29A-8.006/_primetab.inc
Utilities/29A-8.006/_random.inc
Utilities/29A-8.006/_rsalib6.inc
Utilities/29A-8.006/make.bat
Utilities/29A-8.006/rsalib6.OBJ
Utilities/29A-8.006/rsalib6.asm
Utilities/29A-8.006/rsalib6.hpp
Utilities/29A-8.007/CALCDUPS.CPP
Utilities/29A-8.007/Calcchains.cpp
Utilities/29A-8.007/GEN_DB.BAT
Utilities/29A-8.007/LIBS.RAR
.rar
Utilities/29A-8.007/SETG.TXT
Utilities/29A-8.007/SETG1.PL
Utilities/29A-8.007/SETG2.CPP
Utilities/29A-8.008/ENGINE/NOTE
Utilities/29A-8.008/ENGINE/PROF.C
Utilities/29A-8.008/ENGINE/PROF.H
Utilities/29A-8.008/ENGINE/SHGE.C
Utilities/29A-8.008/ENGINE/SHGE.DEF
Utilities/29A-8.008/ENGINE/SHGE.H
Utilities/29A-8.008/ENGINE/SHGEMAIN.C
Utilities/29A-8.008/ENGINE/SHGEUPXS.C
Utilities/29A-8.008/ENGINE/SHGEXOR.C
Utilities/29A-8.008/MISC/EXAMPLE2.ASM
.vbs
Utilities/29A-8.008/MISC/EXAMPLE2.SHP
Utilities/29A-8.008/MISC/MSGBOX.S
Utilities/29A-8.008/MISC/MSGBOXT.S
Utilities/29A-8.008/MISC/RUNBIN.C
Utilities/29A-8.008/MISC/SHC_CL.C
Utilities/29A-8.008/MISC/SNIPPETS.TXT
Utilities/29A-8.008/MISC/SNIPTEST.CPP
Utilities/29A-8.008/MISC/VXL.ASH
Utilities/29A-8.008/MISC/VXL.ASI
Utilities/29A-8.008/README.TXT
Utilities/29A-8.009/todo
Utilities/29A-8.009/xde.c
Utilities/29A-8.009/xde.h
Utilities/29A-8.009/xde.txt
Utilities/29A-8.009/xde_text.c
Utilities/29A-8.009/xdetbl.c
Utilities/29A-8.010/COMPACT.CPP
Utilities/29A-8.010/CONVERT.CPP
Utilities/29A-8.010/CONVERT.INI
Utilities/29A-8.010/DESCRIPT.TXT
Utilities/29A-8.010/EXPAND.CPP
Utilities/29A-8.010/SFX.CPP
Utilities/29A-8.011/lib/catchy32.h
Utilities/29A-8.011/lib/catchy32.lib
Utilities/29A-8.011/lib/phide2.h
Utilities/29A-8.011/lib/phide2.lib
Utilities/29A-8.011/lib/pullout.h
Utilities/29A-8.011/lib/pullout.lib
Utilities/29A-8.011/src/engines/catchy/catchy32.asm
Utilities/29A-8.011/src/engines/catchy/catchy32.h
Utilities/29A-8.011/src/engines/catchy/makefile
Utilities/29A-8.011/src/engines/catchy/optable.inc
Utilities/29A-8.011/src/engines/makefile
Utilities/29A-8.011/src/engines/phide2/catchy32.h
Utilities/29A-8.011/src/engines/phide2/internal.h
Utilities/29A-8.011/src/engines/phide2/makefile
Utilities/29A-8.011/src/engines/phide2/pe.h
Utilities/29A-8.011/src/engines/phide2/phide2.c
Utilities/29A-8.011/src/engines/phide2/phide2.h
Utilities/29A-8.011/src/engines/phide2/pullout.h
Utilities/29A-8.011/src/engines/phide2/search.c
Utilities/29A-8.011/src/engines/phide2/search.h
Utilities/29A-8.011/src/engines/pullout/catchy32.h
Utilities/29A-8.011/src/engines/pullout/internal.h
Utilities/29A-8.011/src/engines/pullout/makefile
Utilities/29A-8.011/src/engines/pullout/nt.h
Utilities/29A-8.011/src/engines/pullout/pe.h
Utilities/29A-8.011/src/engines/pullout/pullout.c
Utilities/29A-8.011/src/engines/pullout/pullout.h
Utilities/29A-8.011/src/makefile
Utilities/29A-8.011/src/sample/hidecmd.c
