17-10-2024__20[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

17-10-2024__20.rar
Size

7.5MB
MD5

af0a5688054ac46c39bcb08893fd3271
SHA1

9449d03e29e513b574e0c2c1ce6d7614269fd618
SHA256

2e402d9779e3b3399479a69016a0912d2b5f705f33c2aa98dd2c819ac0829e28
SHA512

3f94010b119c4175e5853c9d72f247affdc06cccc5760ae762ae7c4ade22b28d6d5bac8c50e52345bf3eb698d94363d664b1ef4fba628527ca9eaa0f910a570d
SSDEEP

196608:cihJZXvjXIzcOjPPzt3o9XQwbpJA7gqQFA:BJFvbIzcuPPz2WYLa

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/17-10-2024 #20/Adobe Reader.exe	upx
static1/unpack001/17-10-2024 #20/Flyagent.exe	upx
static1/unpack001/17-10-2024 #20/Zombie.exe	upx

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/17-10-2024 #20/AQW.exe
unpack001/17-10-2024 #20/Adobe Reader.exe
unpack003/out.upx
unpack001/17-10-2024 #20/Barys.exe
unpack001/17-10-2024 #20/Butcher Crypter.exe
unpack001/17-10-2024 #20/Dynamer.exe
unpack001/17-10-2024 #20/Explore.exe
unpack001/17-10-2024 #20/FloodFix.exe
unpack001/17-10-2024 #20/Flyagent.exe
unpack001/17-10-2024 #20/InstallCore.exe
unpack001/17-10-2024 #20/MSRATING.exe
unpack001/17-10-2024 #20/MulDrop.exe
unpack001/17-10-2024 #20/TSULoader.exe
unpack001/17-10-2024 #20/UtilMan.exe
unpack001/17-10-2024 #20/Zombie.exe
unpack001/17-10-2024 #20/app stroe.exe
unpack001/17-10-2024 #20/assemblychange.exe
unpack001/17-10-2024 #20/defOff.exe
unpack001/17-10-2024 #20/my computer.exe
unpack001/17-10-2024 #20/r42s8 (63).exe

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/17-10-2024 #20/r42s8 (63).exe	nsis_installer_1
static1/unpack001/17-10-2024 #20/r42s8 (63).exe	nsis_installer_2

Files

17-10-2024__20.rar
.rar

Password: infected
17-10-2024 #20/AQW.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 316KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17-10-2024 #20/Adobe Reader.exe
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17-10-2024 #20/Barys.exe
.exe windows:5 windows x86 arch:x86

Password: infected

4a15a742e3dc9808a289e2251186f464

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalLock
LocalUnlock
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
RtlUnwind
SetFileAttributesW
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TerminateThread
UnhandledExceptionFilter
LocalFree
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyA
lstrcpyW
lstrcpynW
lstrlenA
lstrlenW
GetWindowsDirectoryW
CreateFileA
LocalAlloc
LoadLibraryW
LoadLibraryA
LCMapStringW
LCMapStringA
IsValidLocale
IsValidCodePage
IsBadReadPtr
InterlockedExchange
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetVersionExW
GetVersionExA
GetUserDefaultLCID
GetTimeFormatW
GetTimeFormatA
GetTickCount
GetTempPathW
GetTempFileNameW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDefaultLCID
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileIntW
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoW
GetLocaleInfoA
GetLastError
GetFullPathNameW
GetFileType
GetFileSize
GetEnvironmentStringsW
GetEnvironmentStrings
GetDateFormatW
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineW
GetCommandLineA
GetCPInfo
AreFileApisANSI
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FormatMessageA
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
ExitProcess
EnumSystemLocalesA
DuplicateHandle
DeleteFileW
DeleteCriticalSection
CreateSemaphoreW
CreateFileW
CreateFileMappingW
CreateEventW
CreateEventA
CompareStringW
CloseHandle
UnmapViewOfFile

user32

SetWindowTextA
SetWindowPos
SetWindowLongW
SetWindowLongA
SetTimer
SetRect
SetForegroundWindow
SetFocus
SetDlgItemTextW
SetCursor
SendMessageW
SendMessageA
SendDlgItemMessageW
ReleaseDC
RegisterWindowMessageW
RegisterWindowMessageA
RegisterClassW
RegisterClassA
RedrawWindow
PostQuitMessage
PostMessageW
PostMessageA
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxW
MapWindowPoints
LoadStringW
LoadStringA
LoadIconA
LoadCursorA
KillTimer
IsWindowVisible
IsWindowEnabled
IsDialogMessageA
InvalidateRect
GetWindowRect
GetWindowLongW
GetWindowLongA
SetWindowTextW
GetThreadDesktop
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetProcessWindowStation
GetParent
GetMessageA
GetFocus
GetDlgItemTextW
GetDlgItem
GetDC
GetClientRect
GetActiveWindow
FindWindowW
FindWindowExW
FindWindowExA
FindWindowA
FillRect
ExitWindowsEx
EndPaint
EndDialog
EnableWindow
DrawTextW
DrawTextA
DrawIconEx
DrawIcon
SetWindowsHookExW
LoadIconW
wsprintfW
WinHelpW
AttachThreadInput
BeginPaint
CallNextHookEx
CallWindowProcW
CharUpperW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefDlgProcA
DefDlgProcW
WinHelpA
UpdateWindow
UnhookWindowsHookEx
TranslateMessage
SystemParametersInfoA
ShowWindow
GetUserObjectInformationW
DrawFocusRect
DrawAnimatedRects
DispatchMessageA
DialogBoxParamW
DestroyWindow
DefWindowProcW
DefWindowProcA
MessageBoxA

