8547977480[.]zip

Resubmissions

15-11-2024 18:05

241115-wpjcdsxrdy 10

11-11-2024 21:40

241111-1h6xbsxcql 10

03-12-2022 17:54

221203-wg4ncscc33 10

Sharing

Copy URL

Twitter E-mail

General

Target

8547977480.zip
Size

34.2MB
MD5

2d80845d65f702b4c692e75b67f04b7a
SHA1

3aecbf1263d599dc24fe3c92bcad4c41e23bc955
SHA256

649c75d99b6d8e237d8a8d0142796fcbfa7381674628201f474b58039144ec2a
SHA512

9e2e77b037b815b660403aa9edfe9911301aed7fdd056a3a8b5ac7c229ff25b723acfc41d1d2d59aa8e0268564bce3d854dd9dae3e49917c4b294c1b08a695b6
SSDEEP

786432:dSwjjNxcsSEy6TYX9I9g56wCjlup1pGmlECm9S6N6zZ0cESSNU:dSUN+s81gwC+1pG4WS6Y0cNSe

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231	vmprotect

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231
unpack001/34dba85bb25c6589d0a5befe607e52b82a740402b92dbb5989797a523fb7561a
unpack001/463d0b090396ffa05d579521256e421080a955415554feebe490482551eb08ea
unpack001/4bcf45bde8ef34c0afeea288098cf34da11c2748eead6cf4752db1a4a2e79c39
unpack001/5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce
unpack001/85b73b7b3c9acc6648beb77ce878ebeea26a2a949bf17c3184f2bd4544d12b45
unpack001/8eb41b097a51665e2a51b7d055260ea06b5224123450a147080de0a0ebcb4fff
unpack001/932380926bc6bffcdf0bc446af37d140ce22426f651679e3b7d1c8fea83d14ef
unpack001/9d8729b9ca0547bf3679e88b9c2c5ae941fcfe67dfd7dfc598cb304d6624ddde
unpack001/9e147a3bb22a10fe3f032dda125b871c7892065a68acd85de372e4622ec2a753
unpack001/bccfdc8e1ac04a684732b0011d6b512118d3b6fb5a249803cd2e87427a965296
unpack001/bf5a9bb619ac4bdad9a043f41b3980bf442f3965564ce612ced3cb2352311fd7
unpack001/d0017384df7b41aba785a35c92082d1460af89204cfae22e6173eaebe16b270a
unpack001/d72aa8fe30b132afe13a9be90142550b530d9687aff41954bbd3503115f37489
unpack001/fa622e0a4d023232f16015c8af2f464933217ab600d91ccdaf0099db232c8b52
unpack001/fd5b0792ea3837a3eb0b86a47e08d4ec52dda7f1fbe677326fbe31ac534d7340

Files

8547977480.zip
.zip

Password: infected
233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231
.exe windows:6 windows x64 arch:x64

Password: infected

f4f3033dc6d082dab79624f81575aceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapCreate
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

shell32

SHGetFolderPathW

winhttp

WinHttpQueryHeaders

crypt32

CryptUnprotectData

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
2d8ea1230d6d994febd35edec21f298efe7e1a2a6f75d00a691035980f30a5aa
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:24

Not After

02-12-2021 21:24

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:ac:82:f3:75:db:aa:df:6d:b4:fc:0d:53:38:06:c2:1c:02:a2:df:6c:d6:39:79:7c:8a:06:a2:26:5b:cb:44
Signer

Actual PE Digest

5e:ac:82:f3:75:db:aa:df:6d:b4:fc:0d:53:38:06:c2:1c:02:a2:df:6c:d6:39:79:7c:8a:06:a2:26:5b:cb:44

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 680KB - Virtual size: 679KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
34dba85bb25c6589d0a5befe607e52b82a740402b92dbb5989797a523fb7561a
.exe windows:10 windows x64 arch:x64

