e108c642cdddb9dd3dcbfabc678fe636_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e108c642cdddb9dd3dcbfabc678fe636_JaffaCakes118
Size

13.4MB
MD5

e108c642cdddb9dd3dcbfabc678fe636
SHA1

f0cbb701d5b0dbf74fe8f330e879d357dced7c6a
SHA256

3a99be44718f36909a6d82a816891592a5002e97f9a65ebf5887e3648167fdf7
SHA512

feb95ebe1d76b901527efe36518f4a42141d3a99febf79cf804c9d488fcfc2c76637a67b68c5c4cf49dd7a100053d4eb71328c4455d35346b24ed4329bd390f9
SSDEEP

393216:f8yznxTr9Qduj2vsTlq4P1pXcsOeIK7EkmInHY1DpuQ4:5xThH29ANcsOeIJAY5UQ4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Control la Distanta 3.2 Ultimate Edition/SERVER2.exe	upx
static1/unpack001/Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/ServerIconChanger.exe	upx

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Control la Distanta 3.2 Ultimate Edition/SERVER2.exe
unpack002/out.upx
unpack001/Control la Distanta 3.2 Ultimate Edition/Tools/Scanare Port 1.1.exe
unpack001/Control la Distanta 3.2 Ultimate Edition/Tools/Your IP Address.exe
unpack001/Control la Distanta 3.2 Ultimate Edition/Tools/afla ip www.hack.wgz.ro/afla ip www.hack.wgz.ro.exe
unpack001/Control la Distanta 3.2 Ultimate Edition/Tools/afla ip www.hack.wgz.ro/engineu.exe
unpack001/Control la Distanta 3.2 Ultimate Edition/Tools/afla ip www.hack.wgz.ro/setari si salvare ip .www.hack.wgz.ro.exe
unpack001/Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server. www.hack.wgz.ro/Exe2Jpg Converter.exe
unpack001/Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/ServerIconChanger.exe
unpack003/out.upx
unpack001/Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/reshacker.exe
unpack001/Control la Distanta 3.2 Ultimate Edition/control la distanta.exe
unpack001/Control la Distanta 3.2 Ultimate Edition/kiss you.exe

Files

e108c642cdddb9dd3dcbfabc678fe636_JaffaCakes118
.rar
Control la Distanta 3.2 Ultimate Edition/Detalii pentru Vista/1.png
.png
Control la Distanta 3.2 Ultimate Edition/Detalii pentru Vista/2.PNG
.png
Control la Distanta 3.2 Ultimate Edition/Detalii pentru Vista/Thumbs.db
Control la Distanta 3.2 Ultimate Edition/Detalii pentru Vista/info.txt
Control la Distanta 3.2 Ultimate Edition/SERVER2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Control la Distanta 3.2 Ultimate Edition/Serial.txt
Control la Distanta 3.2 Ultimate Edition/Tools/Scanare Port 1.1.exe
.exe windows:4 windows x86 arch:x86

f20741830e8ff2eb6992480855ad1fca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetACP
IsBadWritePtr
GetStringTypeA
GetStringTypeW
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
GetLastError
HeapSize
TerminateProcess
GetProfileStringA
InterlockedExchange
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetThreadLocale
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcpynA
GlobalFree
CloseHandle
GlobalAlloc
lstrcmpA
GetCurrentThread
GetModuleFileNameA
FormatMessageA
LocalFree
WideCharToMultiByte
GlobalLock
GlobalUnlock
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
FindResourceA
SizeofResource
LoadResource
LockResource
InterlockedIncrement
InterlockedDecrement
lstrlenA
MultiByteToWideChar
VirtualAlloc

user32

RegisterClipboardFormatA
PostThreadMessageA
SetRect
CopyAcceleratorTableA
CharNextA
InflateRect
GetSysColorBrush
GetDesktopWindow
PtInRect
GetClassNameA
DestroyMenu
LoadStringA
SetTimer
KillTimer
WaitMessage
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
GetMessageA
GetActiveWindow
ValidateRect
GetCursorPos
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetFocus
SetActiveWindow
IsWindow
MessageBeep
AdjustWindowRectEx
ScreenToClient
CopyRect
IsWindowVisible
GetSysColor
InvalidateRect
EnableWindow
LoadIconA
SendMessageA
AppendMenuA
UnregisterClassA
HideCaret
GetTopWindow
MessageBoxA
IsChild
GetParent
GetCapture
WinHelpA
wsprintfA
CheckMenuItem
CharUpperA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
DispatchMessageA
TranslateMessage
PeekMessageA
LoadCursorA
SetCursor
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
GetWindow
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
SetFocus
GetNextDlgGroupItem
GetWindowTextA
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
MapDialogRect

