C:\Dev\Final\Release\main.pdb
Overview
overview
10Static
static
10VSNKLGuzoF...2).exe
windows7-x64
3VSNKLGuzoF...5w.exe
windows7-x64
3VideoCodeCX.exe
windows7-x64
10WcsPlugInS...ex.exe
windows7-x64
5WinLocker Builder.exe
windows7-x64
5WinLocker_Builder.exe
windows7-x64
5_003E0000.exe.vir.exe
windows7-x64
9vmem02.exe
windows7-x64
3w8i9eHkHOwWwQlX.exe
windows7-x64
3wpbt0.exe
windows7-x64
10xpiofrbtkzhr.exe
windows7-x64
xxx_video (2).exe
windows7-x64
7xxx_video.exe
windows7-x64
5xxx_video_...vi.exe
windows7-x64
10xxx_video_...ir.exe
windows7-x64
10xxx_video_...ir.exe
windows7-x64
10xxx_video_...ir.exe
windows7-x64
10xxx_video_...vi.exe
windows7-x64
10xxx_video_...ir.exe
windows7-x64
10zcrypt.exe
windows7-x64
7{71257279-...a}.exe
windows7-x64
10Behavioral task
behavioral1
Sample
VSNKLGuzoFJgFHyEI15w (2).exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
VSNKLGuzoFJgFHyEI15w.exe
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
VideoCodeCX.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
WcsPlugInService.ex.exe
Resource
win7-20241010-en
Behavioral task
behavioral5
Sample
WinLocker Builder.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
WinLocker_Builder.exe
Resource
win7-20240903-en
Behavioral task
behavioral7
Sample
_003E0000.exe.vir.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
vmem02.exe
Resource
win7-20240903-en
Behavioral task
behavioral9
Sample
w8i9eHkHOwWwQlX.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
wpbt0.exe
Resource
win7-20241023-en
Behavioral task
behavioral11
Sample
xpiofrbtkzhr.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
xxx_video (2).exe
Resource
win7-20240903-en
Behavioral task
behavioral13
Sample
xxx_video.exe
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
xxx_video_26726.avi.exe
Resource
win7-20240903-en
Behavioral task
behavioral15
Sample
xxx_video_35942.avi.exe.vir.exe
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
xxx_video_35942.avi_unpacked_.exe.vir.exe
Resource
win7-20240708-en
Behavioral task
behavioral17
Sample
xxx_video_73240.avi____.exe.vir.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
xxx_video_77498.avi.exe
Resource
win7-20241010-en
Behavioral task
behavioral19
Sample
xxx_video_87279.avi.exe.vir.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
zcrypt.exe
Resource
win7-20240903-en
Behavioral task
behavioral21
Sample
{71257279-042b-371d-a1d3-fbf8d2fadffa}.exe
Resource
win7-20240903-en
General
-
Target
Batch_11.zip
-
Size
3.9MB
-
MD5
d9efba6b5d8f5cadcb5b72a261364879
-
SHA1
847e175e807b9f271cfecdf0b451d029bdf73d5a
-
SHA256
f6a83e6ed8bf92b8ff4da0aba72fe354199ec79a99008b34800e4cfdb92d3a67
-
SHA512
ed9ae302a89f3aea8f749e804ed6b058f7d4a48e39ac3ef7d5d8e28eebbbe8a35f9ce7b7675ed57c968eade8ec29580cf37ac85f9aee9c56595b1662e6acaa60
-
SSDEEP
98304:ywQRPA4p9xWgZgAAqLIld4nSUYuNmH6z3rcq/fsQ:yTST47mW7c4
Malware Config
Signatures
-
Detected Xorist Ransomware 1 IoCs
Processes:
resource yara_rule static1/unpack001/w8i9eHkHOwWwQlX.exe family_xorist -
Xorist family
-
Processes:
resource yara_rule static1/unpack001/WcsPlugInService.ex.exe upx static1/unpack001/WinLocker Builder.exe upx static1/unpack001/WinLocker_Builder.exe upx static1/unpack001/wpbt0.dll upx static1/unpack001/xpiofrbtkzhr.exe upx static1/unpack001/xxx_video.exe upx static1/unpack001/xxx_video_26726.avi.exe upx static1/unpack001/xxx_video_35942.avi.exe.vir.exe upx static1/unpack001/xxx_video_87279.avi.exe.vir.exe upx -
Unsigned PE 26 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/VSNKLGuzoFJgFHyEI15w (2).exe unpack001/VSNKLGuzoFJgFHyEI15w.exe unpack001/VideoCodeCX.exe unpack001/WcsPlugInService.ex.exe unpack002/out.upx unpack001/WinLocker Builder.exe unpack001/WinLocker_Builder.exe unpack001/_003E0000.exe.vir.exe unpack001/vmem02.exe unpack001/w8i9eHkHOwWwQlX.exe unpack001/wpbt0.dll unpack005/out.upx unpack001/xpiofrbtkzhr.exe unpack006/out.upx unpack001/xxx_video (2).exe unpack001/xxx_video.exe unpack001/xxx_video_26726.avi.exe unpack008/out.upx unpack001/xxx_video_35942.avi.exe.vir.exe unpack009/out.upx unpack001/xxx_video_35942.avi_unpacked_.exe.vir.exe unpack001/xxx_video_73240.avi____.exe.vir.exe unpack001/xxx_video_77498.avi.exe unpack001/xxx_video_87279.avi.exe.vir.exe unpack001/zcrypt.exe unpack001/{71257279-042b-371d-a1d3-fbf8d2fadffa}.exe