Utilities/29A-8.011/src/sample/hidecmd.h
Utilities/29A-8.011/src/sample/makefile
Utilities/29A-8.011/src/sample/phide2.h
Utilities/29A-8.012/CODA.ASI
Utilities/29A-8.012/INTRO.ASI
Utilities/29A-8.012/RSRC/16 X 16 0 Colors~008.ICO
Utilities/29A-8.012/RSRC/caffeine_a0.bmp
Utilities/29A-8.012/RSRC/ecstasy.bmp
Utilities/29A-8.012/RSRC/ghb_a0.bmp
Utilities/29A-8.012/RSRC/heroin.bmp
Utilities/29A-8.012/RSRC/lsd.bmp
Utilities/29A-8.012/RSRC/mescaline.bmp
Utilities/29A-8.012/RSRC/morphine_a0.bmp
Utilities/29A-8.012/RSRC/nicotine_a0.bmp
Utilities/29A-8.012/RSRC/pepcid_a0.bmp
Utilities/29A-8.012/RSRC/prozac.bmp
Utilities/29A-8.012/RSRC/psycobin.bmp
Utilities/29A-8.012/RSRC/quinine.bmp
Utilities/29A-8.012/RSRC/thc_a0.bmp
Utilities/29A-8.012/RSRC/thujone_a0.bmp
Utilities/29A-8.012/RSRC/viagra_b.bmp
Utilities/29A-8.012/RSRC/xanax_a0.bmp
Utilities/29A-8.012/addsec.asi
Utilities/29A-8.012/bscan.asi
Utilities/29A-8.012/curdir.ASI
Utilities/29A-8.012/fsinf.asi
.vbs
Utilities/29A-8.012/getapis.asi
Utilities/29A-8.012/hash.asi
Utilities/29A-8.012/incsec.asi
.vbs
Utilities/29A-8.012/infect.asi
Utilities/29A-8.012/kazaa.asi
Utilities/29A-8.012/kme.ASI
Utilities/29A-8.012/main.asi
Utilities/29A-8.012/make.bat
Utilities/29A-8.012/makedb.asm
Utilities/29A-8.012/msgbox.asi
Utilities/29A-8.012/mydoom.asi
Utilities/29A-8.012/nocrypt.ASI
Utilities/29A-8.012/nopload.asi
Utilities/29A-8.012/perproc.asi
Utilities/29A-8.012/poly1.asi
.vbs
Utilities/29A-8.012/rsearch.asi
Utilities/29A-8.012/shell.asi
Utilities/29A-8.012/shell0.asi
Utilities/29A-8.012/shell2.asi
Utilities/29A-8.012/shell3.asi
Utilities/29A-8.012/strings.asi
Utilities/29A-8.012/tmsgbox.asi
Utilities/29A-8.012/vcl32.asm
Utilities/29A-8.012/vcl32.rc
Utilities/29A-8.012/vcl32console.asm
Utilities/29A-8.012/virdb.inc
Utilities/29A-8.012/xorcrypt.asi
Utilities/29A-8.013/RX/9xrx.asm
Utilities/29A-8.013/RX/9xrx.def
Utilities/29A-8.013/RX/9xrx.exp
Utilities/29A-8.013/RX/9xrx.lib
Utilities/29A-8.013/RX/9xrx.obj
Utilities/29A-8.013/RX/RX.VXD
Utilities/29A-8.013/RX/make.bat
Utilities/29A-8.013/RXFile/9xrx.asm
Utilities/29A-8.013/RXFile/9xrx.def
Utilities/29A-8.013/RXFile/9xrx.exp
Utilities/29A-8.013/RXFile/9xrx.lib
Utilities/29A-8.013/RXFile/9xrx.obj
Utilities/29A-8.013/RXFile/RXFile.VXD
Utilities/29A-8.013/RXFile/make.bat
Utilities/29A-8.013/editor/RXEdit.aps
Utilities/29A-8.013/editor/RXEdit.cpp
Utilities/29A-8.013/editor/RXEdit.dsp
Utilities/29A-8.013/editor/RXEdit.dsw
Utilities/29A-8.013/editor/RXEdit.ncb
Utilities/29A-8.013/editor/RXEdit.opt
Utilities/29A-8.013/editor/RXEdit.rc
Utilities/29A-8.013/editor/RXEdit.sln
Utilities/29A-8.013/editor/RXEdit.vcproj
.xml
Utilities/29A-8.013/editor/ReadMe.txt
Utilities/29A-8.013/editor/Release/BuildLog.htm
.html
Utilities/29A-8.013/editor/Release/RXEdit.exe
.exe windows:4 windows x86 arch:x86