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
DPtoLP
GetTextColor
GetBkColor
LPtoDP
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
GetMapMode
CreateSolidBrush
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetObjectA
CreateFontIndirectA
GetStockObject
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

comctl32

ord17
ImageList_Destroy
ImageList_LoadImageA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
StgOpenStorageOnILockBytes
CoGetClassObject
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromString

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantInit
SysAllocString
VariantCopy
SysAllocStringByteLen
VariantTimeToSystemTime
VariantChangeType
SysStringLen
GetErrorInfo

wsock32

connect
sendto
recvfrom
socket
inet_ntoa
WSAAsyncSelect
send
recv
gethostbyname
closesocket
htonl
htons
bind
ioctlsocket
accept
WSAGetLastError
WSASetLastError
WSAStartup
WSACleanup

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768KB - Virtual size: 767KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Control la Distanta 3.2 Ultimate Edition/Tools/Your IP Address.exe
.exe windows:1 windows x86 arch:x86

b159ff2e0462241e32df920d70dcdd27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperBuffA
DialogBoxParamA
EndDialog
LoadIconA
MessageBoxA
SetClassLongA
SetDlgItemTextA
ShowWindow
UpdateWindow

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetConsoleCtrlHandler
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

comctl32

ord17

wsock32

gethostbyname
gethostname
WSACleanup
WSAStartup

Sections

AUTO
Size: 20KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 3KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 3KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Control la Distanta 3.2 Ultimate Edition/Tools/afla ip www.hack.wgz.ro/afla ip www.hack.wgz.ro.exe
.exe windows:4 windows x86 arch:x86

84302ac55821bd05743af8685df734af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2514
ord2621
ord1134
ord641
ord693
ord800
ord825
ord5265
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord5731
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord860
ord540
ord324
ord2299
ord2301
ord2294
ord2362
ord2302
ord4234
ord6334
ord3996
ord4710
ord755
ord470
ord4376
ord4224
ord2818
ord3302
ord6907
ord535
ord1168
ord2379
ord1146
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord2512
ord2554
ord4486
ord6375
ord4274
ord4353
ord4673
ord1576

msvcrt

__p__fmode
__set_app_type
_controlfp
_onexit
__dllonexit
__p__commode
strcpy
strlen
isdigit
__CxxFrameHandler
_setmbcp
_adjust_fdiv
_except_handler3
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
strcmp

kernel32

DeleteFileA
Sleep
WinExec
GetModuleHandleA
GetStartupInfoA
Beep

user32

LoadIconA
EnableWindow
KillTimer
SetTimer
GetClientRect
IsIconic
SendMessageA
DrawIcon
GetDC
ReleaseDC
GetSystemMetrics
DrawTextA

shell32

ShellExecuteA

msvcirt

?close@fstream@@QAEXXZ
??5istream@@QAEAAV0@AAI@Z
??5istream@@QAEAAV0@AAH@Z
?getline@istream@@QAEAAV1@PADHD@Z
?open@fstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
??0fstream@@QAE@XZ
??Bios@@QBEPAXXZ
??_Dfstream@@QAEXXZ

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Control la Distanta 3.2 Ultimate Edition/Tools/afla ip www.hack.wgz.ro/config.ini
Control la Distanta 3.2 Ultimate Edition/Tools/afla ip www.hack.wgz.ro/engineu.exe
.exe windows:4 windows x86 arch:x86

