IP AND PORT SCANNERS BY @ShadowProtocol[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

IP AND PORT SCANNERS BY @ShadowProtocol.zip
Size

3.7MB
MD5

7827b954e20b46203f98cabddf16bd11
SHA1

1efb69584a127459a99e76bc4966211e054ef6c3
SHA256

83f3d5fe00ae81a5d89e451fa46855dee2bfc8c4822c89da45e47bade46e4601
SHA512

988e85b06951fc48cc2dc1b3fa796b4f908901f6bd8a72db1bc0ee405ff7fd589c2a96455ec607982ac550f688002912c23b2377c46be9b8ef55b8e73d9e6c7f
SSDEEP

49152:1OYHNaxSfBwpg+R9CeBWOR0+/lnrpCpJeLjCOi1xhR1il6JeJHEYKkXeZKWHqNjx:V9BU9CwDdnrpAJeZidDiGRGlgCE8E/s

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/IP AND PORT SCANNERS/BluesPortScan.exe	aspack_v212_v242

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/IP AND PORT SCANNERS/IP2.exe	upx
static1/unpack001/IP AND PORT SCANNERS/MooreR Port Scanner.exe	upx

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IP AND PORT SCANNERS/Advanced Portscanner/Advanced Port Scanner.exe
unpack001/IP AND PORT SCANNERS/Advanced Portscanner/pscan13.exe
unpack001/IP AND PORT SCANNERS/Advanced Portscanner/uninstal.exe
unpack001/IP AND PORT SCANNERS/BluesPortScan.exe
unpack001/IP AND PORT SCANNERS/IP2.exe
unpack006/out.upx
unpack001/IP AND PORT SCANNERS/Ip-Port Tools/Abalams IP Tracer.exe
unpack001/IP AND PORT SCANNERS/Ip-Port Tools/Abalams ISP Tracer 3.0.exe
unpack001/IP AND PORT SCANNERS/Ip-Port Tools/CloudFlare Resolver [Hackerpunk1].exe
unpack001/IP AND PORT SCANNERS/Ip-Port Tools/Ip-Tracer.exe
unpack001/IP AND PORT SCANNERS/Ip-Port Tools/Swags Website IP Gabber.exe
unpack001/IP AND PORT SCANNERS/Ip-Port Tools/ip grab.exe
unpack001/IP AND PORT SCANNERS/Ip-Port Tools/pscan13.exe
unpack001/IP AND PORT SCANNERS/Ip-Port Tools/uninstal.exe
unpack001/IP AND PORT SCANNERS/MooreR Port Scanner.exe
unpack001/IP AND PORT SCANNERS/ipscan-win32-3.2.exe

Files

IP AND PORT SCANNERS BY @ShadowProtocol.zip
.zip

Password: @ShadowProtocol
IP AND PORT SCANNERS/Advanced Portscanner/Advanced Port Scanner.chm
.chm
IP AND PORT SCANNERS/Advanced Portscanner/Advanced Port Scanner.exe
.exe windows:4 windows x86 arch:x86

Password: @ShadowProtocol

618b48fbfd7ee9cd19dcb125b5a3fde9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetEndOfFile
SetStdHandle
FlushFileBuffers
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetTimeZoneInformation
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetOEMCP
GetACP
FindResourceA
HeapSize
HeapReAlloc
SetLastError
TlsAlloc
CreateFileA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
ReadFile
WriteFile
RaiseException
GetCommandLineA
GetStartupInfoA
ExitThread
TlsGetValue
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
HeapFree
HeapAlloc
RtlUnwind
LoadResource
LockResource
VirtualAlloc
VirtualFree
SetThreadPriority
ResumeThread
MulDiv
WideCharToMultiByte
GetLastError
GetVersion
MultiByteToWideChar
InterlockedExchange
GetVersionExA
SetEvent
CreateEventA
InterlockedIncrement
InterlockedDecrement
Sleep
CloseHandle
InitializeCriticalSection
CreateThread
IsBadStringPtrA
GetTickCount
WaitForSingleObject
ReleaseSemaphore
GetModuleHandleA
GetModuleFileNameA
CreateSemaphoreA
LoadLibraryA
GetProcAddress
FreeLibrary
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCPInfo

