e984335f2829d038a6086fa79428f707818a5dd0a723124a481502d622ab92a4

Sharing

Copy URL Twitter E-mail

General

Target

e984335f2829d038a6086fa79428f707818a5dd0a723124a481502d622ab92a4
Size

10.1MB
MD5

860eebf58fc0bbffc3fdd129535cdf49
SHA1

fd6a237f819e010357055d0514254aeea23a691d
SHA256

e984335f2829d038a6086fa79428f707818a5dd0a723124a481502d622ab92a4
SHA512

c399863632b1eae63bc4474d7ce9d7263f9b9bd066f26b6bd90c734a0a7df5dd241805be32eb9f79dac84adafbd7b53e79f4744c91f3739c7cd44203d692eda3
SSDEEP

196608:Vm6+2oag/FF33n3DPDopv0I+uxgofpeMJZiogwn6MVN7:p+fag/Fh3Tbo2I9Xg729VV

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Jar2Exe Wizard/j2ewiz.exe	vmprotect

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Jar2Exe Wizard/cfgasist.dll
unpack001/Jar2Exe Wizard/config.exe
unpack001/Jar2Exe Wizard/j2ewiz.com
unpack001/Jar2Exe Wizard/j2ewiz.exe

Files

e984335f2829d038a6086fa79428f707818a5dd0a723124a481502d622ab92a4
.zip
Jar2Exe Wizard/2.5.3.lnk
.lnk
Jar2Exe Wizard/Uninstall.lnk
.lnk
Jar2Exe Wizard/cfgasist.dll
.dll windows:4 windows x86 arch:x86

ebd5cc80635ad1636704226da33f2b3c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1775
ord5287
ord4835
ord4425
ord4407
ord3610
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord6055
ord4078
ord1776
ord4401
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3639
ord692
ord567
ord6485
ord825
ord768
ord800
ord656
ord2302
ord4258
ord4976
ord6199
ord3874
ord540
ord1168
ord6493
ord1783
ord2642
ord6215
ord3092
ord6028
ord6876
ord858
ord641
ord3499
ord535
ord4160
ord537
ord4710
ord4274
ord815
ord3953
ord2528
ord6467
ord1199
ord665
ord1979
ord6385
ord5186
ord354
ord3475
ord2864
ord3876
ord801
ord924
ord4129
ord5683
ord6883
ord541
ord668
ord1980
ord2781
ord2770
ord356
ord940
ord5710
ord536
ord922
ord860
ord4277
ord5442
ord3318
ord6375
ord4486
ord2554
ord2512
ord5731
ord6052
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord6602
ord4715
ord6592
ord5288
ord4439
ord2054
ord4431
ord6529
ord6568
ord6488
ord4259
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord5890
ord2763
ord2817
ord2784
ord4202
ord539
ord2937
ord4376
ord4853
ord5280
ord3597
ord324
ord2370
ord4234
ord5981
ord6334
ord3719
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2575
ord4396
ord3574
ord616
ord609
ord793
ord926
ord2818
ord2582
ord4402
ord3370
ord3640
ord693
ord3996
ord6905
ord6007
ord3998
ord6907
ord3286
ord3301
ord6283
ord6282
ord1834
ord5067
ord4635
ord4607
ord4716
ord4750
ord4608
ord5016
ord4375
ord4852
ord355
ord4229
ord5232
ord1180
ord1176
ord1568
ord5268
ord4834
ord3708
ord781
ord4275
ord2379
ord3089
ord3283
ord6134
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2514
ord4998
ord4854
ord4377
ord5265
ord4948
ord4742
ord5160
ord5162
ord5161
ord6601
ord3922
ord823

msvcrt

wcsncpy
wcscpy
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
sscanf
bsearch
malloc
strncmp
isalnum
isalpha
__isascii
iscntrl
isdigit
isgraph
islower
isprint
ispunct
__CxxFrameHandler
_mbsicmp
free
memmove
wcslen
realloc
_mbscmp
_splitpath
toupper
_strnicmp
_purecall
tolower
isspace
isxdigit
isupper

kernel32

MultiByteToWideChar
WideCharToMultiByte
CloseHandle
ReadFile
GetFileSize
CreateFileA
lstrlenA
GetVersionExA
LoadLibraryA
LocalFree
LocalAlloc
GetCurrentDirectoryA

user32

SendMessageA
EnableWindow
GetFocus
IsWindowEnabled
IsWindow
SetFocus
GetClientRect
GetParent

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

EntryPoint
Internal
Internal2

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Jar2Exe Wizard/config.exe
.exe windows:4 windows x86 arch:x86

4cceb15f3c09af5448e2c0298ad6e9a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cfgasist