e53905fd5dd79768366764a45fb95aae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetFilePointer
CreateFileA
lstrcatA
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
GetSystemInfo

user32

GetDlgItemTextA
GetDlgItem
SendMessageA
EndDialog
MessageBoxA
DialogBoxParamA

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Utilities/29A-8.013/editor/Release/RXEdit.obj
Utilities/29A-8.013/editor/Release/RXEdit.res
Utilities/29A-8.013/editor/Release/StdAfx.obj
Utilities/29A-8.013/editor/Release/load.exe
.exe windows:4 windows x86 arch:x86

97508f95bdf66fca054d35bc8896cafd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
DeviceIoControl
ExitProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Utilities/29A-8.013/editor/Release/vc70.idb
Utilities/29A-8.013/editor/StdAfx.cpp
Utilities/29A-8.013/editor/StdAfx.h
Utilities/29A-8.013/editor/resource.h
Utilities/29A-8.013/loader/load.exe
.exe windows:4 windows x86 arch:x86

d02dea54a2e240738850d37843543736

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
DeviceIoControl
ExitProcess
GetCurrentProcessId
CreateFileA
Sleep

Sections

.text
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Utilities/29A-8.013/loader/make.bat
Utilities/29A-8.013/loader/vxdloader.asm
Utilities/29A-8.013/loader/vxdloader.obj
Utilities/29A-8.013/readme.txt
Utilities/29A-8.014/delayload/delayload.asm
Utilities/29A-8.014/delayload/delayload.def
Utilities/29A-8.014/delayload/delayload.dll
.dll windows:4 windows x86 arch:x86

5c8ab08608274fd7771acdfa72f52d2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetDlgItemInt
EndDialog
DialogBoxParamA

kernel32

IsBadReadPtr

Exports

Exports

PibClient
PibClientWrap
PibFunc
PibInfo
PibSizeFunc

Sections

.text
Size: 512B - Virtual size: 398B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 42B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Utilities/29A-8.014/delayload/delayload.exp
Utilities/29A-8.014/delayload/delayload.lib
Utilities/29A-8.014/delayload/delayload.obj
Utilities/29A-8.014/delayload/delayload.res
Utilities/29A-8.014/delayload/make.bat
Utilities/29A-8.014/pib/ReadMe.txt
Utilities/29A-8.014/pib/StdAfx.cpp
Utilities/29A-8.014/pib/StdAfx.h
Utilities/29A-8.014/pib/aplib/aplib.h
Utilities/29A-8.014/pib/aplib/aplib.lib
Utilities/29A-8.014/pib/pib.aps
Utilities/29A-8.014/pib/pib.cpp
Utilities/29A-8.014/pib/pib.dsp
Utilities/29A-8.014/pib/pib.dsw
Utilities/29A-8.014/pib/pib.ncb
Utilities/29A-8.014/pib/pib.opt
Utilities/29A-8.014/pib/pib.rc
Utilities/29A-8.014/pib/pib.sln
Utilities/29A-8.014/pib/pib.suo
Utilities/29A-8.014/pib/pib.vcproj
.xml
Utilities/29A-8.014/pib/pibpoly/pibpoly.cpp
Utilities/29A-8.014/pib/pibpoly/pibpolytbl.cpp
Utilities/29A-8.014/pib/pibx.exe
.exe windows:4 windows x86 arch:x86