user32

BeginPaint
ScreenToClient
EndPaint
LoadBitmapA
GetParent
EnumChildWindows
GetDesktopWindow
SetWindowPos
GetSystemMetrics
DrawTextA
LoadStringA
MessageBoxA
PtInRect
GetWindowRect
SendMessageA
DestroyWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
EnableWindow
UpdateWindow
ShowWindow
CreateDialogParamA
GetPropA
SetPropA
RemovePropA
IsWindow
SetFocus
GetDlgItem
SendDlgItemMessageA
InvalidateRect
SetDlgItemTextA
GetSysColor
GetClientRect
GetWindowLongA
GetWindowTextA
SetCapture
ClientToScreen
SetCursor
ReleaseCapture
GetClassInfoA
GetClassNameA
RegisterClassExA
RegisterClassA
CreateWindowExA
UnregisterClassW
UnregisterClassA
IsWindowUnicode
DefWindowProcW
DefWindowProcA
LoadCursorA
EnumDisplaySettingsA
GetDlgItemTextA
LoadImageA
MapDialogRect
SetWindowTextA
GetAsyncKeyState
GetFocus
GetCursorPos
SetRectEmpty
CopyRect
SetRect
MoveWindow
SetWindowLongA
LoadIconA
DestroyIcon

gdi32

LineTo
DeleteDC
CreateCompatibleDC
GetStockObject
SelectObject
SetPolyFillMode
GetDeviceCaps
CreateFontA
DeleteObject
MoveToEx
CreatePen
GetObjectA
SetBkColor
SetTextColor
GetTextExtentPoint32A
CreateFontIndirectA
BitBlt

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegEnumValueA
RegEnumKeyA
OpenSCManagerA
EnumServicesStatusA
RegConnectRegistryA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteA

comctl32

ImageList_AddMasked
ImageList_Destroy
InitCommonControlsEx
ImageList_LoadImageA
ImageList_Create
ord17

winmm

timeSetEvent
timeKillEvent

mpr

WNetAddConnection2A
WNetCancelConnection2A
WNetOpenEnumA
WNetEnumResourceA

ws2_32

gethostname
gethostbyname
ioctlsocket
connect
WSAStartup
setsockopt
inet_ntoa
socket
WSAGetLastError
bind
htons
sendto
select
recvfrom
closesocket
gethostbyaddr

Sections

.text
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Advanced Portscanner/html.tpl
IP AND PORT SCANNERS/Advanced Portscanner/pscan13.exe
.exe windows:4 windows x86 arch:x86

Password: @ShadowProtocol

a3cd138f09c17f81fb64526d63cb2df6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
ExitProcess
DeleteFileA
FreeLibrary
lstrcpyA
GetProcAddress
LoadLibraryA
VirtualFree
CloseHandle
WriteFile
GetWindowsDirectoryA
CreateFileA
lstrcatA
CompareStringA
GetCurrentDirectoryA
lstrlenA
ReadFile
SetFilePointer
VirtualAlloc
GetModuleFileNameA
InterlockedIncrement
GetModuleHandleA

user32

SetCursor
LoadCursorA
wsprintfA
ShowWindow
FindWindowA
MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Advanced Portscanner/uninstal.exe
.exe windows:4 windows x86 arch:x86

Password: @ShadowProtocol

288ade89447ba4759a6a1afe847c600d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
ExitProcess
VirtualAlloc
GetFileSize
CreateFileA
ReadFile
GetCommandLineA
SetCurrentDirectoryA
ResumeThread
SetThreadPriority
CreateProcessA
CloseHandle
WriteFile
GetCurrentDirectoryA
OpenMutexA
FindClose
FindFirstFileA
lstrcpyA
lstrcpynA
lstrcatA
GetShortPathNameA
GetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
Sleep
DeleteFileA
SetFileAttributesA
FindNextFileA
RemoveDirectoryA
CopyFileA
SetFilePointer
GetWindowsDirectoryA
GetTempPathA
CompareStringA
InterlockedIncrement
GetModuleHandleA
MultiByteToWideChar
SetErrorMode
LoadLibraryExA
GetLastError
GetProcAddress
lstrlenA
FreeLibrary
LoadLibraryA
WaitForSingleObject
GetModuleFileNameA

