mydoom | The-MALWARE-Repo-master[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

The-MALWARE-Repo-master.zip
Size

121.3MB
MD5

be2f06e08241e418152c6ce91176085b
SHA1

145e7527506be10c6f25e7b3c231ccc38f044bee
SHA256

c738c78fd727e661119899099f61ada68dd59df7c9b66c0810f4549a906a6c8f
SHA512

cd86644e1875ee4b48c6c233a45e5a0516e1a8515b6b86973c8dfcc53a0caf74cbfab6ebb819f61c109310153aeed112cb0fa7dee0e04317613dc5f26f5a7a23
SSDEEP

3145728:wNl3aFs1C4SA2hlHf9Rfi5xuT+FAiilgJcPdlwCzCLfH:wNl3aFW2h9/fiqaiiilpwCzCL/

Score

10^/10

macro upx macro_on_action geforce host stealer guest mydoom darkcomet njrat modiloader remcos revengerat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Geforce

startitit2-23969.portmap.host:1604

Mutex

b9584a316aeb9ca9b31edd4db18381f5

Attributes

reg_key
b9584a316aeb9ca9b31edd4db18381f5
splitter
Y262SUCZ4UJJ

Extracted

Family

remcos

Version

1.7 Pro

Botnet

Host

nickman12-46565.portmap.io:46565

nickman12-46565.portmap.io:1735

Attributes

audio_folder
audio
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
5
copy_file
Userdata.exe
copy_folder
Userdata
delete_file
true
hide_file
true
hide_keylog_file
true
install_flag
true
install_path
%WinDir%\System32
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%WinDir%\System32
mouse_option
false
mutex
remcos_vcexssuhap
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screens
screenshot_path
%AppData%
screenshot_time
1
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5

Extracted

Family

revengerat

Botnet

Guest

0.tcp.ngrok.io:19521

Mutex

RV_MUTEX

Signatures

Darkcomet family
darkcomet

Detects MyDoom family 1 IoCs

resource	yara_rule
static1/unpack004/out.upx	family_mydoom

ModiLoader First Stage 1 IoCs

resource	yara_rule
static1/unpack001/The-MALWARE-Repo-master/RAT/NetWire.exe	modiloader_stage1

Modiloader family
modiloader
Mydoom family
mydoom
Njrat family
njrat
Remcos family
remcos

RevengeRat Executable 1 IoCs

stealer

resource	yara_rule
static1/unpack001/The-MALWARE-Repo-master/RAT/RevengeRAT.exe	revengerat

Revengerat family
revengerat

Office macro that triggers on suspicious action 3 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
static1/unpack001/The-MALWARE-Repo-master/Pony/metrofax.doc	office_macro_on_action
static1/unpack001/The-MALWARE-Repo-master/RAT/NetWire.doc	office_macro_on_action
static1/unpack001/The-MALWARE-Repo-master/Spyware/Kakwa.doc	office_macro_on_action

Suspicious Office macro 2 IoCs

Office document equipped with macros.

macro

resource	yara_rule
static1/unpack002/[email protected]
static1/unpack001/The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm	office_xlm_macros

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack007/out.upx	autoit_exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/The-MALWARE-Repo-master/Email-Worm/Lacon.exe	upx
static1/unpack001/The-MALWARE-Repo-master/Email-Worm/MyDoom.A.exe	upx
static1/unpack001/The-MALWARE-Repo-master/Email-Worm/Nyxem.E.exe	upx
static1/unpack001/The-MALWARE-Repo-master/Ransomware/Birele.exe	upx
static1/unpack001/The-MALWARE-Repo-master/Ransomware/RedBoot.exe	upx
static1/unpack001/The-MALWARE-Repo-master/Ransomware/Rokku.exe	upx
static1/unpack001/The-MALWARE-Repo-master/Ransomware/Xyeta.exe	upx

Unsigned PE 97 IoCs

Checks for missing Authenticode signature.

resource
unpack001/The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
unpack001/The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.9d75ff0e9447ceb89c90cca24a1dbec1
unpack001/The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.925da3a10f7dde802c8d87047b14fda6
unpack001/The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe.c26203af4b3e9c81a9e634178b603601
unpack001/The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da
unpack001/The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.6164228ed2cc0eceba9ce1828d87d827
unpack001/The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.97a26d9e3598fea2e1715c6c77b645c2
unpack001/The-MALWARE-Repo-master/Email-Worm/Amus.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Anap.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Axam.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Brontok.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Bugsoft.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Duksten.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Funsoul.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Gruel.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Happy99.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Kiray.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Klez.e.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Lacon.exe
unpack003/out.upx
unpack001/The-MALWARE-Repo-master/Email-Worm/Lentin/Lentin.c.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Lentin/Lentin.d.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Magistr.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Maldal.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Mari.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/MeltingScreen.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Merkur.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/MsWorld.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/MyDoom.A.exe
unpack004/out.upx
unpack001/The-MALWARE-Repo-master/Email-Worm/MyPics.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/NakedWife.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Nyxem.E.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Pikachu.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Prolin.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Quamo.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Silver/Silver.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Trood.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/White.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Xanax.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Yarner.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/ZippedFiles.a.exe
unpack001/The-MALWARE-Repo-master/RAT/Blackkomet.exe
unpack001/The-MALWARE-Repo-master/RAT/CrimsonRAT.exe
unpack001/The-MALWARE-Repo-master/RAT/NJRat.exe
unpack001/The-MALWARE-Repo-master/RAT/NetWire.exe
unpack001/The-MALWARE-Repo-master/RAT/Remcos.exe
unpack001/The-MALWARE-Repo-master/RAT/RevengeRAT.exe
unpack001/The-MALWARE-Repo-master/RAT/VanToM-Rat.bat
unpack001/The-MALWARE-Repo-master/RAT/WarzoneRAT.exe
unpack001/The-MALWARE-Repo-master/Ransomware/$uckyLocker.exe
unpack001/The-MALWARE-Repo-master/Ransomware/7ev3n.exe
unpack001/The-MALWARE-Repo-master/Ransomware/Annabelle.exe
unpack001/The-MALWARE-Repo-master/Ransomware/Birele.exe
unpack006/out.upx
unpack001/The-MALWARE-Repo-master/Ransomware/CoronaVirus.exe
unpack001/The-MALWARE-Repo-master/Ransomware/CryptoLocker.exe
unpack001/The-MALWARE-Repo-master/Ransomware/CryptoWall.exe
unpack001/The-MALWARE-Repo-master/Ransomware/DeriaLock.exe
unpack001/The-MALWARE-Repo-master/Ransomware/Dharma.exe
unpack001/The-MALWARE-Repo-master/Ransomware/Fantom.exe
unpack001/The-MALWARE-Repo-master/Ransomware/GandCrab.exe
unpack001/The-MALWARE-Repo-master/Ransomware/GoldenEye/GoldenEye.exe
unpack001/The-MALWARE-Repo-master/Ransomware/InfinityCrypt.exe
unpack001/The-MALWARE-Repo-master/Ransomware/Krotten.exe
unpack001/The-MALWARE-Repo-master/Ransomware/Locky.AZ.exe
unpack001/The-MALWARE-Repo-master/Ransomware/NoMoreRansom.exe
unpack001/The-MALWARE-Repo-master/Ransomware/NotPetya.exe
unpack001/The-MALWARE-Repo-master/Ransomware/PetrWrap
unpack001/The-MALWARE-Repo-master/Ransomware/Petya.A.exe
unpack001/The-MALWARE-Repo-master/Ransomware/PolyRansom.exe
unpack001/The-MALWARE-Repo-master/Ransomware/PowerPoint.exe
unpack001/The-MALWARE-Repo-master/Ransomware/RedBoot.exe
unpack007/out.upx
unpack001/The-MALWARE-Repo-master/Ransomware/RedEye.exe
unpack001/The-MALWARE-Repo-master/Ransomware/Rensenware.exe
unpack001/The-MALWARE-Repo-master/Ransomware/Rokku.exe
unpack008/out.upx
unpack001/The-MALWARE-Repo-master/Ransomware/Satana.exe
unpack001/The-MALWARE-Repo-master/Ransomware/Seftad.exe
unpack001/The-MALWARE-Repo-master/Ransomware/SporaRansomware.exe
unpack001/The-MALWARE-Repo-master/Ransomware/UIWIX.exe
unpack001/The-MALWARE-Repo-master/Ransomware/ViraLock.exe
unpack001/The-MALWARE-Repo-master/Ransomware/WannaCry.exe
unpack001/The-MALWARE-Repo-master/Ransomware/WannaCrypt0r.exe
unpack001/The-MALWARE-Repo-master/Ransomware/WinlockerVB6Blacksod.exe
unpack001/The-MALWARE-Repo-master/Ransomware/Xyeta.exe
unpack009/out.upx
unpack001/The-MALWARE-Repo-master/Ransomware/satan.exe
unpack001/The-MALWARE-Repo-master/Spyware/AgentTesla.exe
unpack001/The-MALWARE-Repo-master/Spyware/HawkEye.exe
unpack001/The-MALWARE-Repo-master/Spyware/butterflyondesktop.exe
unpack001/The-MALWARE-Repo-master/Virus/Gnil/Gnil.exe
unpack001/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe
unpack001/The-MALWARE-Repo-master/Virus/WinNuke.98.exe
unpack001/The-MALWARE-Repo-master/Virus/Xpaj/xpaj.exe
unpack001/The-MALWARE-Repo-master/Virus/Xpaj/xpajB.exe

Files

The-MALWARE-Repo-master.zip
.zip
The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
.exe windows:5 windows x86 arch:x86

55b878ec00e988ff206a170cf34b525e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
CommConfigDialogA
HeapAlloc
SetEnvironmentVariableW
FlushViewOfFile
GetTickCount
GetCommConfig
GetPrivateProfileStringW
GetWindowsDirectoryA
GetMailslotInfo
GetCompressedFileSizeA
lstrcatA
GetOverlappedResult
GetVolumePathNameA
EnumSystemLocalesA
GetLastError
GetProcAddress
GetNumaHighestNodeNumber
LoadLibraryA
LocalAlloc
IsWow64Process
BuildCommDCBAndTimeoutsW
WaitForMultipleObjects
FindFirstVolumeMountPointA
GetProcessAffinityMask
CreateMailslotA
GetConsoleCursorInfo
ScrollConsoleScreenBufferA
GetVolumeNameForVolumeMountPointW
CreateFileW
CloseHandle
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetCPInfo
LCMapStringW
ExitProcess
GetModuleHandleExW
HeapSize
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
HeapReAlloc
IsValidCodePage
GetOEMCP
LoadLibraryExW
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
SetStdHandle
WriteConsoleW

user32

GetClipCursor

Exports

Exports

@bangPrecision@4
@plusTokenAfter@4
@yurii@4

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.9d75ff0e9447ceb89c90cca24a1dbec1
.exe windows:5 windows x86 arch:x86

8a6c92048eaa4c1652aa6f5807c98199

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeAcl

user32

GetDlgCtrlID

kernel32

SetThreadPriorityBoost
AreFileApisANSI
GetNamedPipeInfo
TzSpecificLocalTimeToSystemTime
GetMailslotInfo

urlmon

CoInternetIsFeatureEnabled

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 338B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.925da3a10f7dde802c8d87047b14fda6
.exe windows:5 windows x86 arch:x86

b10a33e794d5d2de180070d9dcc93422

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vfW|ZyZ9v345234bn5234nb

Imports

advapi32

GetUserNameA
OpenBackupEventLogA
CreatePrivateObjectSecurityEx

winmm

midiInGetDevCapsA

kernel32

EnumResourceNamesA
GetBinaryTypeA
GetCurrentProcess
GetNumaHighestNodeNumber
IsValidLocale
GetModuleFileNameW
HeapQueryInformation
FindNextChangeNotification
CreateSemaphoreW

user32

GetAsyncKeyState
IsCharAlphaA
CharNextA
GetSysColor
EnumClipboardFormats
IsCharAlphaW
GetActiveWindow
GrayStringW
CascadeWindows
LookupIconIdFromDirectory
GetProcessDefaultLayout

wininet

ReadUrlCacheEntryStream

gdi32

CreateDiscardableBitmap

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATCDFClose

powrprof

IsPwrSuspendAllowed

mscms

WcsSetUsePerUserProfiles

urlmon

HlinkSimpleNavigateToString

shlwapi

AssocQueryKeyW

iphlpapi

GetBestRoute
GetNumberOfInterfaces

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.coda
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe.c26203af4b3e9c81a9e634178b603601
.exe windows:5 windows x86 arch:x86

5ffc0457395f73c8894dad0221957a8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