097b024936a0b355f6785c1b9fc49658

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

comdlg32

GetOpenFileNameA

kernel32

GetLocaleInfoA
GetCurrentProcessId
lstrcmpiA
VirtualAlloc
lstrcpyA
GetProcAddress
LoadLibraryA
VirtualProtect
CloseHandle
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
DeleteFileA
VirtualFree
lstrlenA
SetCurrentDirectoryA
Sleep
CreateThread
GetCurrentDirectoryA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
VirtualQuery
InterlockedExchange
RtlUnwind
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetACP
GetSystemInfo

user32

DialogBoxParamA
LoadMenuA
GetSubMenu
GetCursorPos
TrackPopupMenu
EndDialog
IsDlgButtonChecked
GetDlgItemTextA
SetDlgItemTextA
wsprintfA
MessageBoxA
GetDlgItem
SendMessageA

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Utilities/29A-8.014/pib/resource.h
Utilities/29A-8.014/pib/small.ico
Utilities/29A-8.014/readme.txt
Utilities/29A-8.015/klogski.asm
Utilities/29A-8.016/bind_overlap.asm
Utilities/29A-8.016/bind_pipes.asm
Utilities/29A-8.016/build_exe.bat
Utilities/29A-8.016/download_exec1.asm
Utilities/29A-8.016/notes.txt
Utilities/29A-8.016/readme.txt
Utilities/29A-8.016/rev_overlap.asm
Utilities/29A-8.016/rev_pipes.asm
Utilities/29A-8.016/sys_exec.asm
Utilities/29A-8.016/win_exec.asm
Utilities/29A-8.016/xdll.asm
Utilities/29A-8.017/Client/zup.txt
Utilities/29A-8.017/KbHookdll/KbHook.ASM
Utilities/29A-8.017/KbHookdll/KbHook.DEF
Utilities/29A-8.017/KbHookdll/KbHook.dll
.dll windows:4 windows x86 arch:x86

5603269096630caab63690ab8514a8c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
GetDriveTypeA
GetLogicalDriveStringsA
SetCurrentDirectoryA
lstrcatA
FindClose

