For analysis[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

For analysis.7z
Size

12.6MB
MD5

a4495d1988b840fd00e77cb97d528d43
SHA1

2e381dc1d1142e9a8e25344a8e743eb510371db4
SHA256

3ef6482e94e62b0f674c24b66fed5230b07395929f5fc77708fed0cb536c4a2b
SHA512

44975caac2ce969aa90af0edf2939b7699cebc21c15870c88e30608a5f22ba4c9b6b8a2b0e79430d1f642980064b061f98d8d82f626d87c402d72d604a753d8e
SSDEEP

393216:yFvWvfl7zZsMFdhHxlKlhcPDgoZQ66NrRYW:yA1dlxlKlhIDsx

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/221b9
unpack001/2c42a36d7
unpack001/2da5f7422573
unpack001/3fcc16
unpack001/4772
unpack001/6c1a
unpack001/79330
unpack001/afc500c
unpack001/ef62b5a6474

Files

For analysis.7z
.7z

Password: infected
221b9
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 747KB - Virtual size: 746KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2c42a36d7
.exe windows:4 windows x86 arch:x86

Password: infected

5710d974d303962d4a1254e8085feb40

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsMenu
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CharNextW
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryW
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FlushInstructionCache
FindResourceA
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CloseEnhMetaFile
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

comdlg32

GetSaveFileNameA
GetOpenFileNameA

ntdll

NtFlushInstructionCache

url

AutodialHookCallback

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2d193ed8.unknown
.hta .vbs polyglot
2da5f7422573
.exe windows:4 windows x86 arch:x86

Password: infected

2c5f2513605e48f2d8ea5440a870cb9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Sections

.code
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3fcc16
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4772
.exe windows:4 windows x86 arch:x86

Password: infected

469a28fd506c4e9127d8283ad9556834

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetUserObjectInformationW
MessageBoxW
wsprintfA
MessageBoxA
GetProcessWindowStation
GetDesktopWindow

gdi32

DeleteDC
GetDeviceCaps
CreateDCA
BitBlt
CreateCompatibleBitmap
GetObjectA
DeleteObject
GetBitmapBits
SelectObject
CreateCompatibleDC

kernel32

SetEvent
GetSystemDirectoryA
SetUnhandledExceptionFilter
ResumeThread
GlobalAlloc
GetProcessAffinityMask
TlsSetValue
GetTickCount
SetLastError
VirtualQuery
GetModuleHandleExA
CreateEventA
IsDBCSLeadByteEx
DuplicateHandle
GetVersion
ExitProcess
SetThreadPriority
FindFirstFileA
ResetEvent
FindNextFileA
EnterCriticalSection
GetTempPathA
CreateSemaphoreA
InitializeCriticalSection
GetCurrentThread
OpenProcess
GetTimeZoneInformation
WaitForSingleObject
SuspendThread
GetCurrentProcess
GlobalHandle
QueryPerformanceCounter
SetThreadContext
GetThreadContext
QueryPerformanceFrequency
GetProcAddress
DeleteCriticalSection
GetLastError
TlsAlloc
LeaveCriticalSection
lstrcpynA
Sleep
WaitForMultipleObjects
TlsFree
GetThreadPriority
VirtualProtect
GetStdHandle
ReleaseSemaphore
GetCurrentThreadId
GlobalMemoryStatus
GetModuleHandleA
LoadLibraryA
SetProcessAffinityMask
CloseHandle
lstrcpyA
TlsGetValue
SetThreadAffinityMask

winmm

timeGetTime

ws2_32

closesocket
WSASetLastError
htons
htonl
ntohl
getaddrinfo
getnameinfo
recvfrom
ioctlsocket
recv
listen
connect
WSAGetLastError
shutdown
getpeername
getsockname
WSAStartup
freeaddrinfo
send
bind
__WSAFDIsSet
inet_addr
select
sendto
ntohs
gethostname
setsockopt
gethostbyname
socket
accept
WSAEnumNetworkEvents
getsockopt
WSACleanup

msvcrt

localtime
setvbuf
_iob
islower
fgetc
fseek
strftime
fwprintf
free
vfprintf
_open
fputc
ftell
log10
_wfopen
_onexit
localeconv
__doserrno
strtoul
rand
isalnum
qsort
putc
wcsstr
srand
_filelengthi64
_lseeki64
strlen
strcmp
rename
realloc
abort
_access
strncpy
getc
strncat
atof
sprintf
_unlock
time
_fileno
fprintf
memset
isspace
atoi
puts
_rmdir
fwrite
_close
__mb_cur_max
strstr
fread
_amsg_exit
printf
_snwprintf
_errno
_read
fopen
_beginthreadex
_lock
putchar
_setmode
gmtime
strcpy
_strdup
strtol
_endthreadex
getenv
__dllonexit
_getch
__setusermatherr
_ftime
_getpid
_exit
strchr
_putenv
_write
_stat
sscanf
_strnicmp
strerror
tolower
_get_osfhandle
isxdigit
strcspn
_findclose
_ftime64
setlocale
isprint
fgets
calloc
longjmp
memcmp
_stati64
memmove
exit
_wfindnext
strspn
strcat
_mkdir
fflush
memchr
fputs
fgetpos
_setjmp3
bsearch
mktime
signal
isalpha
ferror
toupper
_fdopen
fsetpos
_stricmp
_fstati64
malloc
__pioinfo
ungetc
isupper
_initterm
strrchr
raise
strncmp
fclose
feof
_wfindfirst
wcslen
_vsnprintf
wcscpy
_unlink
memcpy

