LCrypt0rX ft other malwares[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

LCrypt0rX ft other malwares.zip
Size

15.8MB
MD5

6bc26f8875381b29892789853672bf21
SHA1

0c8cc75bf3ac346beffed45d6031e2c9f604afc3
SHA256

d89f8d317cf5f8600cc5abe52846f38bf191ecbfb841817696d89d59dbca03c1
SHA512

310a2e51019914549f3d6c79fac88a62030b23090980cd99c38d1dba1c2a435fc995e86294b5e3cade13e7bc712aa128045b056be2316f57e1de9678d0e407ac
SSDEEP

393216:2l1kW5DYllg7yVL4SBJvknuHEoZBvisQIdujd0NIyRw:wkW5Ung+dJMVoZBqZIduCNrm

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/other malware cuz why not/000.exe
unpack001/other malware cuz why not/[email protected]
unpack001/other malware cuz why not/[email protected]
unpack001/other malware cuz why not/[email protected]
unpack001/other malware cuz why not/NoEscape.exe
unpack001/other malware cuz why not/WindowsAcceleratorPro.exe

Files

LCrypt0rX ft other malwares.zip
.zip

Password: VBSFileEncrypt
PASSWORD IS VBSFileEncrypt
PLEASE READ ME.txt
Ransom.Win32.LCrypt0rX.A/LCrypt0rX with shutdown.vbs
.vbs
Ransom.Win32.LCrypt0rX.A/LCrypt0rX.vbs
.vbs
Ransom.Win32.LCrypt0rX.A/sig.vbs
.vbs
Test Files/Godzilla.txt
Test Files/Grocery List.txt
Test Files/Screenshot_2024-11-01-11-20-57-21.jpg
.jpg

Password: VBSFileEncrypt
Test Files/Whopper.txt
Test Files/eggs.txt
Test Files/yes.txt
other malware cuz why not/000.exe
.exe windows:4 windows x86 arch:x86

Password: VBSFileEncrypt

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\FlyTech\Documents\Visual Studio 2015\Projects\Creep\Creep\obj\Debug\000.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
other malware cuz why not/[email protected]
.exe windows:4 windows x86 arch:x86

Password: VBSFileEncrypt

5a2c800e40f7e30fbf38d55c7090d219

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Working Copies\Bundles\Antivirus\Av\release\avt_main.pdb

Imports

kernel32

GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GetThreadLocale
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
GlobalFlags
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
ExitThread
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
TlsGetValue
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
LocalAlloc
InterlockedCompareExchange
WritePrivateProfileStringW
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
FormatMessageW
LocalFree
SuspendThread
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
CreateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MoveFileA
HeapFree
GetProcessHeap
HeapAlloc
FlushFileBuffers
GetVersion
SearchPathA
GetWindowsDirectoryA
lstrcpynA
ResetEvent
SetEvent
WaitForSingleObject
ResumeThread
CreateEventW
Module32NextW
Module32FirstW
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingW
CreateFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
MoveFileExW
GetFileAttributesW
lstrcmpW
FreeLibrary
GetWindowsDirectoryW
GetModuleFileNameA
SetThreadPriority
GetModuleFileNameW
CreateProcessA
GetSystemDirectoryA
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcpyA
GetFileAttributesA
ReadFile
GetFileSize
WriteFile
CreateFileA
MoveFileExA
GetCurrentThread
GetCurrentProcess
GetVersionExW
GlobalLock
GlobalAlloc
SizeofResource
GlobalFree
GlobalUnlock
MulDiv
lstrcpynW
LoadLibraryA
WinExec
lstrcatW
GetModuleHandleA
FreeResource
LockResource
LoadResource
FindResourceW
CreateMutexW
GetCommandLineW
Process32NextW
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiW
lstrcpyW
Process32FirstW
CreateToolhelp32Snapshot
InterlockedExchange
RemoveDirectoryA
GetTempPathA
DeleteFileA
ExpandEnvironmentStringsA
DeleteFileW
ExpandEnvironmentStringsW
lstrcmpiA
FindClose
lstrcmpA
GetVolumeInformationA
GetDriveTypeA
MultiByteToWideChar
lstrlenA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetLogicalDrives
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
WideCharToMultiByte
lstrlenW
ExitProcess
lstrcatA
VirtualProtect
Sleep