user32

PostMessageA
SendMessageA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

Exports

Exports

FileSearchAllFixedDrives
InstallKBHook
RecursivScan
RemoveKBHook

Sections

.text
Size: 1024B - Virtual size: 658B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 624B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Utilities/29A-8.017/KbHookdll/KbHook.exp
Utilities/29A-8.017/KbHookdll/KbHook.lib
Utilities/29A-8.017/KbHookdll/Makeit.BAT
Utilities/29A-8.017/KbHookdll/kbhook.obj
Utilities/29A-8.017/TS.ASM
Utilities/29A-8.017/incs/KbHook.INC
Utilities/29A-8.017/incs/SMTP.inc
Utilities/29A-8.018/V1/DISK.PAS
Utilities/29A-8.018/V1/FLASH.PAS
.js
Utilities/29A-8.018/V1/TEST.DPR
Utilities/29A-8.018/V2/Disk.pas
Utilities/29A-8.018/V2/Flash.pas
.js
Utilities/29A-8.018/V2/SysDep.pas
Utilities/29A-8.018/V2/Test.dpr
Utilities/29A-8.019/gen.s
Utilities/29A-8.019/maze.s
Utilities/29A-8.019/syscall.h
Utilities/29A-8.019/vir.s
Utilities/29A-8.019/virus_sample.txt
Utilities/29A-8.019/x87me.s
Utilities/29A-8.020/C-BOT.C
Utilities/29A-8.020/DOS-H.ASM
Utilities/29A-8.020/MAKEBOT.BAT
Utilities/29A-8.020/MAKELIB.BAT
Utilities/29A-8.020/MY_WSOCK.DEF
Viruses/29A-8.001/MAKE.BAT
Viruses/29A-8.001/MAKE64.BAT
Viruses/29A-8.001/SHRUG.ASM
Viruses/29A-8.001/SHRUG.INC
Viruses/29A-8.001/SHRUG64.ASM
Viruses/29A-8.001/SHRUG64.INC
Viruses/29A-8.002/MAKE.BAT
Viruses/29A-8.002/SHRUG64.ASM
Viruses/29A-8.002/SHRUG64.INC
Viruses/29A-8.003/MAKE.BAT
Viruses/29A-8.003/SHRUG64.ASM
Viruses/29A-8.003/SHRUG64.INC
Viruses/29A-8.004/caribe.zip
.zip
Viruses/29A-8.004/readme.txt
Viruses/29A-8.005/Win32.JollyRoger.release1.zip
.zip
Viruses/29A-8.005/readme.txt
Viruses/29A-8.006/Win32.jollyroger.release2.zip
.zip
Viruses/29A-8.006/readme.txt
Viruses/29A-8.007/ASM/entry.s
Viruses/29A-8.007/ASM/stub.s
Viruses/29A-8.007/MZ.H
Viruses/29A-8.007/PE.H
Viruses/29A-8.007/makefile
Viruses/29A-8.007/vir.c
Viruses/29A-8.007/vir.h
Viruses/29A-8.008/0/ARCHIVER.ASM
Viruses/29A-8.008/0/MAKE.BAT
Viruses/29A-8.008/0/MAKE1.BAT
Viruses/29A-8.008/0/_0.ASM
Viruses/29A-8.008/0/comp.bat
Viruses/29A-8.008/1/FTPD.ASM
Viruses/29A-8.008/1/IMPORT.INC
Viruses/29A-8.008/1/MAKE.BAT
Viruses/29A-8.008/1/PEHEADER.INC
Viruses/29A-8.008/2/README.TXT
Viruses/29A-8.008/3/README.TXT
Viruses/29A-8.008/4/4.ASM
Viruses/29A-8.008/5/HOD-ms04011-lsasrv-expl.c
Viruses/29A-8.008/6/README.TXT
Viruses/29A-8.008/666WORM.BAT
Viruses/29A-8.009/Admin.asm
Viruses/29A-8.009/Beagle.asm
Viruses/29A-8.009/Beagle.ico
Viruses/29A-8.009/Beagle.rc
Viruses/29A-8.009/CPL.asm
Viruses/29A-8.009/ConfBuilder.asm
Viruses/29A-8.009/Config.ini
Viruses/29A-8.009/CplStub.asm
Viruses/29A-8.009/CplStub.inc
Viruses/29A-8.009/Crypt.asm
Viruses/29A-8.009/DNS.asm
Viruses/29A-8.009/EmailScanner.asm
Viruses/29A-8.009/HDDScanner.asm
Viruses/29A-8.009/HTA.asm
.hta .vbs polyglot
Viruses/29A-8.009/HashTable.asm
Viruses/29A-8.009/Network.asm
Viruses/29A-8.009/Notify.asm
Viruses/29A-8.009/PEInfector.asm
Viruses/29A-8.009/PVG.asm
Viruses/29A-8.009/PassGen.asm
Viruses/29A-8.009/ProcKiller.asm
Viruses/29A-8.009/RAR.asm
Viruses/29A-8.009/SMTPClient.asm
Viruses/29A-8.009/SMTPMessage.asm
Viruses/29A-8.009/SMTPThread.asm
Viruses/29A-8.009/Src/SrcFile.inc
Viruses/29A-8.009/StartUp.asm
Viruses/29A-8.009/Stream.asm
Viruses/29A-8.009/Utils.asm
Viruses/29A-8.009/VBS.asm
.vbs
Viruses/29A-8.009/ZIP.asm
Viruses/29A-8.009/readme.txt
Viruses/29A-8.010/RGBLDE.inc
Viruses/29A-8.010/eris.asm
Viruses/29A-8.011/ABOUT.txt
Viruses/29A-8.011/defines.h
Viruses/29A-8.011/includes.h
Viruses/29A-8.011/main.c
Viruses/29A-8.011/structs.h
Viruses/29A-8.011/virus.h
Viruses/29A-8.012/nemox.asm
Viruses/29A-8.013/close_file.h
Viruses/29A-8.013/defines.h
Viruses/29A-8.013/get_segment.h
Viruses/29A-8.013/includes.h
Viruses/29A-8.013/infect_me.h
Viruses/29A-8.013/init_infection.h
Viruses/29A-8.013/is_elf.h
Viruses/29A-8.013/main.c
Viruses/29A-8.013/make.sh
Viruses/29A-8.013/map_file.h
Viruses/29A-8.013/open_dest.h
Viruses/29A-8.013/open_target.h
Viruses/29A-8.013/patch/patch_entry.h
Viruses/29A-8.013/patch/patch_phdr.h
Viruses/29A-8.013/patch/patch_shdr.h
Viruses/29A-8.013/structs.h
Viruses/29A-8.013/test.c
Viruses/29A-8.013/vir_codes/README
Viruses/29A-8.013/vir_codes/cyneox.asm
Viruses/29A-8.013/vir_codes/disasm.pl
.pl .sh linux
Viruses/29A-8.013/virus_code.c
Viruses/29A-8.013/write_infection.h
Viruses/29A-8.014/NORTHER.ASM
Viruses/29A-8.015/w32_Voltage.asm
Viruses/29A-8.016/ABIGOR.ASM
Viruses/29A-8.016/MAKEIT.BAT
Viruses/29A-8.017/METAPHOR.ASM
Viruses/29A-8.018/NETROBO2.ASM
Viruses/29A-8.018/NETROBOT.ASM
Viruses/29A-8.019/P01UT0SP.asm
Viruses/29A-8.020/Crucio.asm
Viruses/29A-8.021/Compile.bat
Viruses/29A-8.021/Unair.asm
Viruses/29A-8.022/DUST.TXT
Viruses/29A-8.023/common/buildiat.cpp
.js
Viruses/29A-8.023/common/newimporttable.cpp
.js
Viruses/29A-8.023/common/peclass.cpp
.js
Viruses/29A-8.023/common/peclass.h
Viruses/29A-8.023/common/spread.h
Viruses/29A-8.023/readme.txt
Viruses/29A-8.023/spread.dsw
Viruses/29A-8.023/spread/main.cpp
.js
Viruses/29A-8.023/spread/notepad.ico
Viruses/29A-8.023/spread/spread.dsp
Viruses/29A-8.023/spread/spread.dsw
Viruses/29A-8.023/spread/spread.rc
Viruses/29A-8.023/spreadll/spreadll.cpp
Viruses/29A-8.023/spreadll/spreadll.def
Viruses/29A-8.023/spreadll/spreadll.dsp
Viruses/29A-8.023/spreadll/spreadll.dsw
Viruses/29A-8.024/EPHEMERAL.ASM
Viruses/29A-8.025/MORPHINE.ASM
Viruses/29A-8.026/SANTY.PL
xaudio.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