Files
-
Batch_11.zip.zip
-
VSNKLGuzoFJgFHyEI15w (2).exe.exe windows:5 windows x86 arch:x86
d409d04619f830ed4fb4696d607103fa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ws2_32
ioctlsocket
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
kernel32
GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
WriteFile
CreateFileW
CloseHandle
Sleep
DeleteFileW
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
lstrlenW
GetTempPathW
FindClose
FindNextFileW
GetVolumeInformationW
SetFilePointer
ReadFile
MoveFileW
GetFileSize
GetFileType
SystemTimeToFileTime
CreateDirectoryW
GetUserDefaultLCID
WideCharToMultiByte
GetFileAttributesW
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetModuleHandleW
GetVersionExW
GetProcAddress
GetSystemInfo
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetTickCount
SleepEx
VerifyVersionInfoA
VerSetConditionMask
WaitForSingleObject
FormatMessageA
ExpandEnvironmentStringsA
GetModuleFileNameW
GetCurrentDirectoryA
GetFullPathNameA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetProcessHeap
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
SetFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStringTypeA
HeapSize
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapAlloc
GetStartupInfoW
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsW
user32
MessageBoxW
wsprintfW
GetSystemMetrics
advapi32
CryptGenKey
CryptGetHashParam
CryptAcquireContextA
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptGetKeyParam
CryptAcquireContextW
CryptExportKey
shell32
ShellExecuteW
SHGetFolderPathW
wininet
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW
shlwapi
PathFindExtensionW
StrCmpIW
PathAppendW
StrCpyW
Sections
.text Size: 283KB - Virtual size: 283KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
VSNKLGuzoFJgFHyEI15w.exe.exe windows:5 windows x86 arch:x86
d409d04619f830ed4fb4696d607103fa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Dev\Final\Release\main.pdb
Imports
ws2_32
ioctlsocket
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
kernel32
GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
WriteFile
CreateFileW
CloseHandle
Sleep
DeleteFileW
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
lstrlenW
GetTempPathW
FindClose
FindNextFileW
GetVolumeInformationW
SetFilePointer
ReadFile
MoveFileW
GetFileSize
GetFileType
SystemTimeToFileTime
CreateDirectoryW
GetUserDefaultLCID
WideCharToMultiByte
GetFileAttributesW
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetModuleHandleW
GetVersionExW
GetProcAddress
GetSystemInfo
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetTickCount
SleepEx
VerifyVersionInfoA
VerSetConditionMask
WaitForSingleObject
FormatMessageA
ExpandEnvironmentStringsA
GetModuleFileNameW
GetCurrentDirectoryA
GetFullPathNameA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetProcessHeap
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
SetFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStringTypeA
HeapSize
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapAlloc
GetStartupInfoW
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsW
user32
MessageBoxW
wsprintfW
GetSystemMetrics
advapi32
CryptGenKey
CryptGetHashParam
CryptAcquireContextA
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptGetKeyParam
CryptAcquireContextW
CryptExportKey
shell32
ShellExecuteW
SHGetFolderPathW
wininet
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW
shlwapi
PathFindExtensionW
StrCmpIW
PathAppendW
StrCpyW
Sections
.text Size: 283KB - Virtual size: 283KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
VideoCodeCX.exe.exe windows:5 windows x86 arch:x86
fdc840a7a99c43c34a60188ec8cc1596
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\victor\Desktop\BRANCH\win\Release\stubs\x86\ExternalUi.pdb
Imports
kernel32
CreateDirectoryW
GetCurrentProcessId