Password: infected

4cea7ae85c87ddc7295d39ff9cda31d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
LoadLibraryExA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
WaitForSingleObject
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
ExpandEnvironmentStringsA
LocalAlloc
lstrcmpA
FindNextFileA
GetCurrentProcess
FindFirstFileA
GetModuleFileNameA
GetShortPathNameA
Sleep
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
GetDiskFreeSpaceA
MulDiv
FindClose

gdi32

GetDeviceCaps

user32

ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetSystemMetrics
CallWindowProcA
SetWindowTextA
MessageBoxA
SendDlgItemMessageA
SendMessageA
GetDlgItem
DialogBoxIndirectParamA
GetWindowLongPtrA
SetWindowLongPtrA
SetForegroundWindow
ReleaseDC
EnableWindow
CharNextA
LoadStringA
CharPrevA
EndDialog
MessageBeep
ExitWindowsEx
SetDlgItemTextA
CharUpperA
GetDesktopWindow
PeekMessageA
GetDlgItemTextA

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
memset
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
memcpy_s
_vsnprintf
_initterm
memcpy

comctl32

ord17

cabinet

ord20
ord21
ord23
ord22

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
463d0b090396ffa05d579521256e421080a955415554feebe490482551eb08ea
.exe windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4bcf45bde8ef34c0afeea288098cf34da11c2748eead6cf4752db1a4a2e79c39
.exe windows:6 windows x86 arch:x86

Password: infected

65630e32ca19e44a53e696246bd1cada

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Администратор\Downloads\Documents\zjmo3z\main.pdb

Imports

kernel32

VirtualProtect
GetSystemInfo
FormatMessageA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LocalFree
MultiByteToWideChar
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFileW
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetCurrentThread
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
SetConsoleCtrlHandler
HeapReAlloc
GetTimeZoneInformation
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW

Sections

.text
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6babc5b52d59c0b41e526f06b9e751aeef7ad6fc8b9eef5f56f95d4e3cded853
.dll windows:6 windows x86 arch:x86

Password: infected

08081e94274fa8ff1192d4e625587531

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:13:8f:81:f4:02:79:e8:ef:2e:91:a6:6d:ac:09:1b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-09-2021 00:00

Not After

08-10-2024 23:59

Subject

CN=Box\, Inc.,O=Box\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:61:85:8f:de:8b:6f:0a:c2:ae:3f:d2:97:6c:6a:4f:7a:cc:25:58:ed:b9:ac:88:ea:65:91:6f:ed:12:68:35
Signer

Actual PE Digest

4b:61:85:8f:de:8b:6f:0a:c2:ae:3f:d2:97:6c:6a:4f:7a:cc:25:58:ed:b9:ac:88:ea:65:91:6f:ed:12:68:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\BfD-Postpush-Build\label\desk-w1064-py3-large\bfd\shell\win\Release\BoxShellExt32.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

propsys

VariantToPropVariant

uxtheme

BeginBufferedPaint
EndBufferedPaint

kernel32

GetEnvironmentStringsW
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
WideCharToMultiByte
LocalFree
FormatMessageW
FormatMessageA
CreateEventA
SetEvent
CreateEventW
GetLastError
FindFirstChangeNotificationW
FindCloseChangeNotification
WaitForMultipleObjects
FindNextChangeNotification
ReleaseSRWLockShared
AcquireSRWLockShared
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RaiseException
InitializeCriticalSectionEx
FindClose
FindFirstFileW
FindNextFileW
InitializeSRWLock
GetProcAddress
GetModuleHandleW
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
ReleaseSemaphore
WaitForSingleObjectEx
UnregisterWaitEx
UnregisterWait
FreeEnvironmentStringsW
RegisterWaitForSingleObject
ReadFile
ProcessIdToSessionId
GetCurrentProcessId
CancelIoEx
Sleep
CompareStringOrdinal
DeviceIoControl
CreateFileW
GetSystemTimeAsFileTime
GetModuleFileNameW
QueueUserWorkItem
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentThreadId
WaitNamedPipeA
WriteFile
CreateFileA
CancelIo
InitializeCriticalSection
WaitForSingleObject
InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList
ConnectNamedPipe
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibraryAndExitThread
GetCommandLineW
GetCommandLineA
GetOEMCP
FindNextFileA
FindFirstFileExW
FindFirstFileExA
HeapSize
HeapReAlloc
SetConsoleCtrlHandler
ReadConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetEnvironmentVariableA
LoadLibraryExW
SetEnvironmentVariableW
GetVersionExW
WriteConsoleW
OutputDebugStringA
GetOverlappedResult
RtlCaptureStackBackTrace
FreeLibrary
GetThreadTimes
GetCurrentThread
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
VirtualAlloc
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
GetStartupInfoW
IsProcessorFeaturePresent
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ExitThread
GetTimeZoneInformation
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
FoldStringW
EnumSystemLocalesA
GetFileType
SetStdHandle
RtlUnwind
LoadLibraryW
CreateTimerQueue
QueryDepthSList
InterlockedFlushSList
SetProcessAffinityMask
VirtualFree
VirtualProtect
IsDebuggerPresent
OutputDebugStringW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileTime
GetWindowsDirectoryW
CreateDirectoryExW
CopyFileW
MoveFileExW
AreFileApisANSI
MultiByteToWideChar
TryEnterCriticalSection
GetStringTypeW
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
GetSystemInfo
GetLogicalProcessorInformation
GetModuleHandleA
CreateWaitableTimerA
GetLocaleInfoA
IsValidCodePage
IsDBCSLeadByteEx

