mydoom | The-MALWARE-Repo-master[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

The-MALWARE-Repo-master.zip
Size

63.3MB
MD5

59cb533617e10ca74e8735ff41e5b823
SHA1

644468d5d6d8fab98268e219e8f2ce518b655ff4
SHA256

7ff2c3acbb884ead411c8b9f0df5b0ca5038333bdf872cb37d5e7eec4ac96b6f
SHA512

9b7e28bde79886ff479110b43380e73c4d1a95c547947abbb1825ed4f5078d3060a4390bf1dcead1d593abe0c0167c396e0aa47b3231eb577737c8c93efbe50b
SSDEEP

1572864:1bR+Nd33aius1Ckqujkhpgz2L9HBlHYSZ95hPfqL55r/XKAM:1ANl3aFs1C4SA2hlHf9Rfi5xjM

Score

10^/10

upx macro macro_on_action mydoom

Malware Config

Signatures

Detects MyDoom family 1 IoCs

resource	yara_rule
static1/unpack003/out.upx	family_mydoom

Mydoom family
mydoom

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
static1/unpack001/The-MALWARE-Repo-master/Spyware/Kakwa.doc	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack001/The-MALWARE-Repo-master/Spyware/Kakwa.doc

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/The-MALWARE-Repo-master/Email-Worm/Lacon.exe	upx
static1/unpack001/The-MALWARE-Repo-master/Email-Worm/MyDoom.A.exe	upx
static1/unpack001/The-MALWARE-Repo-master/Email-Worm/Nyxem.E.exe	upx

Unsigned PE 50 IoCs

Checks for missing Authenticode signature.

resource
unpack001/The-MALWARE-Repo-master/Email-Worm/Amus.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Anap.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Axam.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Brontok.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Bugsoft.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Duksten.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Funsoul.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Gruel.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Happy99.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Kiray.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Klez.e.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Lacon.exe
unpack002/out.upx
unpack001/The-MALWARE-Repo-master/Email-Worm/Lentin/Lentin.c.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Lentin/Lentin.d.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Magistr.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Maldal.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Mari.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/MeltingScreen.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Merkur.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/MsWorld.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/MyDoom.A.exe
unpack003/out.upx
unpack001/The-MALWARE-Repo-master/Email-Worm/MyPics.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/NakedWife.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Nyxem.E.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Pikachu.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Prolin.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Quamo.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Silver/Silver.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Trood.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/White.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Xanax.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/Yarner.a.exe
unpack001/The-MALWARE-Repo-master/Email-Worm/ZippedFiles.a.exe
unpack001/The-MALWARE-Repo-master/Spyware/AgentTesla.exe
unpack005/MaterialDesignColors.dll
unpack005/MaterialDesignThemes.Wpf.dll
unpack005/Microsoft.Management.Infrastructure.dll
unpack005/SharpSteam.dll
unpack005/System.Management.Automation.dll
unpack005/UWPHook.exe
unpack005/VDFParser.dll
unpack001/The-MALWARE-Repo-master/Spyware/HawkEye.exe
unpack001/The-MALWARE-Repo-master/Spyware/butterflyondesktop.exe
unpack001/The-MALWARE-Repo-master/Virus/Gnil/Gnil.exe
unpack001/The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe
unpack001/The-MALWARE-Repo-master/Virus/WinNuke.98.exe
unpack001/The-MALWARE-Repo-master/Virus/Xpaj/xpaj.exe
unpack001/The-MALWARE-Repo-master/Virus/Xpaj/xpajB.exe

Files

The-MALWARE-Repo-master.zip
.zip
The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
.elf linux x64
The-MALWARE-Repo-master/Botnets/FritzFrog/d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485
.elf linux x64
The-MALWARE-Repo-master/Email-Worm/Amus.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

yC
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Anap.a.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Axam.a.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

&%_*
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

U^#.
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Brontok.exe
.exe windows:4 windows x86 arch:x86