6KrXJ

Imports

wininet

FindCloseUrlCache

kernel32

lstrlenW
GetEnvironmentStrings
ClearCommBreak
GetCurrentThread
GetOEMCP
GetCurrentThreadId
SwitchToThread
FindFirstVolumeMountPointW
GetModuleFileNameW
GetSystemDefaultUILanguage
GetBinaryTypeW
CompareStringA
GetTimeZoneInformation
GetLocaleInfoW
UnhandledExceptionFilter
GetACP
GetSystemRegistryQuota
CompareStringW
GetModuleHandleW
WriteFile
GetCurrentProcess
TerminateProcess
RtlUnwind
HeapReAlloc
InitializeCriticalSection
GetCommandLineA
GetVersionExA
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
GetModuleHandleA
ExitProcess
SetEnvironmentVariableA
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapAlloc
OutputDebugStringA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
Sleep
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryExA

shell32

ExtractIconA

winspool.drv

FindNextPrinterChangeNotification

advapi32

AreAnyAccessesGranted

gdi32

GetFontUnicodeRanges
GetMapMode

user32

LoadImageA
DefFrameProcA

version

GetFileVersionInfoA

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da
.exe windows:4 windows x86 arch:x86

33259202a22c25d002be697749eb957e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

ungetc

powrprof

GetPwrCapabilities

oleaut32

GetRecordInfoFromTypeInfo

gdi32

GetFontUnicodeRanges
GetViewportExtEx
GetTextExtentExPointA
GetWindowExtEx
GetTextCharacterExtra
DeleteObject
GetOutlineTextMetricsW
GetPaletteEntries
GetObjectType
GetTextExtentPointW
FloodFill

user32

GetMessageExtraInfo
GetMenuState
GetPropW
IsZoomed
FrameRect
GetWindowTextLengthA
GetSysColor
GetDesktopWindow
DefMDIChildProcA
GetCapture
InsertMenuItemA
FillRect
GetUpdateRgn
LoadIconA
GetUserObjectInformationA
DeferWindowPos
DrawFrameControl

advapi32

DeregisterEventSource
GetOldestEventLogRecord
GetUserNameW
IsTextUnicode

secur32

GetComputerObjectNameW

shlwapi

wnsprintfW

clusapi

GetClusterResourceNetworkName

winspool.drv

FindFirstPrinterChangeNotification
GetPrinterDriverW

kernel32

lstrcmpA
GetModuleHandleA
GetBinaryTypeW
GetProfileIntW
GetPrivateProfileStructA
IsProcessInJob
EscapeCommFunction
WritePrivateProfileStructW
GetPrivateProfileStringW
GetCurrentActCtx
GlobalFindAtomW
GetAtomNameW
GetOverlappedResult
GetPrivateProfileIntA
GetWindowsDirectoryA
GetDriveTypeW
LocalLock
GetCurrentProcessId
GetSystemTimeAdjustment
GetUserDefaultLCID
GetModuleFileNameW
GetSystemWindowsDirectoryW

urlmon

MkParseDisplayNameEx

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.6164228ed2cc0eceba9ce1828d87d827
.exe windows:5 windows x86 arch:x86

33c644f9a2df0250eacdf63aa0ff8cca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k27W.pdb

Imports

kernel32

IsValidLanguageGroup
GetUserDefaultLangID
GetThreadLocale
VirtualProtectEx
OpenSemaphoreA
GetCurrentProcessId
LocalLock
GetModuleFileNameA
GetBinaryTypeA
lstrlenA
GlobalDeleteAtom
GetLocaleInfoA
GetCurrentProcess
GetCommandLineW
DefineDosDeviceW
LocalSize
GetProcessWorkingSetSize
WritePrivateProfileStructW
GetComputerNameA
GetCompressedFileSizeA
GetPrivateProfileSectionNamesA
GetCurrentThread
GetModuleHandleW

clusapi

GetClusterResourceNetworkName

advapi32

FindFirstFreeAce

msvcrt

tolower
strcspn
setvbuf
strcmp

winspool.drv

GetPrinterDataExW

gdi32

GetMapMode
GetDIBColorTable
GetTextFaceW
RemoveFontResourceA
GdiComment
GetTextExtentPoint32A
GetLayout

powrprof

IsPwrHibernateAllowed

mscms

GetStandardColorSpaceProfileW

user32

IsWindow
GetWindowTextW
GetClientRect
DeregisterShellHookWindow
GetClassInfoExW
DefWindowProcW
GetWindowPlacement
DialogBoxParamW
InsertMenuItemW
GetSysColor
DrawStateW
GetDC
MessageBoxIndirectA
GetClipboardFormatNameW
EnumWindows
GetKeyboardLayoutNameW
GetUserObjectInformationW
LoadMenuIndirectA

wininet

FindNextUrlCacheGroup
DeleteUrlCacheEntryW

shlwapi

GetMenuPosFromID

oleaut32

GetErrorInfo

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.codu
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.97a26d9e3598fea2e1715c6c77b645c2
.dll windows:5 windows x64 arch:x64

817b343ed7ed0348e413bb1c3610278d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

r4b5led="Trunurty.pdb

Imports

kernel32

GetModuleFileNameW
GetStdHandle
GetBinaryTypeA
LockFile
GetProcessIdOfThread
SetEvent
GetModuleHandleW
LocalAlloc
LocalFree
GetProcAddress
FreeLibrary
GetLastError
LoadLibraryA
RaiseException

gdi32

SetGraphicsMode
SelectPalette

Exports

Exports

BeginBufferedAnimation
BeginBufferedPaint
BeginPanningFeedback
BufferedPaintClear
BufferedPaintInit
BufferedPaintRenderAnimation
BufferedPaintSetAlpha
BufferedPaintStopAllAnimations
BufferedPaintUnInit
CloseThemeData
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DrawThemeBackground
DrawThemeBackgroundEx
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeParentBackgroundEx
DrawThemeText
DrawThemeTextEx
EnableThemeDialogTexture
EnableTheming
EndBufferedAnimation
EndBufferedPaint
EndPanningFeedback
GetBufferedPaintBits
GetBufferedPaintDC
GetBufferedPaintTargetDC
GetBufferedPaintTargetRect
GetColorFromPreference
GetCurrentThemeName
GetImmersiveColorFromColorSetEx
GetImmersiveUserColorSetPreference
GetThemeAnimationProperty
GetThemeAnimationTransform
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBitmap
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeStream
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetThemeTimingFunction
GetThemeTransitionDuration
GetUserColorPreference
GetWindowTheme
HitTestThemeBackground
IsAppThemed
IsCompositionActive
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
OpenThemeData
OpenThemeDataEx
OpenThemeDataForDpi
SetThemeAppProperties
SetWindowTheme
SetWindowThemeAttribute
ThemeInitApiHook
UpdatePanningFeedback

Sections

.text
Size: 588KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pxzvu
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Banking-Malware/Emotet.zip
.zip
[email protected]
.docm .doc office2007

ThisDocument

S9zlQCC

EELFLr

TrS1jk

BdOW1qt

Uq3XXQaF

EIBYN39s

V9sPZLU

pGv5GKCO

zacGkX9
The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
.xlsm office2007
The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485
.elf linux x64
The-MALWARE-Repo-master/Email-Worm/Amus.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

yC
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Anap.a.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Axam.a.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

&%_*
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

U^#.
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Brontok.exe
.exe windows:4 windows x86 arch:x86

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress

Sections

DLP
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/BubbleBoy.html
.html .vbs polyglot
The-MALWARE-Repo-master/Email-Worm/Bugsoft.exe
.exe windows:4 windows x86 arch:x86

c1d24f2dee28c26ad20efbfa66d0d726

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarTstEq
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaVarCat
_CIlog
__vbaFileOpen
ord647
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Duksten.exe
.exe windows:4 windows x86 arch:x86

b82faf9237e7230cc2fbb2f1421d49bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrlenA
GetModuleHandleA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Emin.js
.js
The-MALWARE-Repo-master/Email-Worm/Funsoul.exe
.exe windows:4 windows x86 arch:x86

7e088f48d6fe44919b9fd479c903f565

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
ord516
_adj_fprem1
ord625
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaVarForInit
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
ord534
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
ord617
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
__vbaLateMemCallSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Gruel.a.exe
.exe windows:4 windows x86 arch:x86

5c7433b2a8bfdbd866a519f5ce78aa7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
MethCallEngine
ord516
ord662
ord593
ord594
ord595
ord520
ord631
ord632
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord607
ord608
ord716
ord534
ProcCallEngine
ord536
ord537
ord570
ord648
ord576
ord685
ord100
ord689
ord610
ord616
ord617
ord619
ord580
ord581

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Happy99.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/ILOVEYOU.vbs
.vbs
The-MALWARE-Repo-master/Email-Worm/Jer.html
.vbs
The-MALWARE-Repo-master/Email-Worm/Kiray.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.petite
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Klez.e.exe
.exe windows:4 windows x86 arch:x86

bb8a672644c54cc80e980f3e174cf92c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
IsDBCSLeadByte
WriteFile
ReadFile
GetTempFileNameA
GetTempPathA
DeleteFileA
SetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
SetEndOfFile
SetFilePointer
GetComputerNameA
SetFileTime
GetTickCount
CreateProcessA
GetSystemDirectoryA
GetCurrentProcess
GetVersionExA
GetVersion
WaitForSingleObject
GetCommandLineA
ExpandEnvironmentStringsA
GetDriveTypeA
CreateThread
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
LocalAlloc
LocalFree
GetLastError
GetLocalTime
UnmapViewOfFile
FreeLibrary
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
Process32First
Process32Next
GetModuleFileNameA
CreateToolhelp32Snapshot
Module32First
OpenProcess
ReadProcessMemory
TerminateProcess
Sleep
CloseHandle
LoadLibraryA
GetProcAddress
GetFileTime
SetStdHandle
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
GetModuleHandleA
GetStartupInfoA
ExitProcess
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
HeapFree
HeapAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FlushFileBuffers

advapi32

StartServiceCtrlDispatcherA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
StartServiceA
RegConnectRegistryA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegisterServiceCtrlHandlerA
OpenServiceA
SetServiceStatus
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegEnumValueA
RegDeleteValueA
RegOpenKeyA
RegEnumKeyA
RegCloseKey

ws2_32

gethostbyname
closesocket
WSACleanup
send
htons
connect
WSAGetLastError
WSAStartup
socket
recv

mpr

WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Lacon.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Lentin/Lentin.c.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 18KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.......
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Lentin/Lentin.d.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

...0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

...1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Magistr.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Maldal.a.exe
.exe windows:4 windows x86 arch:x86

894499b0c1732ab37b759498faae29f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord599
__vbaBoolVarNull
__vbaVargVar
_CIsin
__vbaVarZero
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarTstGe
_CIatan
__vbaStrMove
__vbaForEachVar
ord543
_allmul
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Mari.exe
.exe windows:4 windows x86 arch:x86

a8e4f0d33f3923214d437634054c49d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaResume
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
ord529
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
ord716
__vbaFPException
__vbaVarCat
ord537
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
ord612
__vbaVarDup
__vbaFpI4
ord616
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
ord542
_allmul
ord545
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/MeltingScreen.exe
.exe windows:4 windows x86 arch:x86

f90f100c81647f834881cf7cd9e90bd4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

MethCallEngine
ord625
ord593
ord598
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord608
ord535
ord645
ord100
ord617
ord580

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Merkur.exe
.exe windows:4 windows x86 arch:x86

4bd626f0fb8783b032a014d7ac172308

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord593
__vbaVarForInit
ord594
__vbaOnError
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaBoolVarNull
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaVarTstEq
__vbaObjVar
__vbaVarLateMemSt
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
ord600
ord601
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaFileOpen
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarDup
__vbaVarCopy
__vbaVarLateMemCallLd
_CIatan
__vbaStrMove
ord542
_allmul
ord545
_CItan
ord546
__vbaFPInt
__vbaVarForNext
_CIexp
ord580
__vbaFreeStr

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/MsWorld.exe
.exe windows:4 windows x86 arch:x86

ce3cbbc1ba1365b2d3ecb9bef12f75b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord632
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord608
ord716
ProcCallEngine
ord100