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegisterEventSourceA
ReportEventA

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreA

Sections

.text
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
6c1a
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
79330
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc
.rsrc/MANIFEST/1
.xml
.rsrc/version.txt
.text
afc500c
.exe windows:4 windows x86 arch:x86

Password: infected

3786a4cf8bfee8b4821db03449141df4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
SysAllocString

user32

SendMessageA
SetTimer
DialogBoxParamW
DialogBoxParamA
SetWindowLongA
GetWindowLongA
SetWindowTextW
LoadIconA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
DestroyWindow
EndDialog
PostMessageA
ShowWindow
MessageBoxW
GetDlgItem
KillTimer
SetWindowTextA

shell32

ShellExecuteExA

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
TlsAlloc
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject
CloseHandle
CreateProcessA
SetCurrentDirectoryA
GetCommandLineW
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
GetTempPathA
GetTempFileNameA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetStdHandle
WaitForMultipleObjects
Sleep
VirtualAlloc
VirtualFree
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ef62b5a6474
.exe windows:5 windows x86 arch:x86

21829bcb83e2224c2104cf7cefe96c53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bohuras\pimewefuhupu\hotiy.pdb

Imports

kernel32

GlobalSize
SetDefaultCommConfigW
CreateHardLinkA
WaitForSingleObjectEx
FreeEnvironmentStringsA
EnumCalendarInfoExW
GetConsoleTitleA
ReadConsoleW
GetCompressedFileSizeW
WaitNamedPipeW
CreateActCtxW
SetHandleCount
TlsSetValue
LoadLibraryW
GetConsoleMode
InterlockedPopEntrySList
FindNextVolumeW
GetFileAttributesW
WriteConsoleW
IsBadStringPtrA
WritePrivateProfileStringW
GetStringTypeExA
GetConsoleAliasesW
GetCommState
ChangeTimerQueueTimer
SetLastError
GetProcAddress
VirtualAlloc
EnumSystemCodePagesW
CreateMemoryResourceNotification
SearchPathA
LoadLibraryA
LocalAlloc
DnsHostnameToComputerNameA
AddAtomW
GetProfileStringA
BeginUpdateResourceA
WriteProfileSectionW
FoldStringW
EnumResourceTypesW
GetModuleFileNameA
GetModuleHandleA
GetCommTimeouts
QueryPerformanceFrequency
DeleteFileW
DebugBreak
ReadConsoleOutputCharacterW
GetConsoleAliasExesLengthA
FindResourceExW
GetNumaProcessorNode
VirtualQuery
GetStdHandle
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
GetModuleHandleW
ExitProcess
WriteFile
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
CreateFileA
CloseHandle

gdi32

GetCharABCWidthsW
CreateDiscardableBitmap
GetCharWidthI

advapi32

GetEventLogInformation

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 747KB - Virtual size: 746KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

5710d974d303962d4a1254e8085feb40

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

ole32

comctl32

comdlg32

ntdll

url

Sections

.text Size: 478KB - Virtual size: 477KB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 8KB

.bss Size: - Virtual size: 13KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: - Virtual size: 52B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 34KB - Virtual size: 33KB

.rsrc Size: 285KB - Virtual size: 285KB

Password: infected

2c5f2513605e48f2d8ea5440a870cb9e

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

shell32

winmm

ole32

shlwapi

Sections

.code Size: 14KB - Virtual size: 14KB

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

469a28fd506c4e9127d8283ad9556834

Headers

File Characteristics

Imports

user32

.text
Size: 747KB - Virtual size: 746KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 478KB - Virtual size: 477KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 8KB

.bss
Size: - Virtual size: 13KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 52B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 285KB - Virtual size: 285KB

.code
Size: 14KB - Virtual size: 14KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 70KB - Virtual size: 72KB

.data
Size: 219KB - Virtual size: 219KB

.rdata
Size: 35KB - Virtual size: 35KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rsrc
Size: 168KB - Virtual size: 168KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 22KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 192KB - Virtual size: 192KB

.data
Size: 12KB - Virtual size: 2.8MB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 15KB - Virtual size: 14KB