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress

Sections

DLP
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/BubbleBoy.html
.html .vbs polyglot
The-MALWARE-Repo-master/Email-Worm/Bugsoft.exe
.exe windows:4 windows x86 arch:x86

c1d24f2dee28c26ad20efbfa66d0d726

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarTstEq
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaVarCat
_CIlog
__vbaFileOpen
ord647
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Duksten.exe
.exe windows:4 windows x86 arch:x86

b82faf9237e7230cc2fbb2f1421d49bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrlenA
GetModuleHandleA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Emin.js
.js
The-MALWARE-Repo-master/Email-Worm/Funsoul.exe
.exe windows:4 windows x86 arch:x86

7e088f48d6fe44919b9fd479c903f565

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
ord516
_adj_fprem1
ord625
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaVarForInit
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
ord534
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
ord617
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
__vbaLateMemCallSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Gruel.a.exe
.exe windows:4 windows x86 arch:x86

5c7433b2a8bfdbd866a519f5ce78aa7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
MethCallEngine
ord516
ord662
ord593
ord594
ord595
ord520
ord631
ord632
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord607
ord608
ord716
ord534
ProcCallEngine
ord536
ord537
ord570
ord648
ord576
ord685
ord100
ord689
ord610
ord616
ord617
ord619
ord580
ord581

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Happy99.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/ILOVEYOU.vbs
.vbs
The-MALWARE-Repo-master/Email-Worm/Jer.html
.vbs
The-MALWARE-Repo-master/Email-Worm/Kiray.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.petite
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Klez.e.exe
.exe windows:4 windows x86 arch:x86

bb8a672644c54cc80e980f3e174cf92c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
IsDBCSLeadByte
WriteFile
ReadFile
GetTempFileNameA
GetTempPathA
DeleteFileA
SetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
SetEndOfFile
SetFilePointer
GetComputerNameA
SetFileTime
GetTickCount
CreateProcessA
GetSystemDirectoryA
GetCurrentProcess
GetVersionExA
GetVersion
WaitForSingleObject
GetCommandLineA
ExpandEnvironmentStringsA
GetDriveTypeA
CreateThread
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
LocalAlloc
LocalFree
GetLastError
GetLocalTime
UnmapViewOfFile
FreeLibrary
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
Process32First
Process32Next
GetModuleFileNameA
CreateToolhelp32Snapshot
Module32First
OpenProcess
ReadProcessMemory
TerminateProcess
Sleep
CloseHandle
LoadLibraryA
GetProcAddress
GetFileTime
SetStdHandle
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
GetModuleHandleA
GetStartupInfoA
ExitProcess
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
HeapFree
HeapAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FlushFileBuffers

advapi32

StartServiceCtrlDispatcherA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
StartServiceA
RegConnectRegistryA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegisterServiceCtrlHandlerA
OpenServiceA
SetServiceStatus
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegEnumValueA
RegDeleteValueA
RegOpenKeyA
RegEnumKeyA
RegCloseKey

ws2_32

gethostbyname
closesocket
WSACleanup
send
htons
connect
WSAGetLastError
WSAStartup
socket
recv

mpr

WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Lacon.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Lentin/Lentin.c.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 18KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.......
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Lentin/Lentin.d.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

...0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

...1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Magistr.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Maldal.a.exe
.exe windows:4 windows x86 arch:x86

894499b0c1732ab37b759498faae29f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord599
__vbaBoolVarNull
__vbaVargVar
_CIsin
__vbaVarZero
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarTstGe
_CIatan
__vbaStrMove
__vbaForEachVar
ord543
_allmul
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Mari.exe
.exe windows:4 windows x86 arch:x86

a8e4f0d33f3923214d437634054c49d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaResume
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
ord529
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
ord716
__vbaFPException
__vbaVarCat
ord537
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
ord612
__vbaVarDup
__vbaFpI4
ord616
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
ord542
_allmul
ord545
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/MeltingScreen.exe
.exe windows:4 windows x86 arch:x86

f90f100c81647f834881cf7cd9e90bd4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