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/MyDoom.A.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/MyPics.a.exe
.exe windows:4 windows x86 arch:x86

a629f7d0ee066a263e62530ec4b91a16

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
ord516
_adj_fprem1
ord625
__vbaStrCat
ord553
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaVarForInit
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaVarCopy
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
ord544
__vbaLateMemCallSt
_CItan
ord546
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/NakedWife.exe
.exe windows:4 windows x86 arch:x86

ef6ce2f3d3b25e70f65cfafcb2c7b01e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaObjVar
__vbaVarLateMemSt
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaVarCat
_CIlog
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaLateMemCall
__vbaVarDup
__vbaVarLateMemCallLd
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/NewLove.vbs
.vbs
The-MALWARE-Repo-master/Email-Worm/Nyxem.E.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Pikachu.exe
.exe windows:4 windows x86 arch:x86

cf991f1d207b1a6b956f57f38b2aaa2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaObjVar
__vbaVarLateMemSt
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaVarCat
_CIlog
__vbaFileOpen
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaLateMemCall
__vbaVarAdd
__vbaVarLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Pleh.vbs
.vbs
The-MALWARE-Repo-master/Email-Worm/Prolin.exe
.exe windows:4 windows x86 arch:x86

b08f58ddcb14d10ef626790a3370327a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
_adj_fprem1
ord518
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaVarLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaCastObj
__vbaForEachVar
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Quamo.exe
.exe windows:4 windows x86 arch:x86

c3520ffe4db9de8477f08791726150fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
_adj_fprem1
__vbaStrCat
_adj_fdiv_m32
__vbaVarForInit
ord593
ord594
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaVarCat
_CIlog
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaForEachVar
_allmul
_CItan
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/San.html
The-MALWARE-Repo-master/Email-Worm/Scare.hta
.html .vbs polyglot
The-MALWARE-Repo-master/Email-Worm/Silver/Silver.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 22KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Trood.a.exe
.exe windows:1 windows x86 arch:x86

ad3ae4b62b30da87ef6c4e1607fc331b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RegisterServiceProcess
GetModuleHandleA
GetModuleFileNameA
ExitProcess
GetLocalTime
CopyFileA
WritePrivateProfileStringA
WinExec
CreateFileA
GetFileSize
VirtualAlloc
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
DeleteFileA
VirtualFree
GetSystemDirectoryA
lstrcatA

user32

RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
SetTimer
GetForegroundWindow
GetWindowRect
MoveWindow
ExitWindowsEx
PostQuitMessage
MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IMPORTS
Size: 204B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

imports
Size: 952B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

relocs
Size: 456B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

resource
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/White.a.exe
.exe windows:4 windows x86 arch:x86

ff441998bbcbf92dd625ab527152cc7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaExitProc
__vbaVarForInit
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarTstEq
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaVarMod
__vbaFpI4
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
__vbaStrVarCopy
ord619
ord542
_allmul
__vbaLateIdSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Winevar.exe
.exe windows:4 windows x86 arch:x86

82e832e5393272a459a250927a9159b2

Code Sign

3e:cf:a1:82:70:93:c4:96:49:98:cb:d9:4b:e7:d8:b1
Certificate

Issuer

CN=Root Agency

Not Before

21/11/2002, 14:47

Not After

31/12/2039, 23:59

Subject

CN=Symantec Microsoft Corp

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindNextFileA
FindFirstFileA
Sleep
TerminateProcess
OpenProcess
GetFullPathNameA
GetVersionExA
FreeLibrary
GetTempFileNameA
GetSystemDirectoryA
LoadLibraryA
GlobalAlloc
GetDriveTypeA
GetLogicalDrives
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
GetModuleHandleA
CopyFileA
GetTickCount
CreateProcessA
CreateMutexA
GetLastError
DeleteFileA
CreateThread
SetThreadPriority
GetProcAddress
GlobalFree
SetEndOfFile
HeapFree
GetCurrentProcess
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
GetOEMCP
GetFileType
CloseHandle
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
WriteFile
HeapReAlloc
VirtualAlloc
VirtualFree
ExitProcess
GetStdHandle
SetHandleCount
HeapAlloc
HeapDestroy
GetVersion
ReadFile
HeapCreate

user32

MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA

wsock32

ntohs
WSACleanup
recvfrom
recv
send
gethostbyname
inet_addr
htons
ioctlsocket
connect
closesocket
WSAStartup
socket
setsockopt
sendto

urlmon

URLDownloadToFileA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA
ControlService
OpenServiceA
DeleteService
RegDeleteKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Xanax.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Yarner.a.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/ZippedFiles.a.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Pony/metrofax.doc
.doc windows office2003

ThisDocument

Module1
The-MALWARE-Repo-master/RAT/Adwind.exe
.jar
The-MALWARE-Repo-master/RAT/Blackkomet.exe
.exe windows:4 windows x86 arch:x86

3b163548c984476f39d30c2f21df2b6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
LookupPrivilegeNameA
LookupPrivilegeDisplayNameA
LookupAccountSidA
LookupAccountNameA
IsValidSid
GetUserNameA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetCurrentHwProfileA
AdjustTokenPrivileges
CredEnumerateA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LsaFreeMemory
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
ConvertSidToStringSidA

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
mouse_event
keybd_event
WindowFromPoint
WaitMessage
VkKeyScanA
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageW
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjectsEx
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LockWorkStation
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastInputInfo
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumDisplayDevicesA
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenA
lstrcpyA
WriteProcessMemory
WriteFile
WinExec
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQuery
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
VerLanguageNameA
UnmapViewOfFile
TerminateProcess
SizeofResource
SetThreadLocale
SetThreadContext
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadProcessMemory
ReadFile
PeekNamedPipe
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetVersion
GetUserDefaultLangID
GetTickCount
GetThreadLocale
GetThreadContext
GetTempPathA
GetSystemPowerStatus
GetSystemDirectoryA
GetStdHandle
GetProcessHeap
GetProcAddress
GetPrivateProfileIntA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileTime
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumResourceNamesA
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateThread
CreateRemoteThread
CreateProcessA
CreatePipe
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
Beep
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostname
getservbyname
gethostbyname
gethostbyaddr
socket
shutdown
sendto
send
recv
ntohs
ioctlsocket
inet_ntoa
inet_addr
htons
connect
closesocket

shell32

ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
SHFileOperationA
DragQueryFileA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHEmptyRecycleBinA

ole32

CoTaskMemFree
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

urlmon

URLDownloadToFileA

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

wininet

InternetOpenUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
FtpPutFileA

winmm

waveInUnprepareHeader
waveInStart
waveInReset
waveInPrepareHeader
waveInOpen
waveInClose
waveInAddBuffer
PlaySoundA
mciSendStringA

netapi32

Netbios
NetApiBufferFree
NetShareGetInfo
NetShareEnum

ntdll

NtUnmapViewOfSection
NtQuerySystemInformation

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

ws2_32

WSAIoctl

msacm32

acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamReset
acmStreamSize
acmStreamClose
acmStreamOpen

rasapi32

RasGetEntryDialParamsA
RasEnumEntriesA

shfolder

SHGetFolderPathA

avicap32

capGetDriverDescriptionA

Sections

.text
Size: 569KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 46KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/RAT/CobaltStrike.doc
.docm .doc office2007
The-MALWARE-Repo-master/RAT/CrimsonRAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\hbraeiwas\hbraeiwas\obj\Debug\hbraeiwas.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/RAT/NJRat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/RAT/NetWire.doc
.doc windows office2003

ThisDocument

HauteGaronne
The-MALWARE-Repo-master/RAT/NetWire.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/RAT/Remcos.exe
.exe windows:4 windows x86 arch:x86

d3a62971944197f0701c7049a9c739d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetLongPathNameA
CreateMutexA
OpenMutexA
Process32Next
Process32First
CreateToolhelp32Snapshot
SizeofResource
LockResource
LoadResource
FindResourceA
GetLocaleInfoA
Process32NextW
Process32FirstW
lstrlenA
GetDriveTypeA
CreateProcessA
GetTickCount
GlobalUnlock
GlobalLock
GlobalAlloc
WinExec
GetCurrentProcessId
CreateDirectoryW
CopyFileA
GetFileAttributesW
GetLogicalDriveStringsA
GetCurrentProcess
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
VirtualAlloc
GlobalFree
LocalAlloc
TerminateProcess
ReadFile
PeekNamedPipe
GetStdHandle
CreatePipe
OpenProcess
DuplicateHandle
GetCurrentThread
lstrcpynA
ExitProcess
AllocConsole
GetStartupInfoA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
GetLastError
LoadLibraryA
GetProcAddress
CreateFileMappingA
MapViewOfFileEx
DeleteFileA
RemoveDirectoryA
CloseHandle
GetFileAttributesA
SetFileAttributesA
SetEvent
TerminateThread
FindFirstFileW
FindNextFileW
FindClose
GetLocalTime
CreateEventA
WaitForSingleObject
CreateDirectoryA
ExitThread
Sleep
GetModuleHandleA
DeleteFileW
CreateThread

user32

GetWindowTextLengthA
GetForegroundWindow
UnhookWindowsHookEx
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
ExitWindowsEx
MessageBoxA
GetKeyboardLayoutNameA
GetWindowThreadProcessId
ShowWindow
CloseWindow
GetWindowTextA
GetWindowTextW
EnumWindows
SendInput
CreateWindowExA
RegisterClassExA
AppendMenuA
CreatePopupMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
DefWindowProcA
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetMessageA
TranslateMessage
GetKeyboardLayout
FindWindowA
DispatchMessageA
IsWindowVisible

gdi32

CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
StretchBlt
GetObjectA
GetDIBits
DeleteObject
DeleteDC

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
GetUserNameW

shell32

ShellExecuteA
ExtractIconA
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteW

msvcp60

?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Bios_base@std@@QBEPAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

msvcrt

_wrename
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_iob
freopen
srand
rand
mbstowcs
realloc
_itoa
sprintf
getenv
toupper
tolower
wcscmp
printf
strncmp
malloc
free
_EH_prolog
__CxxFrameHandler
time
localtime
strftime
puts
atoi
_ftol
??2@YAPAXI@Z
_except_handler3
exit
??0exception@@QAE@ABV0@@Z
_CxxThrowException

winmm

waveInOpen
waveInStop
waveInClose
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInStart

shlwapi

PathFileExistsA

ws2_32

htons
gethostbyname
closesocket
socket
send
WSAGetLastError
connect
recv
WSAStartup

urlmon

URLDownloadToFileA

gdiplus

GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipSaveImageToStream
GdipSaveImageToFile
GdipLoadImageFromStream
GdiplusStartup
GdipGetImageEncoders
GdipFree
GdipGetImageEncodersSize

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/RAT/RevengeRAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/RAT/VanToM-Rat.bat
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/RAT/WarzoneRAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/$uckyLocker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Tyler\Desktop\hidden-tear-master\hidden-tear\hidden-tear\obj\Debug\VapeHacksLoader.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/7ev3n.exe
.exe windows:6 windows x86 arch:x86

008aca28b7c001acc5e0ab32fabaad84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\Win32Project9\Release\Win32Project9.pdb

Imports

kernel32

GetCurrentProcess
ExitThread
SetEndOfFile
CreateFileW
HeapSize
WriteConsoleW
ReadConsoleW
SetStdHandle
FindFirstFileExW
FindClose
GetProcAddress
GetCommandLineW
GetCommandLineA
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WinExec
CreateProcessA
GetStartupInfoA
GetModuleFileNameW
CopyFileA
GetFileAttributesA
GetModuleFileNameA
FindNextFileW
GetLocalTime
FindFirstFileW
CreateThread
GetModuleHandleW
Sleep
GetLogicalDrives
VerifyVersionInfoW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileAttributesExW
GetExitCodeProcess
WaitForSingleObject
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetLastError
FreeLibrary
LoadLibraryExW
RaiseException
RtlUnwind
MoveFileExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
HeapAlloc
HeapReAlloc
HeapFree
VerSetConditionMask

user32

ShowWindow
SendMessageW
FindWindowW
DrawTextA
CallNextHookEx
GetAsyncKeyState
DefWindowProcW
PostQuitMessage
DestroyWindow
KillTimer
InvalidateRect
SetTimer
EndPaint
SetWindowsHookExW
DrawTextW
BeginPaint
GetSystemMetrics
ShowCursor
DispatchMessageW
TranslateMessage
GetMessageW
SetForegroundWindow
SetWindowLongW
SetWindowPos
CreateWindowExW
RegisterClassExW
LoadCursorW

gdi32

MoveToEx
CreatePen
DeleteObject
SetTextColor
SetBkMode
SelectObject
CreateFontIndirectW
CreateSolidBrush
LineTo

advapi32

SystemFunction036
GetUserNameA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameW

shell32

ord680

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

netapi32

NetUserGetInfo

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/Annabelle.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 15.7MB - Virtual size: 15.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/BadRabbit.exe
.exe windows:5 windows x86 arch:x86

e3bda9df66f1f9b2b9b7b068518f2af1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:bf:ea:68:d6:77:b3:e2:6c:ab:41:c3:3f:3e:69:de
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/12/2016, 00:00

Not After

17/12/2017, 23:59

Subject

CN=Symantec Corporation,OU=STAR Security Engines,O=Symantec Corporation,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:6b:e6:bd:11:a8:67:6e:6c:57:90:9e:9b:0d:5f:57
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/03/2017, 00:00

Not After

13/04/2018, 23:59

Subject

CN=Symantec Corporation,OU=STAR Security Engines,O=Symantec Corporation,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