GetExitCodeThread
SetEvent
CreateEventW
SetLastError
LoadLibraryW
FreeLibrary
lstrlenW
GetVersionExW
CreateFileA
SetStdHandle
WriteConsoleW
WriteConsoleA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetDiskFreeSpaceExW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
ExitProcess
lstrcmpiW
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
PeekNamedPipe
OpenEventW
CopyFileExW
CompareFileTime
GetVersion
ResetEvent
MoveFileW
GetLocaleInfoA
GetStringTypeW
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
GetSystemDirectoryW
GetLocalTime
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
FileTimeToSystemTime
GetUserDefaultLangID
GetSystemDefaultLangID
GetDriveTypeW
CompareStringW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
GetFileSize
ReadFile
GlobalFree
GetTempPathW
GetSystemTime
SystemTimeToFileTime
GetTempFileNameW
DeleteFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
GetLogicalDriveStringsW
GetFileAttributesW
SetFileAttributesW
GetFileTime
CopyFileW
FindClose
MultiByteToWideChar
LoadLibraryExW
WideCharToMultiByte
InterlockedExchange
GetSystemInfo
TlsFree
WaitForMultipleObjects
Sleep
GetLastError
GetCurrentThreadId
WaitForSingleObject
MulDiv
lstrcpynW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocaleInfoW
EnumResourceLanguagesW
SetEndOfFile
SetCurrentDirectoryW
GetCommandLineW
GetExitCodeProcess
CreateProcessW
GetModuleFileNameA
FlushFileBuffers
LeaveCriticalSection
SetFilePointer
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
GetFullPathNameW
GetCurrentThread
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleW
GetProcAddress
RaiseException
FlushInstructionCache
GetCurrentProcess
CloseHandle
WriteFile
CreateFileW
FreeEnvironmentStringsW
LocalAlloc
LocalFree
LoadLibraryA
GetShortPathNameW
GetEnvironmentVariableW
FormatMessageW
CreateThread
SetUnhandledExceptionFilter
user32
MapWindowPoints
GetParent
GetWindow
GetClientRect
GetWindowTextW
GetWindowTextLengthW
FillRect
IsWindow
ShowWindow
GetWindowRect
UnionRect
IsWindowVisible
BeginPaint
EndPaint
ScreenToClient
SetWindowPos
GetWindowDC
LookupIconIdFromDirectoryEx
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SendMessageW
DrawFrameControl
RegisterWindowMessageW
InvalidateRgn
GetDesktopWindow
GetKeyState
DrawStateW
DrawTextExW
DrawFocusRect
ValidateRect
DestroyMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenu
InflateRect
LoadBitmapW
MessageBeep
LoadImageW
CharNextW
GetClassNameW
ReleaseCapture
SetCapture
UpdateWindow
DestroyIcon
GetDlgCtrlID
GetCapture
SetScrollInfo
GetScrollPos
GetClassInfoExW
RegisterClassExW
DrawEdge
SetScrollPos
SetRect
MoveWindow
GetScrollInfo
GetMessagePos
SystemParametersInfoW
GetActiveWindow
TrackMouseEvent
GetAsyncKeyState
DestroyCursor
GetWindowRgn
IsZoomed
SetWindowRgn
GetComboBoxInfo
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
CreateDialogParamW
EndDialog
DialogBoxParamW
InvalidateRect
GetNextDlgTabItem
SetCursor
MonitorFromWindow
GetMonitorInfoW
IsDialogMessageW
IsChild
PostQuitMessage
PostMessageW
SetForegroundWindow
SetCursorPos
GetCursorPos
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
LoadStringW
MessageBoxW
GetFocus
EnableWindow
DestroyWindow
GetForegroundWindow
EnumWindows
GetWindowThreadProcessId
DialogBoxIndirectParamW
MsgWaitForMultipleObjects
GetPropW
GetSystemMenu
EnableMenuItem
ModifyMenuW
ExitWindowsEx
GetScrollRange
SetPropW
RemovePropW
LoadMenuW
GetSubMenu
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetIconInfo
SendMessageTimeoutW
UnregisterClassA
DrawTextW
DrawIconEx
GetSystemMetrics
ClientToScreen
OffsetRect
SetRectEmpty
PtInRect
GetSysColorBrush
IntersectRect
IsRectEmpty
SendMessageA
IsWindowEnabled
CopyRect
RedrawWindow
SetFocus
GetSysColor
CreateWindowExW
GetDlgItem
SetWindowTextW
EqualRect
SetTimer
KillTimer
GetDC
ReleaseDC
CreateIconFromResourceEx
gdi32
GetLayout
GetBrushOrgEx
CreateFontIndirectW
CreateSolidBrush
GetRgnBox
EqualRgn
CreatePolygonRgn
CreateRectRgnIndirect
GetStockObject
CreateFontW
SetBkMode
SetTextColor
SetBrushOrgEx
CreatePatternBrush
FillRgn
SelectClipRgn