gdi32

Rectangle
RestoreDC
SaveDC
SelectObject
PatBlt
SetBkColor
SetTextColor
StretchBlt
TranslateCharsetInfo
OffsetRgn
GetTextMetricsW
GetTextExtentPointA
GetTextExtentPointW
GetTextExtentPoint32W
GetTextExtentPoint32A
GetTextExtentExPointW
GetStockObject
GetRgnBox
GetObjectW
GetObjectA
GetFontData
GetBitmapBits
FillRgn
ExtTextOutW
ExtTextOutA
EnumFontFamiliesW
EnableEUDC
Ellipse
DeleteObject
DeleteDC
CreateSolidBrush
CreatePolygonRgn
CreatePen
CreateFontIndirectW
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
SetBitmapBits
BitBlt

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW

advapi32

RegOpenKeyExA
GetUserNameW
OpenProcessToken
OpenThreadToken
RegCloseKey
RegSetValueExW
RegSetValueExA
RegQueryValueW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyW
RegOpenKeyExW
GetUserNameA
RegEnumValueW
RegEnumKeyW
RegEnumKeyA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExA

shell32

ShellExecuteW
ExtractIconExW
CommandLineToArgvW
ShellAboutW

ole32

StringFromGUID2
CoUninitialize
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoInitialize
CoFreeUnusedLibraries
CoCreateInstance
CLSIDFromString

shlwapi

PathAppendW
PathRemoveFileSpecW
StrCmpW
StrToIntW
PathFindFileNameW
PathQuoteSpacesW

comctl32

ImageList_Draw
ImageList_LoadImageW
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx

msvcrt

__argc
__argv
__dllonexit
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_ftol
_initterm
_onexit
_wcmdln
_wtoi
exit
free
malloc
qsort
strncpy
toupper
wcschr
wcscmp
wcsrchr
wcsstr
wcstok
wcstol
_XcptFilter
__CxxFrameHandler

imm32

ImmAssociateContext
ImmConfigureIMEW
ImmCreateContext
ImmDestroyContext
ImmEnumRegisterWordW
ImmEscapeW
ImmGetCompositionStringW
ImmGetConversionStatus
ImmIsIME
ImmRegisterWordW
ImmSetCompositionStringW
ImmSetConversionStatus

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17-10-2024 #20/Butcher Crypter.exe
.exe windows:4 windows x86 arch:x86

Password: infected

4870b2a06b34732f77b9dfc07e9b0b7c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord588
MethCallEngine
ord516
ord593
ord594
ord595
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord529
ord561
DllFunctionCall
EVENT_SINK_Release
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord713
ord608
ord717
ProcCallEngine
ord644
ord537
ord645
ord570
ord648
ord572
ord573
ord681
ord578
ord685
ord100
ord581

Sections

.text
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17-10-2024 #20/Dynamer.exe
.exe windows:4 windows x86 arch:x86

Password: infected

c87c561c595643ff7cae40277275c63c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
sprintf
_strnicmp
strncmp
strncpy
_strdup
free
memcpy
strlen

kernel32

GetModuleHandleA
HeapCreate
GetProcAddress
GetCommandLineA
HeapDestroy
ExitProcess
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
SetThreadContext
ResumeThread
TerminateProcess
CloseHandle
GetCurrentThreadId
GetCurrentProcessId
InitializeCriticalSection
GetModuleFileNameA
HeapAlloc
GetTempPathA
LoadLibraryA
FreeLibrary
WriteFile
HeapFree
CreateFileA
GetFileSize
ReadFile
SetFilePointer
HeapReAlloc

comctl32

InitCommonControls

user32

MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows

advapi32

GetCurrentHwProfileA

ole32

CoInitialize

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

Sections

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17-10-2024 #20/Explore.exe
.exe windows:4 windows x86 arch:x86