8d4a9af5ea8457bbc07eb387b5c809ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
SetLastError
GlobalAlloc
GlobalFree
GetTickCount

wsock32

inet_addr
WSAStartup
WSACleanup

msvcirt

??0fstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@fstream@@QAEXPBDHH@Z
??_Dfstream@@QAEXXZ
??6ostream@@QAEAAV0@D@Z
??6ostream@@QAEAAV0@J@Z
??6ostream@@QAEAAV0@PBD@Z
?close@fstream@@QAEXXZ
??5istream@@QAEAAV0@AAH@Z

msvcrt

__getmainargs
_controlfp
strcmp
printf
__CxxFrameHandler
memcpy
_exit
_XcptFilter
exit
__p___initenv
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Control la Distanta 3.2 Ultimate Edition/Tools/afla ip www.hack.wgz.ro/setari si salvare ip .www.hack.wgz.ro.exe
.exe windows:4 windows x86 arch:x86

641906ff17e55cc1f7a2161ae694be00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord324
ord641
ord2301
ord2294
ord2362
ord4234
ord4853
ord825
ord800
ord860
ord540
ord2370
ord6052
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord2621
ord1134
ord693
ord2299
ord2302
ord6334
ord3996
ord755
ord470
ord4224
ord2818
ord3302
ord6907
ord535
ord1168
ord2379
ord1146
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord2514
ord4710
ord4998
ord4376
ord4673
ord5265
ord1576

msvcrt

_controlfp
__dllonexit
strcpy
__set_app_type
strcmp
strlen
__CxxFrameHandler
_setmbcp
__p__fmode
__p__commode
_adjust_fdiv
_onexit
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
isdigit

kernel32

Sleep
Beep
GetModuleHandleA
GetStartupInfoA
WinExec

user32

LoadIconA
KillTimer
SetTimer
GetClientRect
IsIconic
SendMessageA
DrawIcon
DrawTextA
ReleaseDC
GetSystemMetrics
EnableWindow
GetDC

shell32

ShellExecuteA

msvcirt

?close@fstream@@QAEXXZ
??5istream@@QAEAAV0@AAI@Z
?getline@istream@@QAEAAV1@PADHD@Z
??5istream@@QAEAAV0@AAH@Z
?open@fstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
??0fstream@@QAE@XZ
??Bios@@QBEPAXXZ
??6ostream@@QAEAAV0@I@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@H@Z
??_Dfstream@@QAEXXZ

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Control la Distanta 3.2 Ultimate Edition/Tools/afla ip www.hack.wgz.ro/text.txt
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server. www.hack.wgz.ro/COMCTL32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

c8cebbf034d8c6304701e5ec3fae70a4

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_SetOverlayImage
ImageList_DrawEx
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
ImageList_AddMasked
ord16
ord17
ImageList_Draw
ImageList_Create
ImageList_Destroy
ImageList_Remove

kernel32

lstrcmpA
GetProcAddress
GlobalSize
CloseHandle
GetFileSize
ReadFile
lstrcmpiA
IsDBCSLeadByte
lstrcmpiW
LockResource
FindResourceA
LoadResource
GetWindowsDirectoryA
GetLastError
GetLocaleInfoA
OpenFile
MultiByteToWideChar
lstrcatA
DisableThreadLibraryCalls
GetVersion
GetProcessHeap
GetDateFormatA
GetLocalTime
GetTimeFormatA
GetModuleFileNameA
GetCurrentThreadId
LoadLibraryA
GlobalUnlock
GlobalAlloc
GlobalLock
CompareStringA
GlobalFree
GetVersionExA
lstrlenA
lstrcpyA
IsBadReadPtr
HeapReAlloc
lstrcpynA
IsBadWritePtr
InterlockedDecrement
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
InterlockedIncrement
HeapAlloc
lstrlenW
LeaveCriticalSection
EnterCriticalSection