MethCallEngine
ord625
ord593
ord598
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord608
ord535
ord645
ord100
ord617
ord580

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Merkur.exe
.exe windows:4 windows x86 arch:x86

4bd626f0fb8783b032a014d7ac172308

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord593
__vbaVarForInit
ord594
__vbaOnError
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaBoolVarNull
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaVarTstEq
__vbaObjVar
__vbaVarLateMemSt
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
ord600
ord601
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaFileOpen
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarDup
__vbaVarCopy
__vbaVarLateMemCallLd
_CIatan
__vbaStrMove
ord542
_allmul
ord545
_CItan
ord546
__vbaFPInt
__vbaVarForNext
_CIexp
ord580
__vbaFreeStr

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/MsWorld.exe
.exe windows:4 windows x86 arch:x86

ce3cbbc1ba1365b2d3ecb9bef12f75b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord632
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord608
ord716
ProcCallEngine
ord100

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/MyDoom.A.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/MyPics.a.exe
.exe windows:4 windows x86 arch:x86

a629f7d0ee066a263e62530ec4b91a16

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
ord516
_adj_fprem1
ord625
__vbaStrCat
ord553
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaVarForInit
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaVarCopy
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
ord544
__vbaLateMemCallSt
_CItan
ord546
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/NakedWife.exe
.exe windows:4 windows x86 arch:x86

ef6ce2f3d3b25e70f65cfafcb2c7b01e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaObjVar
__vbaVarLateMemSt
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaVarCat
_CIlog
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaLateMemCall
__vbaVarDup
__vbaVarLateMemCallLd
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/NewLove.vbs
.vbs
The-MALWARE-Repo-master/Email-Worm/Nyxem.E.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Pikachu.exe
.exe windows:4 windows x86 arch:x86

cf991f1d207b1a6b956f57f38b2aaa2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaObjVar
__vbaVarLateMemSt
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaVarCat
_CIlog
__vbaFileOpen
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaLateMemCall
__vbaVarAdd
__vbaVarLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Pleh.vbs
.vbs
The-MALWARE-Repo-master/Email-Worm/Prolin.exe
.exe windows:4 windows x86 arch:x86

b08f58ddcb14d10ef626790a3370327a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
_adj_fprem1
ord518
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaVarLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaCastObj
__vbaForEachVar
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Quamo.exe
.exe windows:4 windows x86 arch:x86

c3520ffe4db9de8477f08791726150fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
_adj_fprem1
__vbaStrCat
_adj_fdiv_m32
__vbaVarForInit
ord593
ord594
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaVarCat
_CIlog
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaForEachVar
_allmul
_CItan
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/San.html
The-MALWARE-Repo-master/Email-Worm/Scare.hta
.html .vbs polyglot
The-MALWARE-Repo-master/Email-Worm/Silver/Silver.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 22KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Trood.a.exe
.exe windows:1 windows x86 arch:x86

ad3ae4b62b30da87ef6c4e1607fc331b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RegisterServiceProcess
GetModuleHandleA
GetModuleFileNameA
ExitProcess
GetLocalTime
CopyFileA
WritePrivateProfileStringA
WinExec
CreateFileA
GetFileSize
VirtualAlloc
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
DeleteFileA
VirtualFree
GetSystemDirectoryA
lstrcatA

user32

RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
SetTimer
GetForegroundWindow
GetWindowRect
MoveWindow
ExitWindowsEx
PostQuitMessage
MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IMPORTS
Size: 204B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

imports
Size: 952B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

relocs
Size: 456B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

resource
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/White.a.exe
.exe windows:4 windows x86 arch:x86

ff441998bbcbf92dd625ab527152cc7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaExitProc
__vbaVarForInit
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarTstEq
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaVarMod
__vbaFpI4
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
__vbaStrVarCopy
ord619
ord542
_allmul
__vbaLateIdSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/Winevar.exe
.exe windows:4 windows x86 arch:x86