user32

InsertMenuItemW
GetClipboardFormatNameW
UnregisterClassW
RemoveMenu
GetMenuItemCount
DestroyIcon
GetDC
ReleaseDC
RegisterClipboardFormatW
GetSystemMetrics
LoadImageW
DrawIconEx
GetMenuItemInfoW
InsertMenuW
CreatePopupMenu

gdi32

CreateDIBSection
DeleteObject
SelectObject

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHCreateItemWithParent
SHBindToObject
ord256
SHGetIconOverlayIndexW
SHGetFileInfoW
ord25
SHBindToFolderIDListParent
ord19
ord155
SHCreateDefaultContextMenu
AssocCreateForClasses
SHBindToParent
SHGetKnownFolderPath
ord18
SHParseDisplayName

ole32

CoTaskMemAlloc
CreateBindCtx
StringFromCLSID
ReleaseStgMedium
CoCreateInstance
CoTaskMemFree

oleaut32

VariantInit
VariantClear
VariantChangeType
SysFreeString

shlwapi

ord12
PathRelativePathToW
StrRetToStrW

ws2_32

ntohl
htons
htonl
ntohs

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 530KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
85b73b7b3c9acc6648beb77ce878ebeea26a2a949bf17c3184f2bd4544d12b45
.exe windows:6 windows x86 arch:x86

Password: infected

67b2adb2c47b75a771e225f44bf71bb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

CreateServiceA

shell32

SHGetSpecialFolderPathA

setupapi

SetupDiGetClassDevsA

wtsapi32

WTSSendMessageW

user32

MessageBoxW

Sections

.MPRESS1
Size: 4.4MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8eb41b097a51665e2a51b7d055260ea06b5224123450a147080de0a0ebcb4fff
.exe windows:4 windows x86 arch:x86

3786a4cf8bfee8b4821db03449141df4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
SysAllocString

user32

SendMessageA
SetTimer
DialogBoxParamW
DialogBoxParamA
SetWindowLongA
GetWindowLongA
SetWindowTextW
LoadIconA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
DestroyWindow
EndDialog
PostMessageA
ShowWindow
MessageBoxW
GetDlgItem
KillTimer
SetWindowTextA

shell32

ShellExecuteExA

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
TlsAlloc
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject
CloseHandle
CreateProcessA
SetCurrentDirectoryA
GetCommandLineW
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
GetTempPathA
GetTempFileNameA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetStdHandle
WaitForMultipleObjects
Sleep
VirtualAlloc
VirtualFree
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
932380926bc6bffcdf0bc446af37d140ce22426f651679e3b7d1c8fea83d14ef
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9d8729b9ca0547bf3679e88b9c2c5ae941fcfe67dfd7dfc598cb304d6624ddde
.exe windows:4 windows x86 arch:x86