user32

IsWindowVisible
EndPaint
BeginPaint
MoveWindow
CharUpperA
IntersectRect
MessageBeep
SetCursor
EndDialog
RedrawWindow
GetMessagePos
CreateAcceleratorTableA
VkKeyScanA
PeekMessageA
PeekMessageW
SetWindowRgn
RegisterWindowMessageA
RegisterClipboardFormatA
SetCursorPos
OffsetRect
EqualRect
IsChild
GetWindowTextA
SetCapture
GetCursorPos
ScreenToClient
PostMessageA
DrawEdge
GetSysColor
wsprintfA
FillRect
InflateRect
DrawTextA
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetParent
GetAsyncKeyState
SetWindowLongA
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetActiveWindow
CreateDialogIndirectParamA
IsDialogMessageA
GetNextDlgTabItem
GetWindow
CharNextA
SetParent
InvalidateRect
UpdateWindow
UnregisterClassA
MessageBoxA
SetWindowsHookExA
SetTimer
KillTimer
CheckRadioButton
CallNextHookEx
SetActiveWindow
DestroyIcon
SetFocus
DrawIcon
UnionRect
DialogBoxParamA
PtInRect
LoadCursorA
GetWindowDC
SetRect
IsRectEmpty
GetDC
ReleaseDC
GetClipboardFormatNameA
ClientToScreen
PostMessageW
FrameRect
GetClientRect
CallWindowProcA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
LoadIconA
GetSystemMetrics
CopyImage
MapDialogRect
GetWindowLongA
SetWindowPos
GetFocus
EnableWindow
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
SetDlgItemInt
GetDlgItemInt
IsDlgButtonChecked
SendDlgItemMessageA
CheckDlgButton
LoadStringA
DefWindowProcA
SendMessageA
ShowWindow
WinHelpA
UnhookWindowsHookEx

ole32

CreateStreamOnHGlobal
RevokeDragDrop
CreateOleAdviseHolder
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
DoDragDrop
ReleaseStgMedium
OleLoadFromStream
OleSaveToStream

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA
RegCloseKey

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SafeArrayRedim
SafeArrayGetUBound
SafeArrayCreate
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
VariantCopy
GetErrorInfo
OleCreateFontIndirect
CreateErrorInfo
SetErrorInfo
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
LoadRegTypeLi
RegisterTypeLi
OleLoadPicture
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
OleCreatePictureIndirect
VariantCopyInd
OleTranslateColor
VariantChangeType
SysFreeString
SysStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

GetNearestColor
CreatePalette
LPtoDP
GetWindowExtEx
GetBitmapBits
TextOutA
CreateDIBitmap
RealizePalette
GetViewportExtEx
SelectPalette
GetPaletteEntries
GetDIBits
CopyEnhMetaFileA
CreateICA
CopyMetaFileA
StretchBlt
Rectangle
GetObjectA
SetBkColor
CreateDCA
CreateRectRgn
SetViewportOrgEx
SetWindowOrgEx
DeleteObject
SetWindowExtEx
SetMapMode
SetViewportExtEx
CreateSolidBrush
GetDeviceCaps
SelectObject
ExcludeClipRect
GetClipRgn
SelectClipRgn
GetClipBox
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
PatBlt
CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateBitmap
GetStockObject
GetTextExtentPoint32A

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server. www.hack.wgz.ro/COMDLG32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

988f29c1eb8054253091352741683c76

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec
Signer

Actual PE Digest

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
LockResource
GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CompareStringA
CompareStringW
lstrcmpA
GetLocaleInfoA
GetVersion
GetModuleFileNameA
GetFileAttributesA
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiA
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcpyA
WriteProfileStringA
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
lstrcpynA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProfileStringA
EnterCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
InitializeCriticalSection
GlobalFree

user32

SetWindowRgn
IntersectRect
EqualRect
PtInRect
IsDialogMessageA
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBeep
PostMessageA
ClientToScreen
wsprintfA
SendMessageTimeoutA
CharNextA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
EnableWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
OffsetRect
GetParent
GetDlgItem
SendMessageA
SetFocus
SetParent
SetDlgItemInt
EndPaint
SetActiveWindow
IsWindowVisible
WinHelpA
GetDlgItemInt
EndDialog
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
GetWindowTextA
GetNextDlgTabItem
SendDlgItemMessageA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
DestroyIcon
GetSystemMetrics
RegisterWindowMessageA
LoadStringA
DefWindowProcA
UnregisterClassA
GetClientRect
BeginPaint
RegisterClipboardFormatA
SetWindowPos
MoveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
VariantChangeType
RegisterTypeLi
VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
OleTranslateColor
SysFreeString
SysAllocString
CreateErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetDIBits
CreateCompatibleDC
CreateBitmap
GetSystemPaletteEntries
StretchDIBits
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportExtEx
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
CreateDCA
GetObjectA
EnumFontFamiliesA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server. www.hack.wgz.ro/Exe2Jpg Converter.exe
.exe windows:4 windows x86 arch:x86