82e832e5393272a459a250927a9159b2

Code Sign

3e:cf:a1:82:70:93:c4:96:49:98:cb:d9:4b:e7:d8:b1
Certificate

Issuer

CN=Root Agency

Not Before

21-11-2002 14:47

Not After

31-12-2039 23:59

Subject

CN=Symantec Microsoft Corp

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindNextFileA
FindFirstFileA
Sleep
TerminateProcess
OpenProcess
GetFullPathNameA
GetVersionExA
FreeLibrary
GetTempFileNameA
GetSystemDirectoryA
LoadLibraryA
GlobalAlloc
GetDriveTypeA
GetLogicalDrives
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
GetModuleHandleA
CopyFileA
GetTickCount
CreateProcessA
CreateMutexA
GetLastError
DeleteFileA
CreateThread
SetThreadPriority
GetProcAddress
GlobalFree
SetEndOfFile
HeapFree
GetCurrentProcess
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
GetOEMCP
GetFileType
CloseHandle
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
WriteFile
HeapReAlloc
VirtualAlloc
VirtualFree
ExitProcess
GetStdHandle
SetHandleCount
HeapAlloc
HeapDestroy
GetVersion
ReadFile
HeapCreate

user32

MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA

wsock32

ntohs
WSACleanup
recvfrom
recv
send
gethostbyname
inet_addr
htons
ioctlsocket
connect
closesocket
WSAStartup
socket
setsockopt
sendto

urlmon

URLDownloadToFileA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA
ControlService
OpenServiceA
DeleteService
RegDeleteKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Xanax.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Email-Worm/Yarner.a.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Email-Worm/ZippedFiles.a.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Spyware/AgentTesla.exe
.exe windows:4 windows x86 arch:x86

7eae418c7423834ffc3d79b4300bd6fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
ExitProcess
MoveFileW
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
lstrcmpW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
ReadFile
MulDiv
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
FreeLibrary
GetPrivateProfileStringW
GetModuleHandleW
LoadLibraryExW

user32

GetWindowRect
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
ScreenToClient
EnableMenuItem
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
SystemParametersInfoW
EndDialog
RegisterClassW
DialogBoxParamW
CreateWindowExW
GetClassInfoW
DestroyWindow
CharNextW
ExitWindowsEx
SetWindowTextW
LoadImageW
SetTimer
ShowWindow
PostQuitMessage
wsprintfW
SetWindowLongW
FindWindowExW
IsWindow
CreatePopupMenu
AppendMenuW
GetSystemMetrics
DrawTextW
EndPaint
CreateDialogParamW
SendMessageTimeoutW
SetForegroundWindow

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHFileOperationW
SHBrowseForFolderW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MaterialDesignColors.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\MaterialDesignColors.Wpf\obj\Release\net45\MaterialDesignColors.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MaterialDesignThemes.Wpf.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\MaterialDesignThemes.Wpf\obj\Release\net45\MaterialDesignThemes.Wpf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MaterialDesignThemes.Wpf.xml
.xml
Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SharpSteam.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Brian\Documents\GitHub\SharpSteam\SharpSteam\obj\Release\SharpSteam.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.Management.Automation.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.Management.Automation.xml
.xml
UWPHook.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Brian\Documents\GitHub\UWPHook\UWPHook\obj\Release\UWPHook.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 762KB - Virtual size: 761KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UWPHook.exe.config
.xml
VDFParser.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Spyware/HawkEye.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Spyware/Kakwa.doc
.doc windows office2003

ThisDocument

qpnyeziw
The-MALWARE-Repo-master/Spyware/The Worst Of All!!!!!!/BonziBUDDY!!!!!!.txt
The-MALWARE-Repo-master/Spyware/butterflyondesktop.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Virus/Floxif/Floxif.exe
.exe windows:5 windows x86 arch:x86