3786a4cf8bfee8b4821db03449141df4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
SysAllocString

user32

SendMessageA
SetTimer
DialogBoxParamW
DialogBoxParamA
SetWindowLongA
GetWindowLongA
SetWindowTextW
LoadIconA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
DestroyWindow
EndDialog
PostMessageA
ShowWindow
MessageBoxW
GetDlgItem
KillTimer
SetWindowTextA

shell32

ShellExecuteExA

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
TlsAlloc
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject
CloseHandle
CreateProcessA
SetCurrentDirectoryA
GetCommandLineW
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
GetTempPathA
GetTempFileNameA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetStdHandle
WaitForMultipleObjects
Sleep
VirtualAlloc
VirtualFree
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9e147a3bb22a10fe3f032dda125b871c7892065a68acd85de372e4622ec2a753
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bccfdc8e1ac04a684732b0011d6b512118d3b6fb5a249803cd2e87427a965296
.exe windows:5 windows x86 arch:x86

ae9f6a32bb8b03dce37903edbc855ba1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileTime
CloseHandle
CreateFileW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
WaitForSingleObject
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwind
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bf5a9bb619ac4bdad9a043f41b3980bf442f3965564ce612ced3cb2352311fd7
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d0017384df7b41aba785a35c92082d1460af89204cfae22e6173eaebe16b270a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d72aa8fe30b132afe13a9be90142550b530d9687aff41954bbd3503115f37489
.exe windows:5 windows x86 arch:x86

bf52931198d3e5b9c8012529ed70ad5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
MultiByteToWideChar
GetLastError
LoadLibraryA
lstrcatW
RaiseException
DecodePointer
GetProcAddress
DeleteCriticalSection
CreateFileW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
CloseHandle
GetFileType
GetProcessHeap
SetEnvironmentVariableW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

wsprintfW
FindWindowA

oleaut32

SafeArrayGetDim
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
SafeArrayAccessData
VariantClear
GetErrorInfo

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fa622e0a4d023232f16015c8af2f464933217ab600d91ccdaf0099db232c8b52
.exe windows:6 windows x86 arch:x86

9985eabc669dffd70480f5c63129ffa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidCodePage
HeapSize
GetCurrentThreadId
AreFileApisANSI
ExitProcess
GetProcessHeap
IsDebuggerPresent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetProcAddress
GetACP
TlsSetValue
Sleep
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwind
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
GetLastError
DecodePointer
EncodePointer
WideCharToMultiByte
GetStdHandle
GetFileType
WriteFile
QueryPerformanceCounter
GetEnvironmentStringsW
GetConsoleMode
ReadFile
SetFilePointerEx
LoadLibraryExW
OutputDebugStringW
SetStdHandle
WriteConsoleW
FlushFileBuffers
MultiByteToWideChar
MulDiv
InitializeCriticalSectionAndSpinCount
HeapFree
LocalFree
GetCurrentProcessId
GetVersionExA
SetEndOfFile
DeleteCriticalSection
GetStringTypeW
SetEnvironmentVariableA
UnhandledExceptionFilter
SetLastError
IsDBCSLeadByteEx
FindFirstFileA
SetCurrentDirectoryA
GetSystemDirectoryA
GetModuleFileNameW
LeaveCriticalSection
GlobalAlloc
GetCommandLineA
ReadConsoleW
GetCurrentThread
GlobalLock
GetModuleHandleExW
InitializeSListHead
WaitNamedPipeA
GetCommState
GetCPInfo
CreateThread
GetSystemTime
GetOEMCP
GetModuleFileNameA
RaiseException
CreateFileW
SetCommState
GetModuleHandleW
GetCommandLineW
DeleteFileA
TlsFree
CloseHandle
TlsAlloc
FreeEnvironmentStringsW
GetLocalTime
EnterCriticalSection
CreateNamedPipeA
CompareStringW
GetEnvironmentVariableA
TerminateProcess
Beep
GetTimeFormatW
GetConsoleCP
ClearCommBreak
GetTickCount
SetCommBreak
GetCurrentProcess
GetStartupInfoW
TlsGetValue