22/07/2014, 00:00

Not After

21/07/2024, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c9:13:30:16:a3:e5:cf:bf:b1:aa:8b:50:d1:16:0f:a5:35:73:41:3d:4f:81:f8:71:05:4e:c7:39:6d:5a:8b:17
Signer

Actual PE Digest

c9:13:30:16:a3:e5:cf:bf:b1:aa:8b:50:d1:16:0f:a5:35:73:41:3d:4f:81:f8:71:05:4e:c7:39:6d:5a:8b:17

Digest Algorithm

sha256

PE Digest Matches

false

bd:ae:90:d3:3b:42:bf:69:31:7c:f4:d9:c1:9d:fd:c2:69:86:ca:f0
Signer

Actual PE Digest

bd:ae:90:d3:3b:42:bf:69:31:7c:f4:d9:c1:9d:fd:c2:69:86:ca:f0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCommandLineW
GetFileSize
CreateProcessW
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
WriteFile
GetSystemDirectoryW
ReadFile
GetModuleFileNameW
CreateFileW
lstrcatW
CloseHandle
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter

user32

wsprintfW

shell32

CommandLineToArgvW

msvcrt

wcsstr
memcpy
free
malloc

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/Birele.exe
.exe windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.unp_1
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/Cerber5.exe
.exe windows:5 windows x86 arch:x86

604de9c4534997ea4f32f86753fab871

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

90:21:24:73:c7:06:f5:23:fe:84:bd:b9:a7:8a:01:f4
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/07/2017, 00:00

Not After

17/07/2018, 23:59

Subject

CN=DEMUS\, OOO,OU=IT,O=DEMUS\, OOO,POSTALCODE=410010,STREET=d. 84 of. 2\, ul.Tankistov,L=Saratov,ST=RU,C=RU,2.5.4.18=#1306343130303130

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fb:f7:43:25:3a:5f:2f:99:ab:87:3e:d6:da:c8:11:b0:70:ec:8e:54
Signer

Actual PE Digest

fb:f7:43:25:3a:5f:2f:99:ab:87:3e:d6:da:c8:11:b0:70:ec:8e:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
LoadLibraryA
lstrlenA
lstrcpyA
lstrcmpW
WriteFile
WriteConsoleInputW
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
UnhandledExceptionFilter
TerminateProcess
TerminateJobObject
Sleep
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetThreadExecutionState
SetPriorityClass
SetLastError
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ReleaseMutex
ReadConsoleOutputCharacterA
RaiseException
QueryPerformanceCounter
OutputDebugStringW
OutputDebugStringA
OpenEventW
MultiByteToWideChar
MoveFileExW
LocalFree
LocalAlloc
LoadLibraryW
LeaveCriticalSection
IsDebuggerPresent
InterlockedIncrement
InterlockedCompareExchange
InitializeCriticalSection
HeapReAlloc
HeapFree
HeapAlloc
GetWindowsDirectoryW
GetWindowsDirectoryA
GetVersionExW
GetVersionExA
GetTickCount
GetThreadLocale
GetSystemTimeAsFileTime
GetSystemTime
GetStartupInfoA
GetProcessPriorityBoost
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLastError
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleAliasExesLengthA
GetComputerNameW
FreeLibrary
FormatMessageW
FormatMessageA
ExitProcess
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateProcessW
CreateMutexA
CreateJobObjectA
CreateFileA
CloseHandle
CreateEventW
CreateEventA
InterlockedExchange

user32

SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SendMessageW
SendIMEMessageExW
RegisterDeviceNotificationW
RegisterClassW
PostMessageW
PeekMessageW
OpenWindowStationW
MessageBoxW
MessageBoxA
MessageBeep
MapDialogRect
LoadMenuA
LoadCursorW
KillTimer
IMPGetIMEW
GetWindowTextW
GetWindowRect
SetTimer
GetMenuItemID
GetKeyboardLayout
GetForegroundWindow
GetDlgItemTextW
GetDlgItem
GetDesktopWindow
EnumDesktopWindows
EndDialog
EnableMenuItem
DrawStateA
DispatchMessageW
DispatchMessageA
DialogBoxParamW
DestroyWindow
DestroyAcceleratorTable
DefWindowProcW
DdeQueryStringW
DdeGetLastError
CreateWindowExW
CreateDialogIndirectParamA
CreateAcceleratorTableW
SetWindowLongW
SetWindowTextW
ShowWindowAsync
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
wvsprintfW
IsWindowEnabled
LoadIconA
GetClipboardData
GetDlgCtrlID
GetOpenClipboardWindow
IsMenu
CreatePopupMenu
GetMenuItemCount
GetKBCodePage
GetMenuContextHelpId
GetFocus
GetInputState
GetShellWindow
GetAsyncKeyState
GetCapture
GetClipboardSequenceNumber
OemKeyScan
GetActiveWindow
CharUpperA
GetWindowDC
IsWindowUnicode
GetKeyboardType
EnumClipboardFormats
CopyIcon
GetMenuCheckMarkDimensions
EndMenu
GetListBoxInfo
ReleaseCapture
GetMessageExtraInfo
GetWindowLongW
CharToOemW
CharLowerW
BroadcastSystemMessageA
GetWindowContextHelpId

gdi32

SelectObject
SetBrushOrgEx
SetDCBrushColor
SetICMMode
SetPixelV
CancelDC
PathToRegion
CloseFigure
GetBkColor
AbortDoc
FlattenPath
GetObjectType
PlayMetaFileRecord
RealizePalette
WidenPath
SaveDC
BeginPath
SetMetaRgn
UnrealizeObject
AbortPath
EndPage
CreateMetaFileA
AddFontResourceA
SwapBuffers
OffsetWindowOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextCharset
GetMetaRgn
GetKerningPairsW
GetCurrentObject
GetCharWidth32A
GdiSwapBuffers
GdiStartPageEMF
GdiQueryTable
GdiGradientFill
GdiComment
GdiCleanCacheDC
FixBrushOrgEx
EngGradientFill
EngDeletePath
DescribePixelFormat
DeleteObject
DeleteDC
CreatePolygonRgn
CreateICA
CreateHatchBrush
CreateEllipticRgn
CreateDIBSection
CreateDCW
ChoosePixelFormat
AngleArc
BRUSHOBJ_pvAllocRbrush
GetTextColor

advapi32

RegEnumValueW
RegOpenKeyW
StartServiceCtrlDispatcherW
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetEntriesInAclW
ReportEventW
RegisterServiceCtrlHandlerExW
RegisterEventSourceW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
AllocateAndInitializeSid
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
OpenServiceW
OpenSCManagerW
InitializeSecurityDescriptor
GetUserNameW
FreeSid
DeregisterEventSource
DeleteService
CreateServiceW
CloseServiceHandle

shell32

Shell_NotifyIconW
ShellExecuteExA
SHPathPrepareForWriteW
SHLoadNonloadedIconOverlayIdentifiers
SHInvokePrinterCommandW
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetSettings
SHGetPathFromIDListW
SHGetMalloc
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolderW
SHCreateProcessAsUserW
SHEmptyRecycleBinW
SHGetFolderPathA
SHGetFolderPathW
ShellExecuteExW

shlwapi

StrChrW
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrA
StrRChrIA
StrRStrIW
StrStrIA
StrChrA

comctl32

InitCommonControlsEx

msvcrt

__p__commode
__p__fmode
__set_app_type
__setusermatherr
_abnormal_termination
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
_iob
_mbscmp
_mbscpy
_mbsicmp
_mbsinc
_mbslwr
_mbsnbcmp
_mbsnbicmp
_snwprintf
_vsnwprintf
_wcsicmp
_wcsnicmp
exit
fwprintf
iswctype
memmove
setlocale
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsrchr
_XcptFilter
__getmainargs

imm32

ImmDisableIME

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/CoronaVirus.exe
.exe windows:5 windows x86 arch:x86

d761cb0531b62176dc524988b5963190

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CloseHandle
CreateFileW
HeapReAlloc
HeapSize
GlobalAlloc
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetProcessHeap
SetStdHandle
SetEnvironmentVariableA
GetThreadPriority
SetFilePointerEx
LoadLibraryA
SetEvent
ResetEvent
CreateEventA
GetEnvironmentStrings
GetConsoleWindow
SetEndOfFile
GetPriorityClass
FreeLibrary
EnumDateFormatsA
GetCurrentThread
GetLastError
GlobalAddAtomA
WaitForSingleObject
SetThreadPriority
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentProcess
FindNextFileA
FindFirstFileExA
FindClose
DecodePointer
GetStringTypeW
LCMapStringW
CompareStringW
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
HeapAlloc
HeapFree
GetACP
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
GetFileType
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
RaiseException
EncodePointer
GlobalFree
GlobalLock
GlobalUnlock
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
BuildCommDCBA
SetCommTimeouts
SetCommState
GetCommTimeouts
GetCommState
WriteFile
ReadFile
FlushFileBuffers
CreateFileA
GetModuleHandleA
CreateEventW
SetPriorityClass

user32

SetClipboardData
GetClipboardData
EmptyClipboard
IsDlgButtonChecked
DefWindowProcA
TranslateMessage
RegisterWindowMessageW
ReleaseDC
EndPaint
CloseClipboard
OpenClipboard
DestroyWindow
ShowWindow
SetClassLongA
WindowFromDC
GetDesktopWindow
GetDlgItem
SendMessageA
LoadIconA
CheckMenuItem
GetCursorPos
BeginPaint
GetMessageW
CreateDialogParamW
GetDC
EndDialog
DialogBoxParamA
wsprintfA
OffsetRect
DispatchMessageW
TrackMouseEvent
SetWindowTextA
MessageBoxA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
SetWindowPos
IsIconic
GetWindowRect
AdjustWindowRectEx
ShowCursor
ClientToScreen
CopyRect
GetWindowLongA
SetWindowLongA
GetMonitorInfoA
EnumDisplayMonitors
GetSystemMetrics
LoadCursorA
ScreenToClient
SetRect
GetMessageA
DispatchMessageA
PeekMessageA
GetMessagePos
PostQuitMessage
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
UpdateWindow
SetActiveWindow
GetUpdateRect
InvalidateRect
ChildWindowFromPoint
MonitorFromWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
SetCursorPos
SetCursor
GetClientRect

gdi32

ChoosePixelFormat
BitBlt
SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
GetNearestPaletteIndex
DeleteDC
SetViewportOrgEx
DeleteObject
CreateDCA
GetDeviceCaps
SetPixelFormat
DescribePixelFormat
SwapBuffers
GetPixelFormat

comdlg32

GetOpenFileNameA
FindTextW

advapi32

RegQueryValueExA
OpenSCManagerA
ControlService
RegOpenKeyA
OpenServiceA
RegCloseKey
RegOpenKeyExA

shell32

ord63
DragQueryFileA
ord62
DragFinish

ole32

CreateStreamOnHGlobal

oleaut32

CreateTypeLib2
CreateTypeLi

odbc32

ord157
ord156
ord155

opengl32

wglGetCurrentDC
glScissor
glDisableClientState
glMatrixMode
glBlendFunc
glLoadIdentity
glTexParameteri
glDeleteTextures
glPopMatrix
glViewport
glEnableClientState
glPopAttrib
glPolygonMode
glBindTexture
glGenTextures
glVertexPointer
glNormalPointer
glGetFloatv
glDrawArrays
glVertex2f
glTranslatef
glPushClientAttrib
glPopClientAttrib
glBitmap
glVertex2i
glRasterPos2i
glEnd
glColor4fv
glColor4f
glBegin
glGetString
glGetError
glGetBooleanv
glReadBuffer
glDrawBuffer
glFlush
wglMakeCurrent
wglGetProcAddress
wglGetCurrentContext
wglDeleteContext
wglCreateContext
glClearColor
glTexCoordPointer
glClear
glGetIntegerv
glPushAttrib
glOrtho
glPixelStorei
glPushMatrix
glDisable
glDrawElements
glTexEnvi
glColorPointer
glTexImage2D
glGetTexEnviv
glEnable

winmm

joyGetDevCapsA
timeBeginPeriod
timeEndPeriod
timeGetTime
joyGetPosEx

gdiplus

GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipFree
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipCloneImage

ws2_32

closesocket

avifil32

AVIMakeCompressedStream

rpcrt4

UuidCreate
UuidToStringW

dbghelp

EnumerateLoadedModules

comsvcs

CoCreateActivity

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/CryptoLocker.exe
.exe windows:5 windows x86 arch:x86