1e8d1e12f2998c7db1084028a8a4301b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25-06-2012 00:00

Not After

24-08-2015 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\PinyinDev_R_6_7_0\Bin\SogouPdb\SogouInput\SGDownload.pdb

Imports

wininet

InternetQueryDataAvailable
InternetSetOptionA
InternetQueryOptionA
InternetCrackUrlA
HttpOpenRequestA
InternetConnectA
InternetGetCookieA
HttpQueryInfoW
HttpSendRequestA
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
InternetOpenW
InternetQueryOptionW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpOpenRequestW
InternetConnectW
HttpAddRequestHeadersW
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA

ws2_32

recv
send
WSAStartup
closesocket
WSACleanup
socket
htons
bind
getsockname
ntohs
listen
ioctlsocket
accept
shutdown
gethostbyname
connect
WSAGetLastError
inet_ntoa
inet_addr
select
__WSAFDIsSet
sendto

kernel32

SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringW
MultiByteToWideChar
LCMapStringA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTickCount
Sleep
DeleteCriticalSection
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
SetUnhandledExceptionFilter
lstrcatW
lstrcpyW
lstrlenW
SetFilePointer
CreateFileW
FormatMessageW
GetModuleHandleW
GetModuleFileNameW
VirtualQuery
WriteFile
CreateProcessW
OutputDebugStringW
GetLocalTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
LoadLibraryW
IsDebuggerPresent
InitializeCriticalSection
SetEvent
FlushFileBuffers
ReadFileEx
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
EnterCriticalSection
LeaveCriticalSection
CreateEventW
CreateNamedPipeW
WriteFileEx
GetOverlappedResult
WaitForMultipleObjectsEx
DeleteFileW
GetTempPathW
InterlockedDecrement
InterlockedIncrement
HeapFree
SetEndOfFile
HeapAlloc
GetProcessHeap
GetFileSize
SetFileAttributesW
ResumeThread
GetFileAttributesW
WideCharToMultiByte
SetLastError
OpenEventW
QueueUserWorkItem
InterlockedExchange
InterlockedExchangeAdd
CreateThread
SystemTimeToFileTime
RaiseException
SuspendThread
AllocConsole
GetStdHandle
MoveFileExW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
ReadFile
CreateDirectoryW
CreateFileMappingW
MoveFileW
GetFileTime
GetModuleHandleA
FileTimeToSystemTime
HeapCreate
VirtualAlloc
VirtualFree
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
ExitProcess
GetStartupInfoW
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
InterlockedCompareExchange
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
UnhandledExceptionFilter
TerminateProcess
ExitThread
RtlUnwind
LocalFree
FindClose
GetSystemDirectoryW
FreeLibrary
FindFirstFileW

user32

GetMessageW
SetTimer
wsprintfA
RegisterClassExW
CreateWindowExW
SetPropW
GetPropW
DefWindowProcW
SendMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
wvsprintfW
PostThreadMessageW

advapi32

BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW

shlwapi

PathFileExistsW
SHGetValueA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Virus/Gnil/Gnil.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.nsp0
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe
.exe windows:5 windows x86 arch:x86

e1d4718531a779a8d41d1fd888af078f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mobsync.pdb

Imports

msvcrt

__argc
__argv
toupper
_ftol
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
strncpy
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
wcscmp
_except_handler3

advapi32

RegQueryValueExW
RegQueryValueExA
RegEnumKeyW
RegEnumKeyA
RegOpenKeyExW
RegOpenKeyExA
GetUserNameW
GetUserNameA
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegCloseKey
OpenThreadToken
OpenProcessToken