user32

EndPaint
SetCursor
DeleteMenu
CreateAcceleratorTableW
WaitMessage
DrawFocusRect
LoadAcceleratorsW
OffsetRect
GetKeyboardLayout
InvalidateRect
PeekMessageA
ValidateRgn
ToAsciiEx
ScreenToClient
DestroyWindow
MapDialogRect
SetFocus
DrawEdge
ShowCaret
GetDoubleClickTime
InsertMenuItemW
CreateIconIndirect
IsDialogMessageW
SetPropA
BringWindowToTop
GetWindowLongA
ToUnicode
DefWindowProcA
DestroyCaret
AppendMenuA
CreateCaret
FindWindowExW
ReleaseCapture
ScrollWindowEx
UpdateWindow
DestroyMenu
DialogBoxParamA
SetWindowPlacement
SetCapture
KillTimer
LoadIconA
SetScrollRange
GetCapture
SetWindowLongA
EnableMenuItem
DestroyCursor
ShowWindow
IsDlgButtonChecked
EnableScrollBar
InsertMenuA
AdjustWindowRect
DestroyAcceleratorTable
GetSystemMenu
SetTimer
IsIconic
ChangeDisplaySettingsW
SetParent
BeginPaint
UnionRect
AppendMenuW
CreateWindowExA
SetScrollPos
ReleaseDC
GetDlgItem
ScrollWindow
SetWindowsHookExA
FlashWindow
DispatchMessageA
DefDlgProcA
RegisterClassW
SetCaretPos
RegisterClassA
IsRectEmpty

gdi32

CreateBitmapIndirect
GetCharWidth32A
GetTextExtentPointA
GetTextMetricsA
RectVisible
GetObjectA
CreateEnhMetaFileW
CreateICW
RestoreDC
EnumFontsA
SetLayout
Arc
SetViewportOrgEx
GetCharWidthW
Polygon
GetRgnBox
GetCharWidth32W
GetBkColor
GetCurrentPositionEx
EnumFontFamiliesA
IntersectClipRect
GetDeviceCaps
SetDIBColorTable
CopyEnhMetaFileA
SelectObject
SetPolyFillMode
RectInRegion
Ellipse
GetTextExtentPointW
GetTextExtentExPointA
SetROP2
RoundRect
SetWinMetaFileBits
EqualRgn
GetCharacterPlacementW
SetTextColor
SetWindowExtEx
PatBlt
BitBlt
ExtCreatePen
PtInRegion
StretchBlt
TextOutA
GetPixel
GetClipBox
GetCharABCWidthsW
StretchDIBits
RealizePalette
GetWindowOrgEx
MoveToEx
SaveDC
GetCharWidthA
PlayEnhMetaFile
DeleteObject
CreatePalette
GetEnhMetaFileHeader
CreateHalftonePalette
GetWinMetaFileBits
CreateFontIndirectA
CreateCompatibleDC
CreateHatchBrush
CreateDIBSection

advapi32

AllocateAndInitializeSid
RegDeleteValueA
SetSecurityDescriptorDacl
RegQueryValueExA
RegCreateKeyA
GetLengthSid
GetUserNameA
SetSecurityDescriptorOwner
RegCreateKeyExA
RegEnumKeyA

shell32

CommandLineToArgvW

Sections

.text
Size: 983KB - Virtual size: 983KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5.8MB - Virtual size: 21.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fd5b0792ea3837a3eb0b86a47e08d4ec52dda7f1fbe677326fbe31ac534d7340
.exe windows:5 windows x86 arch:x86

f86972b0b9fc89569bd497bebfd6a497

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bub-gakuleliyi98\lafacures 82_cucoci\17\c.pdb