GetBitmapBits
CreateRectRgn
GetObjectW
GetDeviceCaps
Rectangle
ExcludeClipRect
CreatePen
ExtTextOutW
SetBkColor
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC
CreateDIBSection
CreateBitmapIndirect
CombineRgn
advapi32
RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
StartServiceW
QueryServiceStatus
OpenServiceW
RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExA
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
RegOpenKeyExA
RegEnumValueA
LookupAccountSidW
RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
RegDeleteKeyA
RegCreateKeyA
shell32
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation
ole32
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoCreateGuid
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoInitializeEx
CoCreateInstance
oleaut32
VarDateFromStr
VarUI4FromStr
OleLoadPicture
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString
dbghelp
SymGetLineFromAddr
SymSetSearchPath
SymCleanup
SymInitialize
SymSetOptions
SymFunctionTableAccess
StackWalk
SymGetModuleBase
shlwapi
PathIsDirectoryW
PathAddBackslashW
PathIsUNCW
PathFileExistsW
comctl32
ImageList_Destroy
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_LoadImageW
ImageList_GetIcon
ImageList_AddMasked
ImageList_SetBkColor
_TrackMouseEvent
ImageList_Add
ImageList_ReplaceIcon
ImageList_Create
CreatePropertySheetPageW
PropertySheetW
msimg32
AlphaBlend
TransparentBlt
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
mpr
WNetAddConnection2W
comdlg32
GetOpenFileNameW
GetSaveFileNameW
Sections
.text Size: 1010KB - Virtual size: 1009KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 239KB - Virtual size: 238KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 161KB - Virtual size: 160KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WcsPlugInService.ex.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 108KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 106KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 73KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 70KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WinLocker Builder.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 760KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 257KB - Virtual size: 260KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 59KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
WinLocker_Builder.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 756KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 254KB - Virtual size: 256KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 59KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
_003E0000.exe.vir.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vmem02.exe.exe windows:1 windows x86 arch:x86
a208ed6b0434bcbf2b456ccd3a72195d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
GetModuleHandleW
user32
CreateWindowExW
DefWindowProcW
DispatchMessageW
GetMessageW
GetSystemMetrics
KillTimer
LoadCursorW
LoadIconW
MoveWindow
PostQuitMessage
RegisterClassW
SetTimer
TranslateMessage
Sections
.text Size: 961B - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
w8i9eHkHOwWwQlX.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
wpbt0.dll.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 92KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 48KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 89KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 2KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 12B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
xpiofrbtkzhr.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 64KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 832B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 610B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
xxx_video (2).exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 596KB - Virtual size: 595KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 648B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