user32

GetWindowLongA
LoadIconA
SetClassLongA
SendMessageA
EndDialog
DialogBoxParamA
ShowWindow
SetWindowPos
PostMessageA
SetDlgItemTextA
FindWindowA
EnumWindows
GetWindowTextA
wvsprintfA
MessageBoxA
wsprintfA
SetWindowTextA
GetWindowRect
GetDlgItem
EnableWindow
SendDlgItemMessageA

gdi32

RemoveFontResourceA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA

shell32

SHChangeNotify

ole32

OleInitialize
OleUninitialize

oleaut32

LoadTypeLi
UnRegisterTypeLi

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Advanced Portscanner/uninstal.ini
IP AND PORT SCANNERS/Advanced Portscanner/versions.txt
IP AND PORT SCANNERS/BluesPortScan.exe
.exe windows:1 windows x86 arch:x86

Password: @ShadowProtocol

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 126KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bitter
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IP AND PORT SCANNERS/IP2.exe
.exe windows:4 windows x86 arch:x86

Password: @ShadowProtocol

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Ip-Port Tools/Abalams IP Tracer.exe
.exe windows:4 windows x86 arch:x86

Password: @ShadowProtocol

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Cypress\Desktop\Track IP Project\Track IP\obj\x86\Debug\Abalams IP Tracer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Ip-Port Tools/Abalams ISP Tracer 3.0.exe
.exe windows:4 windows x86 arch:x86

Password: @ShadowProtocol

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Abalam\Desktop\Natas IP Tracer\Track IP Project\Track IP\obj\x86\Release\Abalams ISP Tracer 3.0.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Ip-Port Tools/Advanced IP Scanner.lnk
.lnk
IP AND PORT SCANNERS/Ip-Port Tools/Advanced Port Scanner.chm
.chm
IP AND PORT SCANNERS/Ip-Port Tools/CloudFlare Resolver [Hackerpunk1].exe
.exe windows:4 windows x86 arch:x86

Password: @ShadowProtocol

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\documents\visual studio 11\Projects\CloudFlare Resolver [Hackerpunk1]\CloudFlare Resolver [Hackerpunk1]\obj\Debug\CloudFlare Resolver [Hackerpunk1].pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Ip-Port Tools/IP%20Tool.jar
.jar
IP AND PORT SCANNERS/Ip-Port Tools/Ip Tool.jar
.jar
IP AND PORT SCANNERS/Ip-Port Tools/Ip-Tracer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\FulMat\Desktop\Ip-Tracer\Ip-Tracer\obj\x86\Debug\Ip-Tracer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Ip-Port Tools/Port Scanner - log.txt
IP AND PORT SCANNERS/Ip-Port Tools/Swags Website IP Gabber.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\tom\documents\visual studio 2010\Projects\WindowsApplication2\WindowsApplication2\obj\x86\Release\Swags Website IP Gabber.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 187B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Ip-Port Tools/html.tpl
IP AND PORT SCANNERS/Ip-Port Tools/ip grab.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Ip-Port Tools/pscan13.exe
.exe windows:4 windows x86 arch:x86

a3cd138f09c17f81fb64526d63cb2df6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
ExitProcess
DeleteFileA
FreeLibrary
lstrcpyA
GetProcAddress
LoadLibraryA
VirtualFree
CloseHandle
WriteFile
GetWindowsDirectoryA
CreateFileA
lstrcatA
CompareStringA
GetCurrentDirectoryA
lstrlenA
ReadFile
SetFilePointer
VirtualAlloc
GetModuleFileNameA
InterlockedIncrement
GetModuleHandleA

user32

SetCursor
LoadCursorA
wsprintfA
ShowWindow
FindWindowA
MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Ip-Port Tools/uninstal.exe
.exe windows:4 windows x86 arch:x86