user32

GetMessageW
ValidateRect
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
CheckRadioButton
CheckDlgButton
BeginPaint
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
GetKeyState
GetScrollPos
GetMenu
GetMenuItemCount
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
CallWindowProcW
IntersectRect
GetWindowPlacement
DrawEdge
FrameRect
DrawStateW
GetWindowDC
CreateIconIndirect
GetIconInfo
GetWindowThreadProcessId
DrawFocusRect
SetRectEmpty
EnableMenuItem
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
DestroyIcon
DeleteMenu
GetSubMenu
LoadMenuW
RedrawWindow
SetWindowRgn
RegisterWindowMessageW
SendMessageW
UnregisterClassA
EnableWindow
InvalidateRect
GetClientRect
GetSysColorBrush
SetClipboardViewer
CloseClipboard
GetClipboardData
OpenClipboard
LoadBitmapW
IsCharAlphaNumericW
SetFocus
FillRect
SetRect
PostMessageW
GetCursorPos
UpdateWindow
ClientToScreen
GetCaretPos
GetClassNameW
GetFocus
UpdateLayeredWindow
GetWindow
LockSetForegroundWindow
UnregisterClassW
DestroyWindow
RegisterClassExW
DefWindowProcW
CopyIcon
InflateRect
GetSysColor
ScreenToClient
GetMessagePos
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
ReleaseCapture
SetCapture
CharUpperW
CharNextW
PeekMessageW
SetWindowPos
OffsetRect
DestroyMenu
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
GetWindowTextW
WindowFromPoint
SystemParametersInfoA
PostThreadMessageW
GetSystemMetrics
EqualRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadIconW
CreatePopupMenu
AppendMenuW
GetWindowRect
wsprintfW
wsprintfA
SendMessageTimeoutW
EnumWindows
SetForegroundWindow
IsIconic
ShowWindow
GetDesktopWindow
IsWindowEnabled
GetActiveWindow
SetActiveWindow
LoadIconA
DrawIcon
IsWindowVisible
FindWindowA
PtInRect
LoadImageW
GetParent
GetDC
ReleaseDC
GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
LoadCursorW
IsWindow
CopyRect
SystemParametersInfoW
MessageBoxW
GetDlgItem
CreateWindowExW
SetCursor
EndPaint

gdi32

CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
CreateFontW
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
SetDIBits
GetDIBits
CombineRgn
GetPixel
CreateRectRgn
SetBkColor
GetMapMode
SetMapMode
CreateBitmap
DPtoLP
StretchBlt
SetStretchBltMode
GetCurrentObject
CreateDIBSection
DeleteObject
GetTextExtentPoint32W
DeleteDC
GetDeviceCaps
CreateFontIndirectW
BitBlt
SelectObject
CreateCompatibleDC
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

AdjustTokenPrivileges
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyExW
RegEnumKeyExA
RegOpenKeyA
RegEnumKeyA
RegEnumValueA
RegQueryValueW
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
InitiateSystemShutdownW
RegCloseKey
LookupPrivilegeValueW
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegSetValueExA
RegCreateKeyA
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyW
RegEnumValueW
RegDeleteValueW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHEmptyRecycleBinW
SHAddToRecentDocs
ShellExecuteA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
StrStrA
SHDeleteValueW
StrStrIA
StrCmpIW
SHGetValueA
SHDeleteKeyW
StrStrW
StrStrIW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantInit
SysStringLen
OleCreateFontIndirect
SysFreeString
SafeArrayDestroy
VariantCopy
SysAllocString
GetErrorInfo