xxx_video.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 200KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 55KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
xxx_video_26726.avi.exe.exe windows:7 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 60KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 49KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:7 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 71KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 349B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 13B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
xxx_video_35942.avi.exe.vir.exe.exe windows:9 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 132KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 51KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:9 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.slcsyy Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.xpsfowa Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.jyngd Size: 6KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gwpkkwo Size: 71KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.ogsqa Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
xxx_video_35942.avi_unpacked_.exe.vir.exe.exe windows:6 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 44KB - Virtual size: 7KB
Size: 184KB - Virtual size: 5B
���� Size: - Virtual size:
-
xxx_video_73240.avi____.exe.vir.exe.exe windows:6 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 32KB - Virtual size: 7KB
Size: 208KB - Virtual size: 4B
���� Size: - Virtual size:
-
xxx_video_77498.avi.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 628B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 2KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 10KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
xxx_video_87279.avi.exe.vir.exe.exe windows:9 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 108KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 43KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
zcrypt.exe.exe windows:6 windows x86 arch:x86
7c6791cb1b3ac992063bd8ecc38e1226
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\Asus\Desktop\MyEncrypter2Mod3Window\Release\MyEncrypter2.pdb
Imports
kernel32
SetFileAttributesA
GetLogicalDriveStringsA
GetProcAddress
GetFileSize
ExitProcess
WinExec
lstrcmpiA
CreateProcessA
GetTempFileNameA
GetComputerNameA
GetLastError
CloseHandle
LocalFree
GetTickCount
GetStdHandle
GetFileType
GetCurrentThreadId
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
FreeLibrary
GlobalMemoryStatus
FlushConsoleInputBuffer
FlushFileBuffers
GetACP
MultiByteToWideChar
SetEndOfFile
HeapSize
WriteConsoleW
DeleteFileA
LoadLibraryA
CreateFileA
GetFileAttributesA
OpenMutexA
CopyFileA
CompareStringA
Sleep
GetTempPathA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateMutexA
FindClose
SetFilePointer
ExpandEnvironmentStringsA
FindNextFileA
GetDriveTypeA
ExpandEnvironmentStringsW
WriteFile
GetCurrentProcess
ReadFile
FindFirstFileA
GetModuleFileNameA
FindFirstFileExA
GetCommandLineW
GetCommandLineA
SetEnvironmentVariableA
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetProcessHeap
CreateFileW
SetStdHandle
ReadConsoleW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
SetConsoleCtrlHandler
GetConsoleCP
user32
MessageBoxA
GetUserObjectInformationW
SystemParametersInfoA
GetProcessWindowStation
advapi32
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCloseKey
RegOpenKeyA
RegGetValueA
RegCreateKeyExA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
SystemFunction036
shell32
SHGetFolderPathA
ole32
CoInitialize
CoCreateInstance
oleaut32
VariantClear
shlwapi
PathFindExtensionA
PathFileExistsA
urlmon
URLDownloadToFileA
wininet
DeleteUrlCacheEntry
Sections
.text Size: 512KB - Virtual size: 512KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 222KB - Virtual size: 221KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 22KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
{71257279-042b-371d-a1d3-fbf8d2fadffa}.exe.exe windows:5 windows x86 arch:x86
7e8ad4139efc6cbcf31df3bc4b291dd8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_except_handler3