7e8ad4139efc6cbcf31df3bc4b291dd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
memcpy
memmove
_vsnprintf
_vsnwprintf
_purecall
memset

kernel32

LoadLibraryW
FreeLibrary
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
lstrcmpA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
CreateMutexW
ReleaseMutex
FindResourceExW
LoadResource
SizeofResource
LockResource
CreateProcessW
SetFilePointerEx
FindNextFileW
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTime
GetDateFormatW
GetTimeFormatW
GetCurrentThreadId
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetEnvironmentVariableW
CopyFileExW
GetUserDefaultUILanguage
DeleteCriticalSection
FindClose
FindFirstFileW
DeleteFileW
GetFileTime
SetLastError
GetFileSizeEx
FlushFileBuffers
ReadFile
WriteFile
SetFileTime
ResumeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
SetFileAttributesW
CreateFileW
GetFileAttributesW
Sleep
GetTickCount
MoveFileExW
ExpandEnvironmentStringsW
GetVolumeInformationW
GetDiskFreeSpaceExW
WaitForMultipleObjects
ResetEvent
GetTempPathW
GetLogicalDrives
GetDriveTypeW
LocalFree
CloseHandle
CreateEventW
GetLastError
GetHandleInformation
SetThreadPriority
GetModuleFileNameW
GetCurrentThread
GetModuleHandleW
SetEvent
GetComputerNameW
WaitForSingleObject
SetErrorMode
GetCommandLineW
ExitProcess
CreateThread

user32

MessageBoxIndirectW
InSendMessage
ClientToScreen
GetWindowLongW
GetClassNameW
GetCaretPos
TrackPopupMenu
AppendMenuW
GetCursorPos
CreatePopupMenu
SetMenuDefaultItem
DestroyMenu
LoadIconW
CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
SystemParametersInfoW
ScrollWindowEx
GetSystemMetrics
UpdateWindow
SetScrollInfo
MessageBoxW
EndPaint
ScreenToClient
GetWindowRect
DrawTextW
GetParent
GetClientRect
IsDialogMessageW
DestroyWindow
BeginPaint
DrawFocusRect
IntersectRect
GetDlgItem
SendMessageW
GetDlgCtrlID
SetWindowTextW
MoveWindow
GetDC
ReleaseDC
CharLowerW
PostQuitMessage
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
SetTimer
PostMessageW
SetFocus
RegisterClassExW
FlashWindowEx
InvalidateRect
GetWindowTextW
MonitorFromWindow
SetWindowPos
ShowWindow
GetForegroundWindow
AdjustWindowRectEx
IsWindowVisible
GetMonitorInfoW
DefWindowProcW
DialogBoxParamW
SetWindowLongW
EndDialog
CreateDialogParamW
MonitorFromPoint
UnregisterClassW
SetForegroundWindow
GetKeyState
ReplyMessage
GetScrollInfo
CreateWindowExW

advapi32

CryptAcquireContextW
RegSetValueExW
RegEnumKeyExW
RegFlushKey
CryptSetKeyParam
CryptGetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
CryptDecrypt
CryptGetHashParam
CryptCreateHash
CryptDestroyHash
CryptHashData
RegCreateKeyExW
RegCloseKey
CryptExportKey
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW

shell32

SHGetFileInfoW
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

uxtheme

SetWindowTheme

gdi32

GetDeviceCaps
CreateSolidBrush
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
SetBkColor
DeleteDC
SetTextColor
GetObjectA
CreateFontIndirectW

comctl32

InitCommonControlsEx
ord413
ord410

shlwapi

StrCmpW
StrCmpNW
StrCmpIW
PathMatchSpecW
PathRemoveBackslashW
PathAddBackslashW
ord12
PathFindFileNameW
PathRemoveFileSpecW
PathUnquoteSpacesW
StrChrW
PathQuoteSpacesW

msimg32

AlphaBlend

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpWriteData
WinHttpOpenRequest
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen

gdiplus

GdipAlloc
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdiplusStartup
GdipDeleteBrush
GdipCreateBitmapFromStream
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipDeleteFont
GdipDeleteGraphics
GdipDrawImageRectI
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipDrawString
GdipCreateFromHDC
GdipSetStringFormatHotkeyPrefix
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFontFromDC
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdipFree
GdipCloneBrush

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
StringFromGUID2

crypt32

CryptImportPublicKeyInfo
CryptStringToBinaryA
CryptDecodeObjectEx

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/CryptoWall.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/DeriaLock.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Windows.old\Users\ArizonaCode\Documents\Visual Studio 2013\Projects\LOGON\LOGON\obj\Debug\LOGON.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/Dharma.exe
.exe windows:5 windows x86 arch:x86

ae9f6a32bb8b03dce37903edbc855ba1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileTime
CloseHandle
CreateFileW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
WaitForSingleObject
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwind
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/Fantom.exe
.exe windows:5 windows x86 arch:x86

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

ole32

OleInitialize

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/GandCrab.exe
.exe windows:5 windows x86 arch:x86

c2cfbc92b2194678c2499ed455f524c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
CreateMailslotW
GetLastError
GetProcAddress
LoadLibraryW
VirtualProtect
DuplicateHandle
CloseHandle
GetTickCount
GetFileAttributesExA
LocalAlloc
LockFile
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetModuleHandleW
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
InitializeCriticalSectionAndSpinCount
CreateFileA
HeapSize
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
GetProcessHeap
ReadFile
GetLocaleInfoW
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

OpenSCManagerA
SetAclInformation
AreAnyAccessesGranted

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 78.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mysec
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mysec3
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mysec2
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rcrs
Size: 88KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/GoldenEye/GoldenEye.exe
.exe windows:5 windows x86 arch:x86

eadbe699c9f56194b9bbdf2dd7631233

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\ZoomIt\Release\ZoomIt.pdb

Imports

comctl32

ord17

winmm

PlaySoundA

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRect
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromHBITMAP

msimg32

AlphaBlend

kernel32

GetTickCount
FormatMessageA
lstrcpynA
CreateEventA
GetModuleFileNameA
CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
FindResourceA
GetFileAttributesA
DeleteFileA
MultiByteToWideChar
GetStringTypeW
FatalAppExitA
CreateSemaphoreW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
MulDiv
GetFileType
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
RtlUnwind
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapSize
GetModuleFileNameW
WriteFile
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetProcessHeap
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
HeapAlloc
HeapFree
Beep
CloseHandle
SizeofResource
LoadResource
Sleep
WaitForSingleObject
GetLastError
SetThreadPriority
GetCurrentThread
GetExitCodeProcess
GetCurrentProcess
GetVersion
LockResource
GetCommandLineW
GetModuleHandleA
LoadLibraryA
LocalFree
LocalAlloc
GetProcAddress
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
RaiseException
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
InterlockedExchange
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
OutputDebugStringW
LoadLibraryW
SetFilePointerEx
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW
ReadFile
ReadConsoleW
SetEndOfFile
DeleteCriticalSection

user32

FindWindowW
FindWindowA
GetParent
GetDesktopWindow
GetWindowLongA
SetRect
FillRect
GetSysColor
ChildWindowFromPoint
MapWindowPoints
GetClipCursor
ClipCursor
GetCursorPos
LoadIconA
MessageBoxA
GetWindowRect
GetClientRect
RedrawWindow
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
ChangeDisplaySettingsExA
SystemParametersInfoA
EnumDisplaySettingsA
SetCursorPos
DrawTextA
TrackPopupMenu
InsertMenuA
DestroyMenu
CreatePopupMenu
TranslateAcceleratorA
LoadAcceleratorsA
EnableWindow
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA
CreateDialogParamA
BringWindowToTop
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
GetMessageExtraInfo
UnregisterHotKey
RegisterHotKey
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
SetWindowLongA

gdi32

DeleteDC
DeleteObject
Ellipse
GetStockObject
LineTo
Rectangle
SelectObject
CreateSolidBrush
StretchBlt
SetROP2
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
Polygon
CreatePen
CreateFontIndirectA
GetDeviceCaps
StartDocA
SetMapMode
EndDoc
StartPage
EndPage
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
SetBkMode
CreateDCA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
PrintDlgA
ChooseFontA

advapi32

RegCreateKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CoInitialize

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/GoldenEye/GoldenEye.js
.js
The-MALWARE-Repo-master/Ransomware/InfinityCrypt.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\DESKTOP!\ChkDsk\ChkDsk\obj\Debug\PremiereCrack.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/Krotten.exe
.exe windows:4 windows x86 arch:x86

79fd079e9d3e0619831be2cf92afa94a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateMessage
ShowWindow
SetWindowTextA
SetWindowPos
SetTimer
SetForegroundWindow
SetCursorPos
SetClipboardData
SendNotifyMessageA
SendMessageTimeoutA
SendMessageA
RegisterWindowMessageA
RegisterClassExA
PostQuitMessage
OpenClipboard
MoveWindow
ModifyMenuA
MessageBoxA
MapWindowPoints
LoadIconA
LoadCursorA
LoadBitmapA
UpdateWindow
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
InsertMenuItemA
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindow
GetSystemMenu
GetSubMenu
GetParent
GetMessageA
GetMenuStringA
GetMenuItemID
GetMenuItemCount
GetMenu
GetForegroundWindow
GetDesktopWindow
GetCursorPos
keybd_event
mouse_event
KillTimer
GetClipboardData
GetClientRect
GetClassNameA
GetAsyncKeyState
EnumWindows
EnumChildWindows
EnableWindow
EnableMenuItem
EmptyClipboard
DrawMenuBar
DispatchMessageA
DefWindowProcA
CreateWindowExA
CloseClipboard
wsprintfA

kernel32

lstrlenA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualProtectEx
VirtualFree
VirtualAlloc
TerminateThread
TerminateProcess
SystemTimeToFileTime
Sleep
SetPriorityClass
SetLocalTime
SetFileTime
SetFilePointer
SetFileAttributesA
SetEndOfFile
SetCurrentDirectoryA
RtlMoveMemory
ResumeThread
RemoveDirectoryA
ReadProcessMemory
ReadFile
OpenProcess
MoveFileA
LocalFileTimeToFileTime
LoadLibraryA
InterlockedIncrement
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocalTime
GetLastError
GetFileTime
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetCurrentProcess
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
GetCurrentDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
FileTimeToSystemTime

shell32

ShellExecuteExA
DragQueryFileA
DragFinish

gdi32

DeleteObject

advapi32

RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

winmm

timeSetEvent
timeKillEvent

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Ransomware/Locky.AZ.exe
.dll windows:5 windows x86 arch:x86

69161fad7896fa3f6cbd1db55bbf9f44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
CloseHandle
LoadLibraryA
QueryPerformanceCounter
GlobalAddAtomA
GetCommandLineW
GetDriveTypeW
CreateFileA
GetCurrentProcessId

user32

SendMessageA
CharLowerA

gdi32

BeginPath
AngleArc
AbortPath
AddFontMemResourceEx
AnimatePalette

winspool.drv

ClosePrinter

advapi32

RegOpenKeyW

shell32

CommandLineToArgvW

winmm

PlaySoundA

msvcrt

exit
_except_handler3
_wtoi

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.te32t
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss1
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/NoMoreRansom.exe
.exe windows:5 windows x86 arch:x86

f4aae2cc8a2971ab9714645e85b7edb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeSListHead
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadHugeReadPtr
IsDebuggerPresent
IsProcessorFeaturePresent
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalReAlloc
LockResource
MoveFileExA
MulDiv
MultiByteToWideChar
OpenFileMappingW
OutputDebugStringA
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
RaiseException
ReadConsoleInputW
ReadConsoleW
ReadFile
InitializeCriticalSectionAndSpinCount
RtlMoveMemory
RtlUnwind
SetCalendarInfoA
SetComputerNameA
SetEvent
SetHandleCount
SetLastError
SetThreadExecutionState
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcmpA
lstrcmpW
lstrcmpiW
lstrlenA
InitializeCriticalSection
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalReAlloc
GlobalMemoryStatusEx
GlobalLock
GlobalHandle
GlobalGetAtomNameA
GlobalFree
GlobalFlags
GlobalFix
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryW
GetVolumePathNamesForVolumeNameW
GetVersionExA
GetVersion
GetTimeZoneInformation
GetTickCount
GetTempFileNameA
GetTapePosition
GetSystemTimes
GetSystemTimeAsFileTime
GetSystemInfo
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetProcessHeap
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileIntW
GetPrivateProfileIntA
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetLongPathNameW
GetLocaleInfoA
GetLastError
GetFullPathNameW
GetFileType
GetFileSizeEx
GetFileSize
GetFileAttributesExW
GetEnvironmentStringsW
GetEnvironmentStrings
GetDiskFreeSpaceExW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleAliasExesLengthA
GetCommandLineW
GetCommandLineA
GetBinaryTypeA
FreeResource
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindVolumeClose
FindResourceA
FindNextVolumeW
FindFirstVolumeW
FindFirstVolumeMountPointW
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
ExitProcess
EnumResourceLanguagesA
EnumDateFormatsW
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileW
DeleteFileA
DeleteCriticalSection
DeleteAtom
CreateThread
CreateFileW
CreateFileA
CreateEventW
CreateEventA
CopyFileA
ConvertDefaultLocale
CompareStringW
CompareStringA
CommConfigDialogW
CloseHandle
Beep
GetModuleHandleA
RtlFillMemory
VirtualAlloc