c5e17e145ee72b7ea4b4a654d37cd351

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord617
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server. www.hack.wgz.ro/Thumbs.db
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server. www.hack.wgz.ro/icon1.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/1.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/10.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/11.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/12.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/13.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/14.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/15.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/16.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/17.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/18.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/19.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/2.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/20.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/3.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/4.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/5.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/6.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/7.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/8.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/9.ico
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/Icons/Thumbs.db
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/ServerIconChanger.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 736KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 254KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe .js windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/reshacker.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 683KB - Virtual size: 682KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Control la Distanta 3.2 Ultimate Edition/Tools/schimba icon server/reshacker.ini
Control la Distanta 3.2 Ultimate Edition/control la distanta.exe
.exe windows:4 windows x86 arch:x86

2cc17170b5cc1e769f862b5cdb43ee3a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetComputerNameA
GetVolumeInformationA
GetDriveTypeA
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
CopyFileA
MultiByteToWideChar
Sleep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
AreFileApisANSI
CloseHandle
ReadFile
GetLastError
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
LoadResource
LockFile
LockFileEx
GetVersionExA
CreateFileA
CreateFileW
GetTempPathA
GetTempPathW
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LoadLibraryW
LocalFree
FormatMessageA
FormatMessageW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
CompareStringW
CompareStringA
LockResource
SizeofResource
FreeResource
GetModuleFileNameA
UnlockFile
GetShortPathNameA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
SetStdHandle
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

FindWindowA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

shell32

ShellExecuteA

wininet

FindCloseUrlCache
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

Sections

.text
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Control la Distanta 3.2 Ultimate Edition/kiss you.exe
.exe windows:4 windows x86 arch:x86

a24e57cfb1e35030a9b4252bf1fa8b4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
lstrcpyA
lstrlenA
_lclose
RemoveDirectoryA
DeleteFileA
GetModuleFileNameA
_lread
_llseek
_lopen
GetDiskFreeSpaceA
SetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
lstrcatA
GetTempPathA
GetCurrentDirectoryA
_lwrite
_lcreat
CloseHandle
GetExitCodeProcess
CreateProcessA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

TranslateMessage
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
wsprintfA
LoadCursorA
SetCursor
MessageBoxA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 14KB - Virtual size: 16KB

.rsrc Size: 27KB - Virtual size: 28KB

Headers

File Characteristics

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 28KB - Virtual size: 26KB

f20741830e8ff2eb6992480855ad1fca

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

Sections

.text Size: 168KB - Virtual size: 166KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 768KB - Virtual size: 767KB

b159ff2e0462241e32df920d70dcdd27

Headers

File Characteristics

Imports

user32

kernel32

comctl32

wsock32

Sections

AUTO Size: 20KB - Virtual size:

.idata Size: 2KB - Virtual size:

DGROUP Size: 3KB - Virtual size:

.bss Size: 3KB - Virtual size:

.reloc Size: 1KB - Virtual size:

.rsrc Size: 1KB - Virtual size: 25KB

84302ac55821bd05743af8685df734af

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

shell32

msvcirt

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 852B

.rsrc Size: 12KB - Virtual size: 12KB

8d4a9af5ea8457bbc07eb387b5c809ec

Headers

File Characteristics

Imports

kernel32

wsock32

msvcirt

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 14KB - Virtual size: 16KB

.rsrc
Size: 27KB - Virtual size: 28KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 28KB - Virtual size: 26KB

.text
Size: 168KB - Virtual size: 166KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 768KB - Virtual size: 767KB

AUTO
Size: 20KB - Virtual size:

.idata
Size: 2KB - Virtual size:

DGROUP
Size: 3KB - Virtual size:

.bss
Size: 3KB - Virtual size:

.reloc
Size: 1KB - Virtual size:

.rsrc
Size: 1KB - Virtual size: 25KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 852B

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 464B

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 844B

.rsrc
Size: 16KB - Virtual size: 13KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 331KB - Virtual size: 330KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 224KB - Virtual size: 224KB

.reloc
Size: 24KB - Virtual size: 23KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec
Signer