kernel32

LocalReAlloc
GetStartupInfoA
GetModuleHandleA
lstrcpynA
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
WaitForSingleObject
GetTickCount
CloseHandle
GetLastError
SetEvent
FormatMessageW
InitializeCriticalSection
CreateThread
GetCurrentProcess
SetEnvironmentVariableW
GetCurrentThread
GetSystemDefaultLangID
GetVersionExA
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedExchange
MultiByteToWideChar
lstrlenA
DuplicateHandle
FreeLibrary
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteCriticalSection
LocalAlloc
LocalFree
TerminateThread
WideCharToMultiByte
GetUserDefaultLCID
AreFileApisANSI
IsBadReadPtr
SetLastError
LoadLibraryA
LoadLibraryW
CreateEventA
CreateEventW
GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW
FormatMessageA

gdi32

SetTextColor
GetTextExtentPointW
GetTextExtentPointA
CreateFontIndirectW
CreateFontIndirectA
SetBkColor
SelectObject
RestoreDC
DeleteObject
GetObjectA
SaveDC

user32

RegisterWindowMessageA
WinHelpW
WinHelpA
SetWindowTextW
SetWindowTextA
FindWindowW
FindWindowA
AttachThreadInput
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetMessageA
wsprintfW
DestroyWindow
PostQuitMessage
SetWindowLongA
GetWindowLongA
LoadCursorA
LoadIconA
DefDlgProcA
DefDlgProcW
SendMessageA
SetFocus
EnableWindow
GetFocus
IsWindowEnabled
GetDlgItem
UpdateWindow
SetForegroundWindow
ShowWindow
SystemParametersInfoA
GetClientRect
GetSystemMetrics
SetWindowPos
MapWindowPoints
GetWindowRect
DrawAnimatedRects
EndPaint
DrawIcon
BeginPaint
InvalidateRect
SetTimer
KillTimer
IsWindowVisible
DrawFocusRect
FillRect
GetSysColor
ReleaseDC
SetRect
GetDC
RedrawWindow
CallWindowProcW
SetCursor
GetParent
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
DefWindowProcA
DefWindowProcW
LoadStringA
LoadStringW
FindWindowExW
RegisterWindowMessageW
CreateWindowExA
CreateWindowExW
CreateDialogParamA
CreateDialogParamW
RegisterClassA
RegisterClassW
MessageBoxA
MessageBoxW
SendMessageW
DrawTextA
DrawTextW
FindWindowExA

ole32

CoRegisterClassObject
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoRevokeClassObject
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ImageList_Create
ImageList_Draw
ImageList_LoadImageW
ImageList_ReplaceIcon
InitCommonControlsEx

mobsync

RegGetSchedConnectionName
RegSetUserDefaults
RegGetSyncSettings
RegGetHandlerTopLevelKey
RegSchedHandlerItemsChecked
RegQueryLoadHandlerOnEvent
RegGetHandlerRegistrationInfo
RegGetSyncItemSettings
RegRemoveManualSyncSettings
RegSetSyncItemSettings
RegSetProgressDetailsState
RegGetProgressDetailsState
MobsyncGetClassObject
DisplayOptions
RegGetSchedSyncSettings

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Virus/MadMan.exe
The-MALWARE-Repo-master/Virus/Melissa.doc
.doc windows office2003

Melissa
The-MALWARE-Repo-master/Virus/Walker.com
The-MALWARE-Repo-master/Virus/WinNuke.98.exe
.exe windows:4 windows x86 arch:x86

e85cb1c4db79eee3be998741daba934f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

_CIcos
_adj_fptan
__vbaFreeVar
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaFileOpen
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
The-MALWARE-Repo-master/Virus/Xpaj/xpaj.exe
.exe windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 197KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
The-MALWARE-Repo-master/Virus/Xpaj/xpajB.exe
.exe windows:5 windows x86 arch:x86