user32

MessageBoxW
ModifyMenuA
OpenClipboard
PeekMessageA
PostMessageA
PostMessageW
PostQuitMessage
PostThreadMessageA
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassA
RegisterClassExW
RegisterClipboardFormatA
RegisterClipboardFormatW
RegisterWindowMessageA
RegisterWindowMessageW
ReleaseDC
RemovePropA
RemovePropW
SendDlgItemMessageA
SendMessageA
SendMessageCallbackA
SendMessageTimeoutW
SendMessageW
SetActiveWindow
SetCursor
SetFocus
SetForegroundWindow
SetMenuInfo
SetMenuItemBitmaps
SetPropA
SetPropW
SetRect
SetScrollInfo
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowsHookExA
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TabbedTextOutA
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassA
UnregisterDeviceNotification
UpdateLayeredWindow
UpdateWindow
ValidateRect
WINNLSGetEnableStatus
WaitMessage
WinHelpA
keybd_event
MessageBoxA
MapWindowPoints
MapVirtualKeyW
LoadCursorW
LoadCursorA
LoadBitmapA
KillTimer
IsWindowEnabled
IsWindow
IsDialogMessageA
IsCharAlphaNumericW
InvalidateRect
InflateRect
GrayStringA
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowModuleFileNameW
GetWindowModuleFileName
GetWindowLongW
GetWindowLongA
GetWindowDC
GetWindow
GetUserObjectSecurity
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropA
GetParent
GetNextDlgTabItem
GetMonitorInfoA
GetMessageW
GetMessageTime
GetMessagePos
GetMessageA
GetMenuState
GetMenuItemID
GetMenu
GetLastActivePopup
GetKeyState
GetInputState
GetIconInfo
GetFocus
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
GetCursorPos
GetComboBoxInfo
GetClientRect
GetClassNameW
GetClassNameA
GetClassLongA
GetClassInfoExW
GetClassInfoExA
GetClassInfoA
GetCapture
FrameRect
FindWindowW
FillRect
EnumWindows
EnumDesktopWindows
EndPaint
EndDialog
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextExA
DrawTextA
DrawMenuBar
DrawFrameControl
DlgDirListComboBoxA
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DeregisterShellHookWindow
DefWindowProcA
DdeCmpStringHandles
CreateWindowExA
CreateDialogIndirectParamA
CopyRect
CopyImage
CloseClipboard
ClientToScreen
CheckMenuItem
CharNextA
ChangeMenuA
CallWindowProcW
CallWindowProcA
CallNextHookEx
BeginPaint
AppendMenuW
AllowSetForegroundWindow
AdjustWindowRectEx
CloseDesktop
GetCursor
GetWindowTextLengthW
PaintDesktop
GetDesktopWindow
CreatePopupMenu
GetKeyboardType
DestroyCursor
EndMenu
AnyPopup
OemKeyScan
GetTopWindow
IsCharUpperA
GetKBCodePage
GetSysColor
GetOpenClipboardWindow
GetForegroundWindow
GetDoubleClickTime
GetActiveWindow
CreateMenu
LoadIconA
IsWindowVisible
CopyIcon
GetDC
CharLowerW
IsCharLowerA
ShowCaret
IsIconic
GetMenuCheckMarkDimensions
OpenIcon
GetKeyboardLayout
GetWindowTextLengthA
ReleaseCapture
GetDlgCtrlID
CharNextW
GetDialogBaseUnits
CharUpperW
CharUpperA
LoadCursorFromFileA
GetAsyncKeyState
GetMenuItemCount

gdi32

PolyTextOutA
PtVisible
RectVisible
RemoveFontResourceExA
RestoreDC
STROBJ_bEnum
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectObject
SetBkColor
PlayMetaFile
SetEnhMetaFileBits
SetICMMode
SetMapMode
SetPaletteEntries
SetRectRgn
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
TextOutA
XLATEOBJ_piVector
OffsetViewportOrgEx
GetTextFaceA
GetOutlineTextMetricsA
GetObjectA
GetGraphicsMode
GetGlyphOutlineWow
GetFontData
GetEnhMetaFilePaletteEntries
GetDeviceCaps
GetClipBox
GdiValidateHandle
GdiResetDCEMF
GdiProcessSetup
GdiInitializeLanguagePack
GdiGetLocalDC
SetDIBits
EndDoc
GdiEntry10
FrameRgn
ExtTextOutA
Escape
EqualRgn
EngStretchBltROP
EngCreateClip
EngCreateBitmap
DeleteObject
DeleteDC
CreatePalette
CreateICA
CreateFontIndirectA
CreateDIBSection
CreateBitmap
CopyMetaFileA
CLIPOBJ_ppoGetPath
AddFontMemResourceEx
RealizePalette
StrokePath
DeleteMetaFile
GetLayout
GetStretchBltMode
GetPixelFormat
AddFontResourceW
GetFontLanguageInfo
GetStockObject
UnrealizeObject
CloseEnhMetaFile
GetMapMode
AbortPath
SwapBuffers
GetEnhMetaFileW
DeleteColorSpace
SetMetaRgn
DeleteEnhMetaFile
GetSystemPaletteUse
GetTextAlign
CreateMetaFileA
AbortDoc
CancelDC
GdiFlush

advapi32

RegQueryValueExA
RegQueryValueA
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegOpenKeyW
RegQueryValueExW
RegSetValueExA

shell32

ShellExecuteW
ShellExecuteEx
ShellAboutW
SHQueryRecycleBinW
SHPathPrepareForWriteA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetPathFromIDList
SHGetFolderPathW
SHGetFolderPathA
SHGetFolderLocation
SHGetFileInfoW
SHGetFileInfo
SHGetDiskFreeSpaceExW
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHGetDataFromIDListA
SHFileOperationW
SHFileOperationA
SHEmptyRecycleBinA
SHCreateDirectoryExA
ExtractIconExW
ExtractIconA
DuplicateIcon
DragQueryFileW
DragQueryFile
DragFinish
DragAcceptFiles
DoEnvironmentSubstW
CommandLineToArgvW

ole32

OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OleUninitialize
CoSuspendClassObjects
CoRevokeClassObject
CoResumeClassObjects
CoRegisterMessageFilter
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathFindFileNameW
PathIsUNCA
PathStripToRootA
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW

Sections

.text
Size: 980KB - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/NotPetya.exe
.exe windows:5 windows x86 arch:x86

ab8fd60b3da01515e6706e8d122c633f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\PC\documents\visual studio 2010\Projects\NotPetya\Release\NotPetya.pdb

Imports

kernel32

GetFullPathNameA
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
ExpandEnvironmentStringsA
WriteFile
CloseHandle
HeapReAlloc
GetStringTypeW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
RtlUnwind
HeapSize
LCMapStringW
MultiByteToWideChar
IsProcessorFeaturePresent

shell32

ShellExecuteA

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/PetrWrap
.exe windows:5 windows x86 arch:x86

90cfb770dd8b0646a46fc541c93185a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetTickCount
GetVersionExA
FreeLibrary
GetProcAddress
GlobalMemoryStatus
LoadLibraryA
HeapAlloc
HeapFree
GetCommandLineA
HeapReAlloc
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ReadFile
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
AreFileApisANSI
MultiByteToWideChar
GetProcessHeap
SetLastError
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
QueryPerformanceCounter
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
SetFilePointer
SetFilePointerEx
SetStdHandle
GetStringTypeW
LCMapStringW
HeapSize
CreateFileW
SetEndOfFile
GetVersion
GetCurrentThreadId
GetLastError
GetFileType
GetStdHandle
Sleep
VirtualAlloc
CreateFileA
CloseHandle
FreeEnvironmentStringsW
WriteFile

user32

GetUserObjectInformationW
GetProcessWindowStation
wsprintfA
MessageBoxA
GetDesktopWindow

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/Petya.A.exe
.exe windows:5 windows x86 arch:x86

1a63922d5931d1bb8ca5188313f78eaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

GoogleCrashHandler_unsigned.pdb

Imports

kernel32

GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CreateSemaphoreW
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalFree
CreateDirectoryW
DeleteFileW
GetCurrentThread
WaitForMultipleObjects
LoadLibraryW
WaitForSingleObject
GetExitCodeProcess
DuplicateHandle
ReleaseMutex
GetEnvironmentVariableW
lstrcmpiW
VirtualQuery
GetTempPathW
GetLocalTime
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcmpW
lstrlenW
SetFilePointer
CreateMutexW
InitializeCriticalSection
TryEnterCriticalSection
SetEvent
ResetEvent
GetFileAttributesExW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
MoveFileExW
GetFileTime
ReadFile
DeviceIoControl
SetProcessWorkingSetSize
OpenProcess
CreateProcessW
ReadProcessMemory
lstrcpynW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateThread
DebugActiveProcess
GetThreadContext
DebugActiveProcessStop
VirtualQueryEx
GetProcessId
GetSystemInfo
ContinueDebugEvent
WaitForDebugEvent
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
GetCommandLineW
EncodePointer
LeaveCriticalSection
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
RtlCaptureContext
ReleaseSemaphore
EnterCriticalSection
OutputDebugStringW
DeleteCriticalSection
DecodePointer
HeapSize
GetProcAddress
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetModuleHandleW
HeapFree
IsDebuggerPresent
GetUserDefaultLangID
GetSystemDefaultLangID
GetComputerNameExW
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
UnregisterWait
GetProcessTimes
UnregisterWaitEx
RegisterWaitForSingleObject
VirtualProtect
VirtualAlloc
HeapAlloc
RemoveDirectoryW
HeapReAlloc

user32

SetClipboardData
EmptyClipboard
OpenClipboard
GetProcessWindowStation
CloseDesktop
CloseClipboard
CharUpperW
CharLowerW
PostThreadMessageW
DispatchMessageW
GetMessageW
PeekMessageW
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
SetThreadDesktop
CreateWindowStationW
CloseWindowStation
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
wvsprintfW
wsprintfW
MessageBoxW

advapi32

GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetAce
MakeSelfRelativeSD
GetSecurityDescriptorLength
EqualSid
SetNamedSecurityInfoW
ConvertStringSidToSidW
OpenThreadToken
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetSecurityDescriptorSacl
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
SetTokenInformation

ole32

CoCreateGuid
StringFromGUID2

shell32

SHGetFolderPathW

netapi32

NetApiBufferFree
NetWkstaGetInfo

rpcrt4

UuidCreate

shlwapi

PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
PathCanonicalizeW
PathIsRelativeW
SHQueryValueExW
PathAppendW

userenv

UnloadUserProfile

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/PolyRansom.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Ransomware/PowerPoint.exe
.exe windows:4 windows x86 arch:x86

91b2790c505bbe69e215e722d884b1b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

crtdll

sprintf

kernel32

CreateProcessA
GlobalAddAtomA
GlobalFindAtomA
GetVersion
GetTempPathA
GetTickCount
ExitProcess
GetModuleFileNameA
CopyFileA
Sleep
CloseHandle
GetModuleHandleA
GetCurrentProcess
CreateFileA
ReadFile
SetFilePointer
WriteFile
GetFileSize
GlobalAlloc
DeleteFileA

user32

ExitWindowsEx

shell32

ShellExecuteA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/RedBoot.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 343KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 873KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 881KB - Virtual size: 880KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/RedEye.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/Rensenware.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\mkang\Documents\Visual Studio 2017\Projects\renseiWare\rensenWare\obj\Release\rensenWare.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/Rokku.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 912KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 665KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 916KB - Virtual size: 915KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Ransomware/Satana.exe
.exe windows:5 windows x86 arch:x86

a3bc0305643e7601d6deca72652f4ab5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

vsprintf
memmove
NtYieldExecution
strchr
strncpy
_stricmp
memset

kernel32

GetLocalTime
OutputDebugStringA

user32

MessageBoxA

opengl32

glEnd
glEnable
glLineWidth
glPolygonMode
glColor3d
glBegin
glDisable
glClear
glPointSize
glLineStipple
glVertex3d

Sections

.text
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/Seftad.exe
.exe windows:5 windows x86 arch:x86

45f43067991f331f7e6d9d92f382f3ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
FindResourceA
SetFilePointer
LoadResource
WriteFile
SizeofResource
ReadFile
LockResource
CloseHandle
FlushFileBuffers
CreateFileW
IsProcessorFeaturePresent
HeapReAlloc
GetStringTypeW
GetLastError
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
HeapCreate
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
RtlUnwind
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