EntryPoint

mfc42

ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord4673
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord1168
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord2621
ord1134
ord1576
ord3147
ord3825

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_onexit
__dllonexit
_setmbcp

kernel32

GetModuleHandleA
GetStartupInfoA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Jar2Exe Wizard/ico.png
.png
Jar2Exe Wizard/j2ewiz.com
.exe windows:4 windows x86 arch:x86

36c293fc23a082c7e79e59d812055e90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
GetLastError
ReadFile
SetConsoleCtrlHandler
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
CreatePipe
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
GetStartupInfoA

msvcrt

_mbsicmp
??3@YAXPAX@Z
realloc
memmove
free
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
printf
__CxxFrameHandler

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Jar2Exe Wizard/j2ewiz.exe
.exe windows:5 windows x86 arch:x86

3d461fbbcccbc9e735f1e9495ecd38f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3318
ord665
ord5186
ord354
ord3520
ord6401
ord5981
ord823
ord6601
ord3698
ord5161
ord5162
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord765
ord6485
ord768
ord4258
ord4976
ord1105
ord2864
ord5858
ord4277
ord5683
ord535
ord6385
ord1200
ord5773
ord939
ord923
ord3874
ord941
ord4905
ord5160
ord6143
ord3175
ord1199
ord3499
ord3663
ord925
ord6282
ord6283
ord4278
ord6662
ord2763
ord2841
ord5440
ord6383
ord5450
ord6394
ord2107
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord4224
ord4160
ord1147
ord3626
ord4538
ord2414
ord283
ord2859
ord5861
ord3903
ord6930
ord6928
ord861
ord2818
ord6779
ord2784
ord2919
ord2044
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord801
ord541
ord2448
ord3571
ord2528
ord1641
ord1146
ord6117
ord2621
ord1134
ord6877
ord2827
ord6883
ord5834
ord6602
ord5288
ord4439
ord2054
ord4431
ord6529
ord6568
ord6488
ord4259
ord2863
ord4715
ord5056
ord4284
ord2379
ord3802
ord643
ord2451
ord5442
ord329
ord6592
ord2575
ord4396
ord3574
ord609
ord3996
ord6007
ord6907
ord3998
ord3286
ord1907
ord489
ord2882
ord690
ord1988
ord1567
ord5207
ord268
ord389
ord538
ord771
ord1008
ord496
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord3452
ord5608
ord613
ord3803
ord289
ord3719
ord793
ord4123
ord6490
ord1622
ord3873
ord4299
ord6880
ord2938
ord1783
ord3317
ord6876
ord6663
ord6334
ord6402
ord4476
ord3089
ord755
ord470
ord3619
ord3573
ord640
ord5787
ord5785
ord1640
ord323
ord2754
ord6747
ord2582
ord4402
ord3370
ord3640
ord693
ord3301
ord809
ord2614
ord556
ord1929
ord4275
ord1088
ord2122
ord2860
ord5875
ord6358
ord3797
ord6403
ord3522
ord3811
ord550
ord539
ord3702
ord501
ord773
ord1083
ord5607
ord2762
ord2917
ord958
ord6312
ord4177
ord2601
ord3183
ord3176
ord2803
ord3507
ord3180
ord6010
ord5651
ord3127
ord3616
ord350
ord5600
ord4202
ord6927
ord1832
ord349
ord1833
ord6929
ord1834
ord5067
ord4635
ord4607
ord4716
ord4750
ord4608
ord5016
ord4375
ord4852
ord355
ord4229
ord5232
ord1180
ord1176
ord1568
ord5268
ord4834
ord1175
ord1848
ord4243
ord1979
ord3521
ord2915
ord5572
ord341
ord654
ord1576
ord3876
ord3303
ord922
ord858
ord940
ord356
ord924
ord2770
ord2781
ord3178
ord3181
ord4129
ord1980
ord668
ord5710
ord4000
ord2393
ord2642
ord2370
ord540
ord860
ord810
ord656
ord3733
ord3398
ord3610
ord4710
ord926
ord6199
ord800
ord1168
ord3092
ord537
ord6215
ord4234
ord2302
ord2301
ord825
ord324
ord567
ord641
ord795
ord3721
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord5982
ord5265