audio_output_module_register
control_message_get
control_message_send
control_message_send_I
control_message_send_II
control_message_send_III
control_message_send_IIII
control_message_send_IPI
control_message_send_N
control_message_send_P
control_message_send_S
control_message_send_SI
control_message_send_SS
control_message_to_win32_params
control_message_wait
control_procedure_delete
control_procedure_new
control_procedure_set_priority
control_win32_params_to_message
decoder_add_environment_listener
decoder_codec_get_channels
decoder_codec_get_equalizer
decoder_codec_get_quality
decoder_codec_module_register
decoder_codec_set_channels
decoder_codec_set_equalizer
decoder_codec_set_quality
decoder_decode
decoder_delete
decoder_get_environment_integer
decoder_get_environment_string
decoder_input_add_filter
decoder_input_close
decoder_input_delete
decoder_input_filters_list
decoder_input_module_query
decoder_input_module_register
decoder_input_new
decoder_input_open
decoder_input_read
decoder_input_remove_filter
decoder_input_seek_to_offset
decoder_input_seek_to_position
decoder_input_seek_to_time
decoder_input_seek_to_timecode
decoder_input_send_message
decoder_new
decoder_output_add_filter
decoder_output_close
decoder_output_delete
decoder_output_filters_list
decoder_output_get_control
decoder_output_module_query
decoder_output_module_register
decoder_output_new
decoder_output_open
decoder_output_remove_filter
decoder_output_send_message
decoder_output_set_control
decoder_output_write
decoder_play
decoder_remove_environment_listener
decoder_set_environment_integer
decoder_set_environment_string
decoder_unset_environment
event_forwarder_feedback_handler_module_register
fft_analyzer_delete
fft_analyzer_get_spectrum
fft_analyzer_interpolate_samples_signed
fft_analyzer_interpolate_samples_unsigned
fft_analyzer_new
fft_analyzer_set_samples
file_input_module_register
file_output_module_register
memory_input_module_register
mpeg_codec_module_register
player_delete
player_get_priority
player_new
player_new_ext
player_set_priority
properties_get_integer
properties_get_list
properties_get_string
stream_input_module_register
xaudio_error_string
xaudio_get_version