gdiplus

GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipCreateBitmapFromHBITMAP
GdipSetSmoothingMode
GdipDrawImageRectI
GdipReleaseDC
GdipCreatePen1
GdipDeletePen
GdipDrawLineI

psapi

GetModuleFileNameExW

wininet

InternetConnectW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
FindNextUrlCacheEntryA
InternetReadFile
HttpQueryInfoW
InternetOpenW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle

msvfw32

MCIWndCreateW

wintrust

WinVerifyTrust

Sections

.text
Size: 692KB - Virtual size: 691KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
other malware cuz why not/[email protected]
.exe windows:4 windows x86 arch:x86

Password: VBSFileEncrypt

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
other malware cuz why not/[email protected]
.exe windows:4 windows x86 arch:x86

Password: VBSFileEncrypt

68f013d7437aa653a8a98a05807afeb1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetFileSize
WriteFile
LeaveCriticalSection
EnterCriticalSection
SetFileAttributesW
SetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetFileAttributesA
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
Sleep
OpenMutexA
GetFullPathNameA
CopyFileA
GetModuleFileNameA
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
SetFilePointer
SetFileTime
GetComputerNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
CreateProcessA
CloseHandle
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
FindResourceA

user32

wsprintfA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
CryptReleaseContext
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

msvcrt

realloc
fclose
fwrite
fread
fopen
sprintf
rand
srand
strcpy
memset
strlen
wcscat
wcslen
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
wcsrchr
swprintf
??2@YAPAXI@Z
memcpy
strcmp
strrchr
__p___argv
__p___argc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
other malware cuz why not/NoEscape.exe
.exe windows:6 windows x86 arch:x86

Password: VBSFileEncrypt

f400a8c725e9bcee856360087d72fec3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

netapi32

NetUserAdd

ntdll

RtlGetVersion

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

ShellExecuteW

ole32

CoTaskMemFree

bcrypt

BCryptGenRandom

vcruntime140

wcsstr

api-ms-win-crt-string-l1-1-0

wmemcpy_s

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.MPRESS1
Size: 609KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
other malware cuz why not/WindowsAcceleratorPro.exe
.exe windows:4 windows x86 arch:x86

Password: VBSFileEncrypt

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 239KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 54KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 343KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7676
Size: 377KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
other malware cuz why not/loveletterworm fixed.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

Password: VBSFileEncrypt

Password: VBSFileEncrypt

Password: VBSFileEncrypt

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

Password: VBSFileEncrypt

5a2c800e40f7e30fbf38d55c7090d219

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

psapi

wininet

msvfw32

wintrust

Sections

.text Size: 692KB - Virtual size: 691KB

.rdata Size: 186KB - Virtual size: 186KB

.data Size: 15KB - Virtual size: 34KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

Password: VBSFileEncrypt

Headers

File Characteristics

Sections

CODE Size: 145KB - Virtual size: 145KB

DATA Size: 10KB - Virtual size: 10KB

BSS Size: - Virtual size: 4KB

.idata Size: 6KB - Virtual size: 5KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 289KB - Virtual size: 288KB

Password: VBSFileEncrypt

68f013d7437aa653a8a98a05807afeb1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

Password: VBSFileEncrypt

f400a8c725e9bcee856360087d72fec3

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 6.7MB - Virtual size: 6.7MB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 692KB - Virtual size: 691KB

.rdata
Size: 186KB - Virtual size: 186KB

.data
Size: 15KB - Virtual size: 34KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

CODE
Size: 145KB - Virtual size: 145KB

DATA
Size: 10KB - Virtual size: 10KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 5KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 289KB - Virtual size: 288KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.MPRESS1
Size: 609KB - Virtual size: 1.8MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 343KB - Virtual size: 372KB

7676
Size: 377KB - Virtual size: 380KB

.adata
Size: - Virtual size: 4KB