1dca2dbd3757a754f369f518971d3efd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nmas.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free

kernel32

GetOEMCP
GetCurrentThreadId
IsDebuggerPresent
GetLogicalDrives
GetVersion
SetLastError
lstrcatA
GetConsoleOutputCP
GetProcessHeap
LocalFree
LocalAlloc
GetACP
GlobalFree
GetConsoleCP
VirtualAlloc
GetStartupInfoA
GetUserDefaultLCID
LoadLibraryA
GetLastError
GetEnvironmentStringsA
IsSystemResumeAutomatic
DeleteCriticalSection
lstrcpynA
GetCommandLineW
OpenEventA
WriteFile
CreateFileA
ReadFile
lstrcmpA
InterlockedDecrement
lstrlenA
GlobalAlloc
lstrcpyA
GetSystemDefaultLCID
GetUserDefaultLangID
InterlockedIncrement
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetCurrentProcess
GetThreadLocale
FreeEnvironmentStringsA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
Sleep
GetModuleHandleA
GetProcAddress
CompareStringA

advapi32

RegCreateKeyExA
RegCreateKeyA
RegFlushKey
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

GetInputState
GetClipboardViewer
LoadBitmapA
LoadImageA
CharNextW
GetIconInfo
DestroyCursor
GetCursor
WindowFromPoint
GetCursorPos
GetCapture
CreateCursor
GetClipboardOwner
GetWindowDC
CharUpperA
CharPrevA
CharNextA
DrawIcon
GetForegroundWindow
IsWindow
GetLastActivePopup
IsWindowEnabled
GetUserObjectInformationA
GetThreadDesktop
CloseDesktop
OpenInputDesktop
IsRectEmpty
GetWindowRect
SetPropA
GetWindowRgn
ShowOwnedPopups
InvalidateRgn
GetClientRect
MoveWindow
DeleteMenu
GetMenuItemCount
ModifyMenuA
GetSubMenu
AdjustWindowRectEx
EndPaint
BeginPaint
SetScrollPos
ScrollWindowEx
ClientToScreen
ScreenToClient
SetScrollInfo
OffsetRect
DrawFrameControl
DestroyMenu
MapWindowPoints
GetDlgItemTextA
SetRect
SetMenu
SetCapture
ReleaseCapture
GetDoubleClickTime
DrawMenuBar
GetKeyState
GetMenuState
LoadMenuA
GetMenuItemInfoA
SetFocus
RegisterClassExA
MapVirtualKeyA
GetClipCursor
OemToCharBuffA
CharToOemBuffA
VkKeyScanA
ToAscii
IsDlgButtonChecked
ShowWindow
IsIconic
SetForegroundWindow
SetWindowPos
SetRectEmpty
GetWindowTextA
SendMessageTimeoutA
GetClassLongA
CopyImage
InvalidateRect
UpdateWindow
GetSystemMenu
EnableMenuItem
InsertMenuItemA
GetWindow
GetWindowTextLengthA
SetDlgItemTextA
CheckDlgButton
IsWindowVisible
EnumWindows
GetClassNameA
GetDlgItem
GetFocus
EnableWindow
LoadCursorA
SetCursor
GetSysColor
GetSysColorBrush
FillRect
DrawFocusRect
InflateRect
DrawIconEx
SendMessageA
DrawTextA
SendDlgItemMessageA
GetDC
ReleaseDC
LoadStringA
SetWindowTextA
GetShellWindow
RemovePropA
GetPropA
CountClipboardFormats
GetProcessDefaultLayout
DestroyIcon
RegisterClassA
DefWindowProcA
KillTimer
UnregisterClassA
DestroyWindow
CreateWindowExA
SetWindowLongA
SetTimer
wsprintfA
PtInRect
IsDialogMessageA
GetKeyboardState
SetKeyboardState
GetWindowLongA
GetParent
GetDesktopWindow
GetSystemMetrics
SetCursorPos
ChangeDisplaySettingsExA
ChangeDisplaySettingsA
OpenDesktopA
SetThreadDesktop
FindWindowA
GetCaretBlinkTime
GetMessageA
TranslateMessage
DispatchMessageA
UnhookWindowsHookEx
RedrawWindow
keybd_event
mouse_event
PostThreadMessageA
PostMessageA
CallNextHookEx
GetActiveWindow