Password: infected

bfbf457d52153d2191e67bb6c9212334

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvbvm60

MethCallEngine
ord593
ord594
ord595
ord598
ord525
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord608
ord530
ord716
ProcCallEngine
ord537
ord645
ord570
ord685
ord100
ord616
ord542
ord545
ord546
ord547
ord580

Sections

.text
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
17-10-2024 #20/FloodFix.exe
.exe windows:1 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17-10-2024 #20/Flyagent.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 511B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
17-10-2024 #20/InstallCore.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17-10-2024 #20/MSRATING.exe
.dll windows:4 windows x86 arch:x86

02d76c393feb8d385167a85a006ffd29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

EnableWindow
GetParent
ReleaseDC
DrawTextW
DrawFrameControl
FillRect
IsRectEmpty
GetClientRect
DestroyWindow
SetWindowPos
ShowWindow
IsWindowVisible
IsIconic
ToAscii

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoTaskMemAlloc

Exports

Exports

wqQOXieeC

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

adata
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
17-10-2024 #20/MulDrop.exe
.exe windows:4 windows x86 arch:x86

e4a48d4093442cddd5a11523c94015e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
RemoveDirectoryA
Beep
Sleep
CloseHandle
DeleteFileA
CreateDirectoryA
GetTempPathA
ReadFile
SetFilePointer
GetFileSize
GetLastError
CreateFileA
GetModuleFileNameA
SetLastError
GetCommandLineA
WritePrivateProfileStringA
LocalFree
FormatMessageA
GetTempFileNameA
WriteFile
GetExitCodeProcess
OpenProcess
CreateProcessA
HeapAlloc
GetProcessHeap
HeapFree
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime

user32

LoadCursorA
DispatchMessageA
PeekMessageA
SetCursor
MessageBoxA
wsprintfA

shell32

ShellExecuteA

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17-10-2024 #20/TSULoader.exe
.exe windows:4 windows x86 arch:x86

a8286b574ff850cd002ea6282d15aa40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Dev\Tin7\InstallDir\vc80-win32u\Loader.pdb

Imports

kernel32

HeapAlloc
HeapFree
OutputDebugStringA
lstrcpynW
UnmapViewOfFile
MultiByteToWideChar
MapViewOfFile
CloseHandle
CreateFileMappingW
GetFileSize
CreateFileW
lstrlenW
GetCommandLineW
ExitProcess
Sleep
DeleteFileW
SetFileAttributesW
GetFileAttributesW
FreeLibrary
GetProcAddress
LoadLibraryW
GetTempPathW
GetModuleHandleW
GetLastError
GetModuleFileNameW
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcessId
GetProcessHeap
ReadFile
WriteFile
SetFileTime
SetFilePointer

user32

MessageBoxA
wvsprintfA
wsprintfW
PostMessageW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tsustub
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tsuarch
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
17-10-2024 #20/UtilMan.exe
.exe windows:5 windows x86 arch:x86

fbe13bfcd8ea528c3efd4392cab7dd0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

UtilMan.pdb

Imports

msvcrt

__p__commode
__p__fmode
__set_app_type
_controlfp
_XcptFilter
_exit
_c_exit
_adjust_fdiv
swprintf
wcschr
_wcsnicmp
free
malloc
_wsplitpath
??2@YAPAXI@Z
__setusermatherr
_initterm
__getmainargs
??3@YAXPAX@Z
_acmdln
exit
_except_handler3
_cexit
_wcsicmp

advapi32

QueryServiceStatus
RegCreateKeyExW
RegEnumKeyW
RegSetValueExW
ImpersonateLoggedOnUser
RegOpenCurrentUser
StartServiceW
CreateProcessAsUserW
ControlService
CheckTokenMembership
DuplicateToken
DuplicateTokenEx
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
ImpersonateSelf
OpenThreadToken
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AccessCheck
RevertToSelf
GetUserNameW
CopySid
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
FreeSid

kernel32

SetEvent
OpenEventW
SetCurrentDirectoryW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
lstrcmpiW
lstrcpyW
lstrlenW
GetFileAttributesW
GetModuleFileNameW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryW
GetExitCodeProcess
lstrcmpW
CreateFileW
OpenMutexW
GetCurrentThreadId
Sleep
CreateEventW
CreateFileMappingW
CloseHandle
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
GetLastError
GetCurrentThread
GetCurrentProcessId
ProcessIdToSessionId
LocalAlloc
LocalFree
OpenProcess
lstrcatW
TerminateProcess
CreateProcessW
GetProcessVersion
SetErrorMode

user32

TranslateMessage
SetTimer
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
DefWindowProcW
MessageBoxW
FindWindowExW
RegisterClassW
CreateWindowExW
DestroyWindow
KillTimer
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
CloseWindowStation
CloseDesktop
GetUserObjectInformationW
OpenDesktopW
OpenInputDesktop
SetThreadDesktop
GetThreadDesktop
PostMessageW
GetWindowThreadProcessId
EnumWindows
PostThreadMessageW
RegisterWindowMessageW
LoadStringW

netapi32

NetUserGetInfo
NetApiBufferFree

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ntdll

NtDuplicateToken
NtClose

winsta

WinStationQueryInformationW

rpcrt4

RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
NdrClientCall2
RpcBindingFree