VariantClear

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/SporaRansomware.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/UIWIX.exe
.dll windows:5 windows x86 arch:x86

1743a5b9816a58c2129527a62802cc12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateThread

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/ViraLock.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Ransomware/WannaCry.exe
.exe windows:4 windows x86 arch:x86

e858a14f217810d78466806d95d7fceb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
SetErrorMode
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
ReadFile
SetFilePointer
WriteFile
SetFileTime
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
GetModuleFileNameA
CloseHandle

user32

wsprintfA

advapi32

CryptDecrypt
CryptDestroyKey
CryptReleaseContext
CryptImportKey
CryptAcquireContextA

ws2_32

WSAStartup
inet_addr
WSACleanup

msvcrt

_controlfp
__set_app_type
__p__fmode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
__p__commode
strcpy
memset
strlen
memcpy
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
??2@YAPAXI@Z
sscanf
strcmp
__p___argv
__p___argc
strrchr
realloc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/WannaCrypt0r.exe
.exe windows:4 windows x86 arch:x86

68f013d7437aa653a8a98a05807afeb1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetFileSize
WriteFile
LeaveCriticalSection
EnterCriticalSection
SetFileAttributesW
SetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetFileAttributesA
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
Sleep
OpenMutexA
GetFullPathNameA
CopyFileA
GetModuleFileNameA
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
SetFilePointer
SetFileTime
GetComputerNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
CreateProcessA
CloseHandle
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
FindResourceA

user32

wsprintfA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
CryptReleaseContext
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

msvcrt

realloc
fclose
fwrite
fread
fopen
sprintf
rand
srand
strcpy
memset
strlen
wcscat
wcslen
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
wcsrchr
swprintf
??2@YAPAXI@Z
memcpy
strcmp
strrchr
__p___argv
__p___argc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/WinlockerVB6Blacksod.exe
.exe windows:5 windows x86 arch:x86

fdc840a7a99c43c34a60188ec8cc1596

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\victor\Desktop\BRANCH\win\Release\stubs\x86\ExternalUi.pdb

Imports

kernel32

CreateDirectoryW
GetCurrentProcessId
GetExitCodeThread
SetEvent
CreateEventW
SetLastError
LoadLibraryW
FreeLibrary
lstrlenW
GetVersionExW
CreateFileA
SetStdHandle
WriteConsoleW
WriteConsoleA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetDiskFreeSpaceExW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
ExitProcess
lstrcmpiW
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
PeekNamedPipe
OpenEventW
CopyFileExW
CompareFileTime
GetVersion
ResetEvent
MoveFileW
GetLocaleInfoA
GetStringTypeW
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
GetSystemDirectoryW
GetLocalTime
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
FileTimeToSystemTime
GetUserDefaultLangID
GetSystemDefaultLangID
GetDriveTypeW
CompareStringW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
GetFileSize
ReadFile
GlobalFree
GetTempPathW
GetSystemTime
SystemTimeToFileTime
GetTempFileNameW
DeleteFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
GetLogicalDriveStringsW
GetFileAttributesW
SetFileAttributesW
GetFileTime
CopyFileW
FindClose
MultiByteToWideChar
LoadLibraryExW
WideCharToMultiByte
InterlockedExchange
GetSystemInfo
TlsFree
WaitForMultipleObjects
Sleep
GetLastError
GetCurrentThreadId
WaitForSingleObject
MulDiv
lstrcpynW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocaleInfoW
EnumResourceLanguagesW
SetEndOfFile
SetCurrentDirectoryW
GetCommandLineW
GetExitCodeProcess
CreateProcessW
GetModuleFileNameA
FlushFileBuffers
LeaveCriticalSection
SetFilePointer
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
GetFullPathNameW
GetCurrentThread
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleW
GetProcAddress
RaiseException
FlushInstructionCache
GetCurrentProcess
CloseHandle
WriteFile
CreateFileW
FreeEnvironmentStringsW
LocalAlloc
LocalFree
LoadLibraryA
GetShortPathNameW
GetEnvironmentVariableW
FormatMessageW
CreateThread
SetUnhandledExceptionFilter

user32

MapWindowPoints
GetParent
GetWindow
GetClientRect
GetWindowTextW
GetWindowTextLengthW
FillRect
IsWindow
ShowWindow
GetWindowRect
UnionRect
IsWindowVisible
BeginPaint
EndPaint
ScreenToClient
SetWindowPos
GetWindowDC
LookupIconIdFromDirectoryEx
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SendMessageW
DrawFrameControl
RegisterWindowMessageW
InvalidateRgn
GetDesktopWindow
GetKeyState
DrawStateW
DrawTextExW
DrawFocusRect
ValidateRect
DestroyMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenu
InflateRect
LoadBitmapW
MessageBeep
LoadImageW
CharNextW
GetClassNameW
ReleaseCapture
SetCapture
UpdateWindow
DestroyIcon
GetDlgCtrlID
GetCapture
SetScrollInfo
GetScrollPos
GetClassInfoExW
RegisterClassExW
DrawEdge
SetScrollPos
SetRect
MoveWindow
GetScrollInfo
GetMessagePos
SystemParametersInfoW
GetActiveWindow
TrackMouseEvent
GetAsyncKeyState
DestroyCursor
GetWindowRgn
IsZoomed
SetWindowRgn
GetComboBoxInfo
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
CreateDialogParamW
EndDialog
DialogBoxParamW
InvalidateRect
GetNextDlgTabItem
SetCursor
MonitorFromWindow
GetMonitorInfoW
IsDialogMessageW
IsChild
PostQuitMessage
PostMessageW
SetForegroundWindow
SetCursorPos
GetCursorPos
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
LoadStringW
MessageBoxW
GetFocus
EnableWindow
DestroyWindow
GetForegroundWindow
EnumWindows
GetWindowThreadProcessId
DialogBoxIndirectParamW
MsgWaitForMultipleObjects
GetPropW
GetSystemMenu
EnableMenuItem
ModifyMenuW
ExitWindowsEx
GetScrollRange
SetPropW
RemovePropW
LoadMenuW
GetSubMenu
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetIconInfo
SendMessageTimeoutW
UnregisterClassA
DrawTextW
DrawIconEx
GetSystemMetrics
ClientToScreen
OffsetRect
SetRectEmpty
PtInRect
GetSysColorBrush
IntersectRect
IsRectEmpty
SendMessageA
IsWindowEnabled
CopyRect
RedrawWindow
SetFocus
GetSysColor
CreateWindowExW
GetDlgItem
SetWindowTextW
EqualRect
SetTimer
KillTimer
GetDC
ReleaseDC
CreateIconFromResourceEx

gdi32

GetLayout
GetBrushOrgEx
CreateFontIndirectW
CreateSolidBrush
GetRgnBox
EqualRgn
CreatePolygonRgn
CreateRectRgnIndirect
GetStockObject
CreateFontW
SetBkMode
SetTextColor
SetBrushOrgEx
CreatePatternBrush
FillRgn
SelectClipRgn
GetBitmapBits
CreateRectRgn
GetObjectW
GetDeviceCaps
Rectangle
ExcludeClipRect
CreatePen
ExtTextOutW
SetBkColor
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC
CreateDIBSection
CreateBitmapIndirect
CombineRgn

advapi32

RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
StartServiceW
QueryServiceStatus
OpenServiceW
RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExA
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
RegOpenKeyExA
RegEnumValueA
LookupAccountSidW
RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
RegDeleteKeyA
RegCreateKeyA

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation

ole32

CoTaskMemRealloc
CoTaskMemFree
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoCreateGuid
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoInitializeEx
CoCreateInstance

oleaut32

VarDateFromStr
VarUI4FromStr
OleLoadPicture
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString

dbghelp

SymGetLineFromAddr
SymSetSearchPath
SymCleanup
SymInitialize
SymSetOptions
SymFunctionTableAccess
StackWalk
SymGetModuleBase

shlwapi

PathIsDirectoryW
PathAddBackslashW
PathIsUNCW
PathFileExistsW

comctl32

ImageList_Destroy
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_LoadImageW
ImageList_GetIcon
ImageList_AddMasked
ImageList_SetBkColor
_TrackMouseEvent
ImageList_Add
ImageList_ReplaceIcon
ImageList_Create
CreatePropertySheetPageW
PropertySheetW

msimg32

AlphaBlend
TransparentBlt

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mpr

WNetAddConnection2W

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 1010KB - Virtual size: 1009KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/Xyeta.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 54KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Ransomware/satan.exe
.exe windows:5 windows x86 arch:x86

65e9607e6f28a7852bb41a6e2e439a92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
CreateToolhelp32Snapshot
GetThreadContext
RemoveVectoredExceptionHandler
SetUnhandledExceptionFilter
LoadLibraryW
AddVectoredExceptionHandler
Process32FirstW
TerminateProcess
OpenProcess
CreateProcessW
VirtualQuery
GetModuleHandleW
GetCurrentProcess
GetProcessHeap
HeapFree
HeapAlloc
GetModuleHandleA
GetProcAddress
GetModuleFileNameW
Sleep
GetCommandLineW
ExitProcess
DeleteFileW
CloseHandle
VirtualAlloc
CreateFileW
ReadFile
VirtualFree
GetCurrentThread
GetFileSize
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind

user32

FindWindowW

advapi32

CryptAcquireContextW
GetUserNameW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptGetHashParam

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Spyware/AgentTesla.exe
.exe windows:4 windows x86 arch:x86

7eae418c7423834ffc3d79b4300bd6fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
ExitProcess
MoveFileW
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
lstrcmpW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
ReadFile
MulDiv
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
FreeLibrary
GetPrivateProfileStringW
GetModuleHandleW
LoadLibraryExW

user32

GetWindowRect
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
ScreenToClient
EnableMenuItem
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
SystemParametersInfoW
EndDialog
RegisterClassW
DialogBoxParamW
CreateWindowExW
GetClassInfoW
DestroyWindow
CharNextW
ExitWindowsEx
SetWindowTextW
LoadImageW
SetTimer
ShowWindow
PostQuitMessage
wsprintfW
SetWindowLongW
FindWindowExW
IsWindow
CreatePopupMenu
AppendMenuW
GetSystemMetrics
DrawTextW
EndPaint
CreateDialogParamW
SendMessageTimeoutW
SetForegroundWindow

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHFileOperationW
SHBrowseForFolderW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Spyware/HawkEye.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Spyware/Kakwa.doc
.doc windows office2003

ThisDocument

qpnyeziw
The-MALWARE-Repo-master/Spyware/The Worst Of All!!!!!!/BonziBUDDY!!!!!!.txt
The-MALWARE-Repo-master/Spyware/butterflyondesktop.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Virus/Floxif/Floxif.exe
.exe windows:5 windows x86 arch:x86

1e8d1e12f2998c7db1084028a8a4301b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\PinyinDev_R_6_7_0\Bin\SogouPdb\SogouInput\SGDownload.pdb

Imports

wininet

InternetQueryDataAvailable
InternetSetOptionA
InternetQueryOptionA
InternetCrackUrlA
HttpOpenRequestA
InternetConnectA
InternetGetCookieA
HttpQueryInfoW
HttpSendRequestA
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
InternetOpenW
InternetQueryOptionW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpOpenRequestW
InternetConnectW
HttpAddRequestHeadersW
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA

ws2_32

recv
send
WSAStartup
closesocket
WSACleanup
socket
htons
bind
getsockname
ntohs
listen
ioctlsocket
accept
shutdown
gethostbyname
connect
WSAGetLastError
inet_ntoa
inet_addr
select
__WSAFDIsSet
sendto

kernel32

SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringW
MultiByteToWideChar
LCMapStringA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTickCount
Sleep
DeleteCriticalSection
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
SetUnhandledExceptionFilter
lstrcatW
lstrcpyW
lstrlenW
SetFilePointer
CreateFileW
FormatMessageW
GetModuleHandleW
GetModuleFileNameW
VirtualQuery
WriteFile
CreateProcessW
OutputDebugStringW
GetLocalTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
LoadLibraryW
IsDebuggerPresent
InitializeCriticalSection
SetEvent
FlushFileBuffers
ReadFileEx
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
EnterCriticalSection
LeaveCriticalSection
CreateEventW
CreateNamedPipeW
WriteFileEx
GetOverlappedResult
WaitForMultipleObjectsEx
DeleteFileW
GetTempPathW
InterlockedDecrement
InterlockedIncrement
HeapFree
SetEndOfFile
HeapAlloc
GetProcessHeap
GetFileSize
SetFileAttributesW
ResumeThread
GetFileAttributesW
WideCharToMultiByte
SetLastError
OpenEventW
QueueUserWorkItem
InterlockedExchange
InterlockedExchangeAdd
CreateThread
SystemTimeToFileTime
RaiseException
SuspendThread
AllocConsole
GetStdHandle
MoveFileExW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
ReadFile
CreateDirectoryW
CreateFileMappingW
MoveFileW
GetFileTime
GetModuleHandleA
FileTimeToSystemTime
HeapCreate
VirtualAlloc
VirtualFree
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
ExitProcess
GetStartupInfoW
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
InterlockedCompareExchange
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
UnhandledExceptionFilter
TerminateProcess
ExitThread
RtlUnwind
LocalFree
FindClose
GetSystemDirectoryW
FreeLibrary
FindFirstFileW

user32

GetMessageW
SetTimer
wsprintfA
RegisterClassExW
CreateWindowExW
SetPropW
GetPropW
DefWindowProcW
SendMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
wvsprintfW
PostThreadMessageW

advapi32

BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW

shlwapi

PathFileExistsW
SHGetValueA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Virus/Gnil/Gnil.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.nsp0
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe
.exe windows:5 windows x86 arch:x86

e1d4718531a779a8d41d1fd888af078f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mobsync.pdb