msvcrt

isdigit
isgraph
_strnicmp
iscntrl
__isascii
isalpha
isalnum
malloc
bsearch
fread
_mbspbrk
_mbsnbicmp
_mbsstr
_except_handler3
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
qsort
_mbscoll
mktime
localtime
_mbsicoll
_stat
_utime
_chdir
_access
_errno
_splitpath
swprintf
floor
_ftol
fseek
ftell
fflush
fputc
getc
fgets
fscanf
longjmp
_setjmp3
__CxxLongjmpUnwind
fprintf
_endthread
_beginthread
_mbsnbcmp
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_stricmp
islower
isprint
ispunct
isupper
isxdigit
isspace
tolower
toupper
atoi
_mbschr
_itoa
_mbsnbcpy
wcscmp
sprintf
_CxxThrowException
fopen
fwrite
fclose
strncmp
strstr
vsprintf
srand
rand
getenv
strncpy
_purecall
sscanf
time
freopen
wcslen
exit
_iob
setbuf
printf
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
memmove
realloc
_mbscmp
_mbsicmp
free
__CxxFrameHandler
_onexit
_controlfp

kernel32

GetFileSize
CreateFileA
GetTempFileNameA
GetTempPathA
SetFileAttributesA
GetDriveTypeA
SetVolumeLabelA
MoveFileA
GetDiskFreeSpaceA
FormatMessageA
GetLastError
EnumResourceNamesA
SetThreadPriority
GetCurrentThread
SetEvent
WaitForSingleObject
CreateEventA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStructA
WritePrivateProfileStructA
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
SetThreadLocale
GetVersionExA
OpenFile
GetSystemDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
FindResourceA
SizeofResource
LoadResource
LockResource
DeleteFileA
GetModuleFileNameA
GetFullPathNameA
SetConsoleTitleA
AllocConsole
WideCharToMultiByte
MultiByteToWideChar
GetStartupInfoA
Sleep
LocalFree
GetModuleHandleA
CloseHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetParent
SetClipboardData
EnableWindow
ShowWindow
PostMessageA
SendMessageA
CloseClipboard
EmptyClipboard
OpenClipboard
GetFocus
IsWindowEnabled
SetFocus
SetTimer
GetClassInfoA
RegisterClassA
CreateWindowExA
UpdateWindow
BeginPaint
EndPaint
PostQuitMessage
DefWindowProcA
GetMessageA
TranslateMessage
DispatchMessageA
CharToOemBuffA
OemToCharBuffA
MessageBeep
LoadCursorA
CopyIcon
InflateRect
IsWindow
SetCursor
PtInRect
ReleaseCapture
SetCapture
DestroyCursor
GetDC
ReleaseDC
GetWindowRect
LoadIconA
MessageBoxA
InvalidateRect
GetClientRect
GetSystemMenu
GetMenuItemCount
InsertMenuA
RemoveMenu
LoadBitmapA
FillRect
GetSysColor
DrawIcon
DestroyIcon
GetSystemMetrics
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateDIBSection
DeleteDC
SelectObject
DeleteObject
CreateFontIndirectA
CreateSolidBrush
GetObjectA
CreateCompatibleDC
ExtFloodFill
BitBlt
CreateFontA
GetStockObject
GetTextExtentPoint32A

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyExA
RegQueryValueA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetMalloc
ExtractIconA
SHGetPathFromIDListA
ShellExecuteA

ole32

OleInitialize

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcp60

?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
??1runtime_error@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_7runtime_error@std@@6B@
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?freeze@strstreambuf@std@@QAEX_N@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
??0runtime_error@std@@QAE@ABV01@@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@strstreambuf@std@@MAEHH@Z
?overflow@strstreambuf@std@@MAEHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??1_Lockit@std@@QAE@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??0_Lockit@std@@QAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??1strstreambuf@std@@UAE@XZ
??1ostrstream@std@@UAE@XZ

Sections

.text
Size: - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Jar2Exe Wizard/j2ewiz.ini
Jar2Exe Wizard/ɵ½̳.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

ebd5cc80635ad1636704226da33f2b3c

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

comdlg32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 134KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 12KB - Virtual size: 10KB

4cceb15f3c09af5448e2c0298ad6e9a6

Headers

File Characteristics

Imports

cfgasist

mfc42

msvcrt

kernel32

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 288B

.rsrc Size: 88KB - Virtual size: 88KB

36c293fc23a082c7e79e59d812055e90

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 976B

.data Size: 4KB - Virtual size: 100B

3d461fbbcccbc9e735f1e9495ecd38f1

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

version

msvcp60

Sections

.text Size: - Virtual size: 440KB

.rdata Size: - Virtual size: 69KB

.data Size: - Virtual size: 27KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 10.0MB - Virtual size: 10.0MB

.rsrc Size: 28KB - Virtual size: 6.7MB

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 288B

.rsrc
Size: 88KB - Virtual size: 88KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 976B

.data
Size: 4KB - Virtual size: 100B

.text
Size: - Virtual size: 440KB

.rdata
Size: - Virtual size: 69KB

.data
Size: - Virtual size: 27KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 10.0MB - Virtual size: 10.0MB

.rsrc
Size: 28KB - Virtual size: 6.7MB