Sections

UPX0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 19KB - Virtual size: 20KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 28KB - Virtual size: 26KB

.text1 Size: 4KB - Virtual size: 96B

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 12KB

.data1 Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 2KB

e53905fd5dd79768366764a45fb95aae

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 896B

d02dea54a2e240738850d37843543736

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 512B - Virtual size: 382B

.rdata Size: 512B - Virtual size: 220B

.data Size: 4KB - Virtual size: 4KB

cae7a177f6290fb144f3a521eb3b16b5

Headers

File Characteristics

Imports

kernel32

advapi32

wsock32

Sections

.text Size: 2KB - Virtual size: 4KB

16ce05e36e0bfb536b11d1a7840d795a

Headers

File Characteristics

Imports

msvcrt

Sections

.text Size: 512B - Virtual size: 478B

eb0e12acfe85d9a5010989aafcbfa1e9

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

Sections

.text Size: 1024B - Virtual size: 598B

.rdata Size: 1024B - Virtual size: 544B

.data Size: 512B - Virtual size: 40B

92c3b87a8625cebd485cf41f53d71bcc

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 392B

.data Size: 512B - Virtual size: 208B

98a32c14a43d6d05ba8557366d6524bf

Headers

File Characteristics

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 26KB

.text1
Size: 4KB - Virtual size: 96B

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 12KB

.data1
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 896B

.text
Size: 512B - Virtual size: 382B

.rdata
Size: 512B - Virtual size: 220B

.data
Size: 4KB - Virtual size: 4KB

.text
Size: 2KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 478B

.text
Size: 1024B - Virtual size: 598B

.rdata
Size: 1024B - Virtual size: 544B

.data
Size: 512B - Virtual size: 40B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 392B

.data
Size: 512B - Virtual size: 208B

.text
Size: 35KB - Virtual size: 36KB

.data
Size: 9KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

INIT
Size: 480B - Virtual size: 452B

.reloc
Size: 192B - Virtual size: 188B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 34KB - Virtual size: 34KB

fuck
Size: 8KB - Virtual size: 8KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 28KB - Virtual size: 24KB

.text
Size: 24KB - Virtual size: 37KB

.rdata
Size: 4KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 24KB

fuck
Size: 8KB - Virtual size: 8KB