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17-10-2024 #20/Zombie.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
17-10-2024 #20/app stroe.exe
.exe windows:5 windows x86 arch:x86

b36eb9a4c6fca2002f3fab21d6da4be8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

EndPaint

advapi32

RegCloseKey

shell32

ShellExecuteA

iphlpapi

GetAdaptersInfo

ws2_32

htonl

wtsapi32

WTSRegisterSessionNotification

Sections

.MPRESS1
Size: 438KB - Virtual size: 828KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shdthhk
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.R
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ
17-10-2024 #20/assemblychange.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Abdullah Bazaid\Documents\Visual Studio 2010\Projects\Bazaid.BotNet.Builder\Bazaid.BotNet.Builder\cop\CryptoObfuscator_Output\Stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17-10-2024 #20/defOff.exe
.exe windows:4 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpy

Sections

Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ighaczng
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bmgxquoi
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
17-10-2024 #20/loadmoney.exe
.exe windows:4 windows x86 arch:x86

df668ba407536aa7370243c71ce308c3

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

09-12-2011 00:00

Not After

06-02-2014 23:59

Subject

CN=LLC Mail.Ru,O=LLC Mail.Ru,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
HeapAlloc
HeapFree
InitializeCriticalSection
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_winmajor
abort
atexit
calloc
free
fwrite
malloc
memcpy
memmove
memset
signal
strcmp
vfprintf

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 172B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
17-10-2024 #20/my computer.exe
.exe windows:4 windows x86 arch:x86

97dcc61862f5973c700ea2b47b221db1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetProcessHeap
WriteConsoleW
GetStartupInfoA
Sleep
ResumeThread
WriteConsoleW
GetCommandLineA
VirtualQueryEx
SetEvent
GetPrivateProfileSectionW
HeapDestroy
lstrlenW
VirtualProtect
GetStdHandle
GetFileAttributesW
GetModuleHandleA
lstrcpyA
CopyFileA
WriteConsoleW
DeleteFileA
GetDriveTypeW

mmcndmgr

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServer

cryptui

CryptUIWizDigitalSign
LocalEnroll
WizardFree
DllRegisterServer
WizardFree
DllUnregisterServer
LocalEnroll
CryptUIWizBuildCTL
LocalEnrollNoDS
CryptUIWizExport
CryptUIStartCertMgr
CryptUIDlgViewContext
CryptUIWizImport

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.expimp
Size: 1024B - Virtual size: 769B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
17-10-2024 #20/r42s8 (63).exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

File Characteristics

Sections

.text Size: 132KB - Virtual size: 130KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 316KB - Virtual size: 313KB

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 32KB

UPX1 Size: 11KB - Virtual size: 12KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 11KB - Virtual size: 10KB

Password: infected

4a15a742e3dc9808a289e2251186f464

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

msvcrt

imm32

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 37KB - Virtual size: 36KB

.rsrc Size: 2KB - Virtual size: 521KB

Password: infected

4870b2a06b34732f77b9dfc07e9b0b7c

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 284KB - Virtual size: 283KB

.data Size: - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 11KB

Password: infected

c87c561c595643ff7cae40277275c63c

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

user32

advapi32

ole32

urlmon

wininet

Sections

.code Size: 4KB - Virtual size: 4KB

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 512B - Virtual size: 53B

.data Size: 193KB - Virtual size: 193KB

.rsrc Size: 92KB - Virtual size: 91KB

Password: infected

bfbf457d52153d2191e67bb6c9212334

Headers

.text
Size: 132KB - Virtual size: 130KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 316KB - Virtual size: 313KB

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 11KB - Virtual size: 10KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 2KB - Virtual size: 521KB

.text
Size: 284KB - Virtual size: 283KB

.data
Size: - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 11KB

.code
Size: 4KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 53B

.data
Size: 193KB - Virtual size: 193KB

.rsrc
Size: 92KB - Virtual size: 91KB

.text
Size: 70KB - Virtual size: 72KB

.rsrc
Size: 8KB - Virtual size: 8KB

CODE
Size: 37KB - Virtual size: 37KB

DATA
Size: 1024B - Virtual size: 748B

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 7KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 511B

CODE
Size: 36KB - Virtual size: 35KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 19KB - Virtual size: 18KB

.text
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 102B

adata
Size: 152KB - Virtual size: 149KB

.rsrc
Size: 60KB - Virtual size: 57KB

.reloc
Size: 4KB - Virtual size: 492B

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 12KB - Virtual size: 10KB