XinZhiZao[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

XinZhiZao.exe
Size

1.4MB
MD5

3c6410855a3d4b42148836a210fe6faf
SHA1

926c0d5708bcb68b0b606fa0c7b16a0a420d14df
SHA256

5ffbee46baedc593987845a5f5a11d6a03e3f35fde1f4552308248d9b8dd503b
SHA512

e7beea436606f160f919e1e1557913278cd6c9c7f64cc5a30137d8d202e27cb070330568028957b52ca354ced201742a6cedf32cacbcbd567517410017429236
SSDEEP

24576:AwldeqnPwKAsq91WOR1N6qxGx3SKkHvjRi:/vwlRebSp

Score

N/A

Malware Config

Signatures

Files

XinZhiZao.exe
.exe windows x86

eed9112d3f4b6bf5d8836faeed8b4717

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

xzmzip

解压数据
GetMd5_W
zip解压指定文件
解密数据
RC4加密
GetMd5
RC4解密

kernel32

InitializeCriticalSectionEx
SystemTimeToFileTime
LocalFileTimeToFileTime
lstrcpynW
GetLocalTime
IsDebuggerPresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
FormatMessageW
GetCurrentProcessId
VerSetConditionMask
VerifyVersionInfoW
GlobalAlloc
MulDiv
GlobalUnlock
GlobalLock
GetCurrentDirectoryW
SetFilePointer
FreeResource
WriteFile
lstrcpyW
GetTempPathW
ReadFile
GetFileSize
CreateFileW
LoadLibraryExW
lstrcmpiW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteCriticalSection
DecodePointer
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateDirectoryW
GetModuleFileNameW
EnterCriticalSection
WideCharToMultiByte
WritePrivateProfileStringW
lstrcmpW
GetSystemDirectoryW
GetPrivateProfileStringW
ExitProcess
MultiByteToWideChar
CreateIoCompletionPort
GetSystemInfo
CloseHandle
GetLastError
PostQueuedCompletionStatus
lstrlenA
GetQueuedCompletionStatus
lstrlenW
Sleep
CreateThread
GetTickCount
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindClose
FindNextFileW
FindFirstFileW
OutputDebugStringW

user32

ScreenToClient
PtInRect
GetFocus
GetSystemMetrics
IsIconic
GetWindowRect
SetWindowRgn
wsprintfA
KillTimer
SetTimer
MessageBoxA
CharNextW
SetWindowTextW
ShowWindow
MessageBoxW
PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
LoadIconW
GetActiveWindow
OffsetRect
InflateRect
UnionRect
DefWindowProcW
CreateWindowExW
SetWindowLongW
GetWindow
EnableWindow
GetMessageW
SetFocus
GetMonitorInfoW
MonitorFromWindow
LoadImageW
RegisterClassW
GetClassInfoExW
GetClientRect
GetWindowLongW
CallWindowProcW
SetPropW
GetPropW
SetWindowPos
GetKeyState
DestroyWindow
ReleaseDC
GetDC
BeginPaint
EndPaint
GetUpdateRect
IsRectEmpty
MapWindowPoints
GetSysColor
InvalidateRect
IsZoomed
GetWindowTextLengthW
GetCaretBlinkTime
GetCaretPos
CreatePopupMenu
AppendMenuW
EnableMenuItem
TrackPopupMenu
DestroyMenu
FillRect
DrawTextW
SetRect
CharPrevW
SetForegroundWindow
IsWindowVisible
DrawTextExW
CopyRect
GetKeyNameTextW
GetKeyboardLayout
MapVirtualKeyExW
DrawTextA
SetCaretPos
ShowCaret
HideCaret
CreateCaret
EqualRect
GetWindowRgn
UpdateLayeredWindow
IsWindowEnabled
MonitorFromPoint
GetGUIThreadInfo
CreateAcceleratorTableW
SendMessageW
FindWindowExW
PostMessageW
IntersectRect
GetCursorPos
IsWindow
InvalidateRgn
RegisterClassExW
ReleaseCapture
SetCapture
LoadCursorW
SetCursor
MoveWindow
GetParent
ClientToScreen
GetWindowTextW