Imports

msvcrt

__argc
__argv
toupper
_ftol
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
strncpy
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
wcscmp
_except_handler3

advapi32

RegQueryValueExW
RegQueryValueExA
RegEnumKeyW
RegEnumKeyA
RegOpenKeyExW
RegOpenKeyExA
GetUserNameW
GetUserNameA
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegCloseKey
OpenThreadToken
OpenProcessToken

kernel32

LocalReAlloc
GetStartupInfoA
GetModuleHandleA
lstrcpynA
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
WaitForSingleObject
GetTickCount
CloseHandle
GetLastError
SetEvent
FormatMessageW
InitializeCriticalSection
CreateThread
GetCurrentProcess
SetEnvironmentVariableW
GetCurrentThread
GetSystemDefaultLangID
GetVersionExA
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedExchange
MultiByteToWideChar
lstrlenA
DuplicateHandle
FreeLibrary
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteCriticalSection
LocalAlloc
LocalFree
TerminateThread
WideCharToMultiByte
GetUserDefaultLCID
AreFileApisANSI
IsBadReadPtr
SetLastError
LoadLibraryA
LoadLibraryW
CreateEventA
CreateEventW
GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW
FormatMessageA

gdi32

SetTextColor
GetTextExtentPointW
GetTextExtentPointA
CreateFontIndirectW
CreateFontIndirectA
SetBkColor
SelectObject
RestoreDC
DeleteObject
GetObjectA
SaveDC

user32

RegisterWindowMessageA
WinHelpW
WinHelpA
SetWindowTextW
SetWindowTextA
FindWindowW
FindWindowA
AttachThreadInput
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetMessageA
wsprintfW
DestroyWindow
PostQuitMessage
SetWindowLongA
GetWindowLongA
LoadCursorA
LoadIconA
DefDlgProcA
DefDlgProcW
SendMessageA
SetFocus
EnableWindow
GetFocus
IsWindowEnabled
GetDlgItem
UpdateWindow
SetForegroundWindow
ShowWindow
SystemParametersInfoA
GetClientRect
GetSystemMetrics
SetWindowPos
MapWindowPoints
GetWindowRect
DrawAnimatedRects
EndPaint
DrawIcon
BeginPaint
InvalidateRect
SetTimer
KillTimer
IsWindowVisible
DrawFocusRect
FillRect
GetSysColor
ReleaseDC
SetRect
GetDC
RedrawWindow
CallWindowProcW
SetCursor
GetParent
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
DefWindowProcA
DefWindowProcW
LoadStringA
LoadStringW
FindWindowExW
RegisterWindowMessageW
CreateWindowExA
CreateWindowExW
CreateDialogParamA
CreateDialogParamW
RegisterClassA
RegisterClassW
MessageBoxA
MessageBoxW
SendMessageW
DrawTextA
DrawTextW
FindWindowExA

ole32

CoRegisterClassObject
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoRevokeClassObject
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ImageList_Create
ImageList_Draw
ImageList_LoadImageW
ImageList_ReplaceIcon
InitCommonControlsEx

mobsync

RegGetSchedConnectionName
RegSetUserDefaults
RegGetSyncSettings
RegGetHandlerTopLevelKey
RegSchedHandlerItemsChecked
RegQueryLoadHandlerOnEvent
RegGetHandlerRegistrationInfo
RegGetSyncItemSettings
RegRemoveManualSyncSettings
RegSetSyncItemSettings
RegSetProgressDetailsState
RegGetProgressDetailsState
MobsyncGetClassObject
DisplayOptions
RegGetSchedSyncSettings

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Virus/MadMan.exe
The-MALWARE-Repo-master/Virus/Melissa.doc
.doc windows office2003

Melissa
The-MALWARE-Repo-master/Virus/Walker.com
The-MALWARE-Repo-master/Virus/WinNuke.98.exe
.exe windows:4 windows x86 arch:x86

e85cb1c4db79eee3be998741daba934f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

_CIcos
_adj_fptan
__vbaFreeVar
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaFileOpen
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Virus/Xpaj/xpaj.exe
.exe windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 197KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Virus/Xpaj/xpajB.exe
.exe windows:5 windows x86 arch:x86

1dca2dbd3757a754f369f518971d3efd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nmas.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free

kernel32

GetOEMCP
GetCurrentThreadId
IsDebuggerPresent
GetLogicalDrives
GetVersion
SetLastError
lstrcatA
GetConsoleOutputCP
GetProcessHeap
LocalFree
LocalAlloc
GetACP
GlobalFree
GetConsoleCP
VirtualAlloc
GetStartupInfoA
GetUserDefaultLCID
LoadLibraryA
GetLastError
GetEnvironmentStringsA
IsSystemResumeAutomatic
DeleteCriticalSection
lstrcpynA
GetCommandLineW
OpenEventA
WriteFile
CreateFileA
ReadFile
lstrcmpA
InterlockedDecrement
lstrlenA
GlobalAlloc
lstrcpyA
GetSystemDefaultLCID
GetUserDefaultLangID
InterlockedIncrement
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetCurrentProcess
GetThreadLocale
FreeEnvironmentStringsA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
Sleep
GetModuleHandleA
GetProcAddress
CompareStringA

advapi32

RegCreateKeyExA
RegCreateKeyA
RegFlushKey
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

GetInputState
GetClipboardViewer
LoadBitmapA
LoadImageA
CharNextW
GetIconInfo
DestroyCursor
GetCursor
WindowFromPoint
GetCursorPos
GetCapture
CreateCursor
GetClipboardOwner
GetWindowDC
CharUpperA
CharPrevA
CharNextA
DrawIcon
GetForegroundWindow
IsWindow
GetLastActivePopup
IsWindowEnabled
GetUserObjectInformationA
GetThreadDesktop
CloseDesktop
OpenInputDesktop
IsRectEmpty
GetWindowRect
SetPropA
GetWindowRgn
ShowOwnedPopups
InvalidateRgn
GetClientRect
MoveWindow
DeleteMenu
GetMenuItemCount
ModifyMenuA
GetSubMenu
AdjustWindowRectEx
EndPaint
BeginPaint
SetScrollPos
ScrollWindowEx
ClientToScreen
ScreenToClient
SetScrollInfo
OffsetRect
DrawFrameControl
DestroyMenu
MapWindowPoints
GetDlgItemTextA
SetRect
SetMenu
SetCapture
ReleaseCapture
GetDoubleClickTime
DrawMenuBar
GetKeyState
GetMenuState
LoadMenuA
GetMenuItemInfoA
SetFocus
RegisterClassExA
MapVirtualKeyA
GetClipCursor
OemToCharBuffA
CharToOemBuffA
VkKeyScanA
ToAscii
IsDlgButtonChecked
ShowWindow
IsIconic
SetForegroundWindow
SetWindowPos
SetRectEmpty
GetWindowTextA
SendMessageTimeoutA
GetClassLongA
CopyImage
InvalidateRect
UpdateWindow
GetSystemMenu
EnableMenuItem
InsertMenuItemA
GetWindow
GetWindowTextLengthA
SetDlgItemTextA
CheckDlgButton
IsWindowVisible
EnumWindows
GetClassNameA
GetDlgItem
GetFocus
EnableWindow
LoadCursorA
SetCursor
GetSysColor
GetSysColorBrush
FillRect
DrawFocusRect
InflateRect
DrawIconEx
SendMessageA
DrawTextA
SendDlgItemMessageA
GetDC
ReleaseDC
LoadStringA
SetWindowTextA
GetShellWindow
RemovePropA
GetPropA
CountClipboardFormats
GetProcessDefaultLayout
DestroyIcon
RegisterClassA
DefWindowProcA
KillTimer
UnregisterClassA
DestroyWindow
CreateWindowExA
SetWindowLongA
SetTimer
wsprintfA
PtInRect
IsDialogMessageA
GetKeyboardState
SetKeyboardState
GetWindowLongA
GetParent
GetDesktopWindow
GetSystemMetrics
SetCursorPos
ChangeDisplaySettingsExA
ChangeDisplaySettingsA
OpenDesktopA
SetThreadDesktop
FindWindowA
GetCaretBlinkTime
GetMessageA
TranslateMessage
DispatchMessageA
UnhookWindowsHookEx
RedrawWindow
keybd_event
mouse_event
PostThreadMessageA
PostMessageA
CallNextHookEx
GetActiveWindow

gdi32

CreateDIBitmap
GetDIBits
CreateDIBSection
PatBlt
RealizePalette
SelectPalette
CreateCompatibleBitmap
OffsetRgn
SetRectRgn
CombineRgn
CreateRectRgn
GetRgnBox
GetRegionData
SetPixel
SetPaletteEntries
GetSystemPaletteUse
GetSystemPaletteEntries
CreatePalette
CreateBitmap
SetDIBColorTable
GetTextExtentPointA
GetClipBox
FillRgn
UnrealizeObject
SetBrushOrgEx
SelectClipRgn
SetBkMode
CreatePatternBrush
SetDIBits
SetTextAlign
GetTextAlign
LPtoDP
CreateBrushIndirect
SetBitmapBits
CreatePen
SetROP2
SetTextCharacterExtra
SetTextJustification
SetPolyFillMode
SetArcDirection
Rectangle
Polygon
Pie
Ellipse
Arc
Chord
PolyBezier
RoundRect
LineTo
MoveToEx
ExtTextOutA
TextOutA
GetCharWidthA
GetCharABCWidthsA
EnumFontFamiliesA
CreateFontA
GetDeviceCaps
GetStockObject
GetObjectA
CreateFontIndirectA
SetBkColor
SetTextColor
CreateCompatibleDC
BitBlt
DeleteDC
SelectObject
PtInRegion
DeleteObject
GetTextExtentPoint32A
CreateHatchBrush
StretchDIBits
GetTextMetricsA

atmlib

ATMEndFontChange
ATMFontAvailable
ATMFontAvailableA

dnsapi

DnsWriteQuestionToBuffer_UTF8
DnsIsAMailboxType
DnsAllocateRecord
DnsStatusString
DnsDhcpSrvRegisterInit
DnsDhcpSrvRegisterTerm
DnsNameCompareEx_A
DnsApiHeapReset
DnsDowncaseDnsNameLabel
DnsUpdate

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Files

55b878ec00e988ff206a170cf34b525e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 25KB - Virtual size: 4.0MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 89KB - Virtual size: 88KB

8a6c92048eaa4c1652aa6f5807c98199

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

urlmon

Sections

.text Size: 4KB - Virtual size: 3KB

CODE Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 108KB - Virtual size: 111KB

CODE Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 338B

b10a33e794d5d2de180070d9dcc93422

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

winmm

kernel32

user32

wininet

gdi32

wintrust

powrprof

mscms

urlmon

shlwapi

iphlpapi

Sections

.text Size: 8KB - Virtual size: 4KB

.coda Size: 12KB - Virtual size: 10KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 348B

5ffc0457395f73c8894dad0221957a8e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

shell32

winspool.drv

advapi32

gdi32

user32

version

Sections

.text Size: 76KB - Virtual size: 74KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 25KB - Virtual size: 4.0MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 89KB - Virtual size: 88KB

.text
Size: 4KB - Virtual size: 3KB

CODE
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 108KB - Virtual size: 111KB

CODE
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 338B

.text
Size: 8KB - Virtual size: 4KB

.coda
Size: 12KB - Virtual size: 10KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 348B

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 4KB - Virtual size: 3KB

.code
Size: 12KB - Virtual size: 10KB

.adata
Size: 8KB - Virtual size: 7KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 980B

.text
Size: 4KB - Virtual size: 3KB

.codu
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 68KB - Virtual size: 101KB

.crt0
Size: 60KB - Virtual size: 57KB

.reloc
Size: 4KB - Virtual size: 392B

.text
Size: 588KB - Virtual size: 584KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 13KB

.pdata
Size: 4KB - Virtual size: 384B