gdi32

CreateDIBitmap
GetDIBits
CreateDIBSection
PatBlt
RealizePalette
SelectPalette
CreateCompatibleBitmap
OffsetRgn
SetRectRgn
CombineRgn
CreateRectRgn
GetRgnBox
GetRegionData
SetPixel
SetPaletteEntries
GetSystemPaletteUse
GetSystemPaletteEntries
CreatePalette
CreateBitmap
SetDIBColorTable
GetTextExtentPointA
GetClipBox
FillRgn
UnrealizeObject
SetBrushOrgEx
SelectClipRgn
SetBkMode
CreatePatternBrush
SetDIBits
SetTextAlign
GetTextAlign
LPtoDP
CreateBrushIndirect
SetBitmapBits
CreatePen
SetROP2
SetTextCharacterExtra
SetTextJustification
SetPolyFillMode
SetArcDirection
Rectangle
Polygon
Pie
Ellipse
Arc
Chord
PolyBezier
RoundRect
LineTo
MoveToEx
ExtTextOutA
TextOutA
GetCharWidthA
GetCharABCWidthsA
EnumFontFamiliesA
CreateFontA
GetDeviceCaps
GetStockObject
GetObjectA
CreateFontIndirectA
SetBkColor
SetTextColor
CreateCompatibleDC
BitBlt
DeleteDC
SelectObject
PtInRegion
DeleteObject
GetTextExtentPoint32A
CreateHatchBrush
StretchDIBits
GetTextMetricsA

atmlib

ATMEndFontChange
ATMFontAvailable
ATMFontAvailableA

dnsapi

DnsWriteQuestionToBuffer_UTF8
DnsIsAMailboxType
DnsAllocateRecord
DnsStatusString
DnsDhcpSrvRegisterInit
DnsDhcpSrvRegisterTerm
DnsNameCompareEx_A
DnsApiHeapReset
DnsDowncaseDnsNameLabel
DnsUpdate

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 9KB

yC Size: 2KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 2KB - Virtual size: 4KB

DATA Size: 5KB - Virtual size: 8KB

.idata Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

&%_* Size: - Virtual size: 28KB

U^#. Size: 9KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 4KB

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

Imports

kernel32

Sections

DLP Size: - Virtual size: 140KB

�uۊ�� Size: 96KB - Virtual size: 96KB

c1d24f2dee28c26ad20efbfa66d0d726

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

b82faf9237e7230cc2fbb2f1421d49bf

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 512B - Virtual size: 160B

.data Size: - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 944B

7e088f48d6fe44919b9fd479c903f565

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 5KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 3KB

5c7433b2a8bfdbd866a519f5ce78aa7b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

CODE Size: 2KB - Virtual size: 4KB

DATA Size: 4KB - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 9KB

yC
Size: 2KB - Virtual size: 8KB

CODE
Size: 2KB - Virtual size: 4KB

DATA
Size: 5KB - Virtual size: 8KB

.idata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

&%_*
Size: - Virtual size: 28KB

U^#.
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 4KB

DLP
Size: - Virtual size: 140KB

�uۊ��
Size: 96KB - Virtual size: 96KB

.text
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 512B - Virtual size: 160B

.data
Size: - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 944B

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 92KB - Virtual size: 91KB

.data
Size: - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

CODE
Size: 2KB - Virtual size: 4KB

DATA
Size: 4KB - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.petite
Size: 1KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 532KB

.rsrc
Size: 16B - Virtual size: 16B

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.......
Size: 1024B - Virtual size: 992B

...0
Size: - Virtual size: 48KB

...1
Size: 22KB - Virtual size: 24KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 14KB - Virtual size: 19KB

.rsrc
Size: 28KB - Virtual size: 37KB

.text
Size: 60KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 10KB