gdi32

RestoreDC
Rectangle
SetWindowOrgEx
CreateEnhMetaFileW
CloseEnhMetaFile
GetTextMetricsW
AddFontMemResourceEx
CreateDIBitmap
GetEnhMetaFileHeader
GetDeviceCaps
CreateCompatibleBitmap
PlayEnhMetaFile
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
CreateDIBSection
StretchBlt
SetStretchBltMode
GetStockObject
CreatePenIndirect
BitBlt
RemoveFontMemResourceEx
GetObjectA
SetBkMode
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GdiFlush
CreatePatternBrush
CreateRectRgn
PtInRegion
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
GetDIBColorTable
SetDIBColorTable
SetViewportOrgEx
SetTextAlign
Ellipse
Polygon
CreateFontW
Arc
Pie
SaveDC
SelectObject
MoveToEx
GetObjectW
DeleteDC
CreateCompatibleDC
CreatePen
LineTo
CreateFontIndirectW
DeleteObject
CreateSolidBrush
SetBkColor
CreateRoundRectRgn

comdlg32

ChooseColorW
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW

shell32

ShellExecuteW
Shell_NotifyIconW
DragQueryFileW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
OleDuplicateData
DoDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromString
CLSIDFromProgID
ReleaseStgMedium
CoCreateInstance

oleaut32

VariantTimeToSystemTime
VarDateFromStr
VarUI4FromStr
SysAllocString
CreateErrorInfo
VariantChangeType
SysFreeString
VariantClear
VariantInit

msvcp140

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?_Xbad_function_call@std@@YAXXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathAppendW
StrToIntW

gdiplus

GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawString
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipCreateLineBrushI
GdipDrawPath
GdipGetPropertyItem
GdipClosePathFigure
GdipDeleteGraphics
GdipCreateSolidFill
GdipGetImageWidth
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipCreatePen1
GdipDeletePen
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetSmoothingMode
GdipGetImageHeight
GdipDrawImageRectI
GdipDrawLineI
GdipDrawLinesI
GdipSetPenMode
GdipDrawRectangleI
GdipImageSelectActiveFrame
GdipTranslateWorldTransform
GdipCreatePath
GdipRotateWorldTransform
GdipDeletePath
GdipDrawImageI
GdipAddPathArcI
GdipSetStringFormatTrimming
GdipAddPathLineI
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipFillPolygonI
GdipSetSolidFillColor
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext

msimg32

TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

ws2_32

closesocket
WSASend
gethostbyname
select
WSASocketW
WSAStartup
bind
connect
inet_ntoa
WSARecv
htons
ioctlsocket
setsockopt
WSAGetLastError
inet_addr
gethostname
shutdown

wininet

HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetReadFile
InternetCloseHandle

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeGetTime

vcruntime140

memchr
_except_handler4_common
__current_exception_context
__current_exception
memmove
memset
_CxxThrowException
strstr
wcsrchr
wcschr
wcsstr
strchr
_purecall
__std_exception_destroy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
__RTDynamicCast
memcpy
memcmp

api-ms-win-crt-string-l1-1-0

wcsnlen
strnlen
iswspace
_wcsupr_s
strncmp
_wcslwr_s
_wcslwr
wmemcpy_s
toupper
wcsncat
wcsncpy
isdigit
wcsncpy_s
_wcsicmp
strncpy

api-ms-win-crt-runtime-l1-1-0

_resetstkoflw
_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo
_errno
_initialize_onexit_table
terminate
_cexit
_register_onexit_function
exit
_invalid_parameter_noinfo_noreturn
_beginthreadex
_crt_atexit

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-convert-l1-1-0

wcstombs_s
_itow
wcstod
wcstoul
_wtof
atof
mbstowcs_s
strtol
_strtoi64
wcstol
atoi
_wtoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
fclose
fwrite
_get_stream_buffer_pointers
__stdio_common_vswprintf
_wfopen
fgetc
fputc
ungetc
_wfopen_s
_set_fmode
ferror
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fread
__p__commode
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsscanf

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
_set_new_mode
free
malloc
calloc
_recalloc

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-multibyte-l1-1-0

_mbscmp
_mbsstr
_mbschr

api-ms-win-crt-math-l1-1-0

__setusermatherr
ldexp
_CIatan2
_CIfmod
_libm_sse2_acos_precise
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
ceil
floor

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

Sections

.text
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eed9112d3f4b6bf5d8836faeed8b4717

Headers

DLL Characteristics

File Characteristics

Imports

xzmzip

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp140

shlwapi

gdiplus

msimg32

comctl32

imm32

ws2_32

wininet

version

winmm

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 812KB - Virtual size: 811KB

.rdata Size: 181KB - Virtual size: 181KB

.data Size: 10KB - Virtual size: 13KB

.rsrc Size: 333KB - Virtual size: 333KB

.reloc Size: 67KB - Virtual size: 67KB

.text
Size: 812KB - Virtual size: 811KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 10KB - Virtual size: 13KB

.rsrc
Size: 333KB - Virtual size: 333KB

.reloc
Size: 67KB - Virtual size: 67KB