Imports

kernel32

MoveFileExA
IsBadHugeReadPtr
SetEndOfFile
FindResourceExW
GetConsoleAliasExesLengthA
GetConsoleAliasA
InterlockedDecrement
HeapFree
SetVolumeMountPointW
SetThreadExecutionState
GetSystemDefaultLCID
ConvertFiberToThread
WaitNamedPipeW
SetCommTimeouts
EnumResourceTypesA
GlobalAlloc
SetFileShortNameW
LoadLibraryW
ReadConsoleInputA
GetFileAttributesA
DnsHostnameToComputerNameW
GetFileAttributesW
SetTimeZoneInformation
WriteConsoleW
GetGeoInfoA
GetBinaryTypeW
LCMapStringA
GetCPInfoExW
TlsGetValue
GetLastError
GetProcAddress
VirtualAlloc
SetComputerNameA
GlobalGetAtomNameA
LoadLibraryA
WriteConsoleA
LocalAlloc
GetFileType
WritePrivateProfileStringA
CreateEventW
AddAtomA
FoldStringA
FindNextFileA
SetConsoleCursorInfo
GetModuleHandleA
FindFirstChangeNotificationA
CreateMutexA
FindNextFileW
VirtualProtect
GetFileAttributesExW
SetFileShortNameA
GetVersion
SetFileValidData
EnumCalendarInfoExA
SetFileAttributesW
IsBadStringPtrW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapAlloc
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
DeleteCriticalSection
SetFilePointer
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
ReadFile
CloseHandle
CreateFileA
InitializeCriticalSectionAndSpinCount
SetStdHandle
FlushFileBuffers
HeapSize
GetConsoleOutputCP
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetProcessHeap

advapi32

DeregisterEventSource

ole32

OleQueryLinkFromData

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f4f3033dc6d082dab79624f81575aceb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

winhttp

crypt32

user32

Sections

.text Size: - Virtual size: 897KB

.rdata Size: - Virtual size: 228KB

.data Size: - Virtual size: 38KB

.pdata Size: - Virtual size: 33KB

_RDATA Size: - Virtual size: 148B

.vmp0 Size: - Virtual size: 1.4MB

.vmp1 Size: 3.5MB - Virtual size: 3.5MB

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:dfCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

5e:ac:82:f3:75:db:aa:df:6d:b4:fc:0d:53:38:06:c2:1c:02:a2:df:6c:d6:39:79:7c:8a:06:a2:26:5b:cb:44Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 89KB - Virtual size: 88KB

.rsrc Size: 680KB - Virtual size: 679KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

4cea7ae85c87ddc7295d39ff9cda31d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

cabinet

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 7KB

.pdata Size: 1024B - Virtual size: 1020B

.rsrc Size: 173KB - Virtual size: 173KB

.reloc Size: 512B - Virtual size: 32B

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 6KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

Password: infected

65630e32ca19e44a53e696246bd1cada

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: - Virtual size: 897KB

.rdata
Size: - Virtual size: 228KB

.data
Size: - Virtual size: 38KB

.pdata
Size: - Virtual size: 33KB

_RDATA
Size: - Virtual size: 148B

.vmp0
Size: - Virtual size: 1.4MB

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:df
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

5e:ac:82:f3:75:db:aa:df:6d:b4:fc:0d:53:38:06:c2:1c:02:a2:df:6c:d6:39:79:7c:8a:06:a2:26:5b:cb:44
Signer

.text
Size: 89KB - Virtual size: 88KB

.rsrc
Size: 680KB - Virtual size: 679KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 7KB

.pdata
Size: 1024B - Virtual size: 1020B

.rsrc
Size: 173KB - Virtual size: 173KB

.reloc
Size: 512B - Virtual size: 32B

.text
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 470KB - Virtual size: 469KB

.rdata
Size: 85KB - Virtual size: 84KB

.data
Size: 145KB - Virtual size: 151KB

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 160KB - Virtual size: 159KB

.rsrc
Size: 289KB - Virtual size: 289KB

.reloc
Size: 512B - Virtual size: 12B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:13:8f:81:f4:02:79:e8:ef:2e:91:a6:6d:ac:09:1b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

4b:61:85:8f:de:8b:6f:0a:c2:ae:3f:d2:97:6c:6a:4f:7a:cc:25:58:ed:b9:ac:88:ea:65:91:6f:ed:12:68:35
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 530KB - Virtual size: 530KB

.data
Size: 64KB - Virtual size: 73KB

.rsrc
Size: 540KB - Virtual size: 540KB

.reloc
Size: 135KB - Virtual size: 135KB