memcpy
memmove
_vsnprintf
_vsnwprintf
_purecall
memset
kernel32
LoadLibraryW
FreeLibrary
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
lstrcmpA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
CreateMutexW
ReleaseMutex
FindResourceExW
LoadResource
SizeofResource
LockResource
CreateProcessW
SetFilePointerEx
FindNextFileW
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTime
GetDateFormatW
GetTimeFormatW
GetCurrentThreadId
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetEnvironmentVariableW
CopyFileExW
GetUserDefaultUILanguage
DeleteCriticalSection
FindClose
FindFirstFileW
DeleteFileW
GetFileTime
SetLastError
GetFileSizeEx
FlushFileBuffers
ReadFile
WriteFile
SetFileTime
ResumeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
SetFileAttributesW
CreateFileW
GetFileAttributesW
Sleep
GetTickCount
MoveFileExW
ExpandEnvironmentStringsW
GetVolumeInformationW
GetDiskFreeSpaceExW
WaitForMultipleObjects
ResetEvent
GetTempPathW
GetLogicalDrives
GetDriveTypeW
LocalFree
CloseHandle
CreateEventW
GetLastError
GetHandleInformation
SetThreadPriority
GetModuleFileNameW
GetCurrentThread
GetModuleHandleW
SetEvent
GetComputerNameW
WaitForSingleObject
SetErrorMode
GetCommandLineW
ExitProcess
CreateThread
user32
MessageBoxIndirectW
InSendMessage
ClientToScreen
GetWindowLongW
GetClassNameW
GetCaretPos
TrackPopupMenu
AppendMenuW
GetCursorPos
CreatePopupMenu
SetMenuDefaultItem
DestroyMenu
LoadIconW
CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
SystemParametersInfoW
ScrollWindowEx
GetSystemMetrics
UpdateWindow
SetScrollInfo
MessageBoxW
EndPaint
ScreenToClient
GetWindowRect
DrawTextW
GetParent
GetClientRect
IsDialogMessageW
DestroyWindow
BeginPaint
DrawFocusRect
IntersectRect
GetDlgItem
SendMessageW
GetDlgCtrlID
SetWindowTextW
MoveWindow
GetDC
ReleaseDC
CharLowerW
PostQuitMessage
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
SetTimer
PostMessageW
SetFocus
RegisterClassExW
FlashWindowEx
InvalidateRect
GetWindowTextW
MonitorFromWindow
SetWindowPos
ShowWindow
GetForegroundWindow
AdjustWindowRectEx
IsWindowVisible
GetMonitorInfoW
DefWindowProcW
DialogBoxParamW
SetWindowLongW
EndDialog
CreateDialogParamW
MonitorFromPoint
UnregisterClassW
SetForegroundWindow
GetKeyState
ReplyMessage
GetScrollInfo
CreateWindowExW
advapi32
CryptAcquireContextW
RegSetValueExW
RegEnumKeyExW
RegFlushKey
CryptSetKeyParam
CryptGetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
CryptDecrypt
CryptGetHashParam
CryptCreateHash
CryptDestroyHash
CryptHashData
RegCreateKeyExW
RegCloseKey
CryptExportKey
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
shell32
SHGetFileInfoW
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
uxtheme
SetWindowTheme
gdi32
GetDeviceCaps
CreateSolidBrush
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
SetBkColor
DeleteDC
SetTextColor
GetObjectA
CreateFontIndirectW
comctl32
InitCommonControlsEx
ord413
ord410
shlwapi
StrCmpW
StrCmpNW
StrCmpIW
PathMatchSpecW
PathRemoveBackslashW
PathAddBackslashW
ord12
PathFindFileNameW
PathRemoveFileSpecW
PathUnquoteSpacesW
StrChrW
PathQuoteSpacesW
msimg32
AlphaBlend
winhttp
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpWriteData
WinHttpOpenRequest
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen
gdiplus
GdipAlloc
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdiplusStartup
GdipDeleteBrush
GdipCreateBitmapFromStream
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipDeleteFont
GdipDeleteGraphics
GdipDrawImageRectI
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipDrawString
GdipCreateFromHDC
GdipSetStringFormatHotkeyPrefix
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFontFromDC
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdipFree
GdipCloneBrush
ole32
CoInitializeEx
CoUninitialize
CoTaskMemFree
StringFromGUID2
crypt32
CryptImportPublicKeyInfo
CryptStringToBinaryA
CryptDecodeObjectEx
Sections
.text Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 248KB - Virtual size: 247KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