288ade89447ba4759a6a1afe847c600d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
ExitProcess
VirtualAlloc
GetFileSize
CreateFileA
ReadFile
GetCommandLineA
SetCurrentDirectoryA
ResumeThread
SetThreadPriority
CreateProcessA
CloseHandle
WriteFile
GetCurrentDirectoryA
OpenMutexA
FindClose
FindFirstFileA
lstrcpyA
lstrcpynA
lstrcatA
GetShortPathNameA
GetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
Sleep
DeleteFileA
SetFileAttributesA
FindNextFileA
RemoveDirectoryA
CopyFileA
SetFilePointer
GetWindowsDirectoryA
GetTempPathA
CompareStringA
InterlockedIncrement
GetModuleHandleA
MultiByteToWideChar
SetErrorMode
LoadLibraryExA
GetLastError
GetProcAddress
lstrlenA
FreeLibrary
LoadLibraryA
WaitForSingleObject
GetModuleFileNameA

user32

GetWindowLongA
LoadIconA
SetClassLongA
SendMessageA
EndDialog
DialogBoxParamA
ShowWindow
SetWindowPos
PostMessageA
SetDlgItemTextA
FindWindowA
EnumWindows
GetWindowTextA
wvsprintfA
MessageBoxA
wsprintfA
SetWindowTextA
GetWindowRect
GetDlgItem
EnableWindow
SendDlgItemMessageA

gdi32

RemoveFontResourceA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA

shell32

SHChangeNotify

ole32

OleInitialize
OleUninitialize

oleaut32

LoadTypeLi
UnRegisterTypeLi

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IP AND PORT SCANNERS/Ip-Port Tools/uninstal.ini
IP AND PORT SCANNERS/Ip-Port Tools/versions.txt
IP AND PORT SCANNERS/MooreR Port Scanner.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 232KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IP AND PORT SCANNERS/ipscan-win32-3.2.exe
.exe windows:4 windows x86 arch:x86

da9a5657bf283ee6a9ff17df5aa8e2b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CopyFileA
CreateMutexA
CreateProcessA
ExitProcess
FindResourceExA
FormatMessageA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalMemoryStatus
LoadResource
LocalFree
LockResource
SetEnvironmentVariableA
SetLastError
SetUnhandledExceptionFilter
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_close
_findclose
_findfirst
_findnext
_iob
_itoa
_mkdir
_onexit
_open
_read
_setmode
_stat
_unlink
atexit
atoi
fclose
fopen
fprintf
fwrite
memset
printf
signal
strcat
strchr
strcmp
strcpy
strlen
strncat
strncpy
strpbrk
strrchr
strstr
strtok

shell32

ShellExecuteA

user32

CreateWindowExA
DispatchMessageA
EnumWindows
FindWindowExA
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
KillTimer
LoadImageA
MessageBoxA
PostQuitMessage
SendMessageA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: @ShadowProtocol

Password: @ShadowProtocol

618b48fbfd7ee9cd19dcb125b5a3fde9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

winmm

mpr

ws2_32

Sections

.text Size: 536KB - Virtual size: 532KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 32KB - Virtual size: 44KB

.rsrc Size: 104KB - Virtual size: 103KB

Password: @ShadowProtocol

a3cd138f09c17f81fb64526d63cb2df6

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 4B

.data Size: 512B - Virtual size: 604B

.idata Size: 1024B - Virtual size: 766B

.Shared Size: 512B - Virtual size: 4B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 434B

Password: @ShadowProtocol

288ade89447ba4759a6a1afe847c600d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 512B - Virtual size: 4B

.data Size: 1024B - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 2KB

.Shared Size: 512B - Virtual size: 4B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

Password: @ShadowProtocol

Headers

File Characteristics

Sections

CODE Size: 126KB - Virtual size: 320KB

DATA Size: 1KB - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 24KB

.rsrc Size: 107KB - Virtual size: 620KB

.bitter Size: 10KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

Password: @ShadowProtocol

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 52KB

.text
Size: 536KB - Virtual size: 532KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 32KB - Virtual size: 44KB

.rsrc
Size: 104KB - Virtual size: 103KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 4B

.data
Size: 512B - Virtual size: 604B

.idata
Size: 1024B - Virtual size: 766B

.Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 434B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 512B - Virtual size: 4B

.data
Size: 1024B - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 2KB

.Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

CODE
Size: 126KB - Virtual size: 320KB

DATA
Size: 1KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 24KB

.rsrc
Size: 107KB - Virtual size: 620KB

.bitter
Size: 10KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 33KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 187KB - Virtual size: 186KB

.sdata
Size: 512B - Virtual size: 139B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 134KB - Virtual size: 133KB

.sdata
Size: 512B - Virtual size: 161B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 231KB - Virtual size: 231KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 151KB - Virtual size: 151KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 406KB - Virtual size: 406KB

.sdata
Size: 512B - Virtual size: 124B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 12B