3b77c4e658b5e7b2726f849fe81d2e7d75932a524363e323dbdb40659367312a

Sharing

Copy URL

Twitter E-mail

General

Target

3b77c4e658b5e7b2726f849fe81d2e7d75932a524363e323dbdb40659367312a
Size

5.8MB
MD5

8469e952d780258b504b9fa0930efa4c
SHA1

49bc44a2fce667190c8f9d17d96fb93a90c66a69
SHA256

3b77c4e658b5e7b2726f849fe81d2e7d75932a524363e323dbdb40659367312a
SHA512

43beda9c0b46a22855b4b218d15815d85b619daf9b03edf98b6b9c71f5142dcec3afb089884f318dfaa4b7022e50ef3d5a0fbe7c91f4fabfae5f2a2182704a1d
SSDEEP

98304:QwogWBQSHZTQyFdFwm5wviB92TNFWmpT7vNujYD6Ek9ghaSJ8/Pkk/bYXcTprt:cue0yFfwm1ONsWrej6UrpTrt

Score

N/A

Malware Config

Signatures

Files

3b77c4e658b5e7b2726f849fe81d2e7d75932a524363e323dbdb40659367312a
.zip
人肉一件套/QQip/DrvIPBox.sys
.exe windows x86

34223c23d97e1b02adc15446bbdde2ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
DbgPrint
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
IoCreateDevice
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
KeTickCount
IoCreateSymbolicLink
KeWaitForSingleObject
KeInitializeSpinLock

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 634B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
人肉一件套/QQip/QQ查IP工具.bak
.exe windows x86

cbdf2a384eef1db34be0cb0e40abfc6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
Sleep
IsBadCodePtr
IsBadReadPtr
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
OpenProcess
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
SetUnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
GetProcessHeap
FindResourceA
LoadResource
LockResource
WaitForSingleObject
CreateThread
MultiByteToWideChar
CreateEventA
GetLastError
CloseHandle
HeapDestroy
GetPrivateProfileIntA
GetCurrentDirectoryA
GetPrivateProfileStringA
DeleteCriticalSection
InitializeCriticalSection
lstrcmpA
IsBadWritePtr
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcpynW
InterlockedExchange
lstrcpynA
lstrcpyA
lstrlenA
GetCurrentProcessId
GetVersionExA
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
FreeEnvironmentStringsW
GetTickCount

user32

MessageBoxA
DestroyWindow
GetClassNameA
DrawFrameControl
ModifyMenuA
DrawEdge
SetRectEmpty
CallNextHookEx
RemoveMenu
MonitorFromPoint
GetMonitorInfoA
CreatePopupMenu
AppendMenuA
CreateWindowExA
GetMessagePos
WindowFromPoint
ScreenToClient
GetMenu
DialogBoxParamA
wsprintfA
SetWindowPos
MapWindowPoints
GetClientRect
KillTimer
LoadBitmapA
GetKeyState
InvalidateRect
GetSubMenu
PtInRect
GetActiveWindow
GetWindowThreadProcessId
IsMenu
TrackPopupMenuEx
UpdateWindow
GetSystemMetrics
SystemParametersInfoA
GetWindowRect
GetWindow
GetWindowLongA
SetTimer
TranslateAcceleratorA
GetDC
GetDlgItem
GetParent
EndDialog
DispatchMessageA
SetMenu
GetWindowDC
DrawTextA
ReleaseDC
GetSysColorBrush
FrameRect
OffsetRect
InflateRect
GetSysColor
LoadStringW
PostQuitMessage
SetFocus
wvsprintfA
GetClassInfoExA
LoadCursorA
LoadImageA
RegisterClassExA
LoadStringA
LoadMenuA
LoadAcceleratorsA
PostMessageA
SendMessageA
CallWindowProcA
SetWindowsHookExA
UnhookWindowsHookEx
FillRect
GetMenuItemCount
GetMenuItemID
RegisterWindowMessageA
IsWindowVisible
CharNextA
CharLowerA
IsWindowEnabled
MessageBeep
GetFocus
SetWindowLongA
DefWindowProcA
IsWindow
DestroyMenu
SetMenuDefaultItem
GetMenuItemInfoA
SetMenuItemInfoA
ShowWindow
PeekMessageA
GetMessageA
TranslateMessage

gdi32

GetCurrentObject
GetStockObject
CreateDIBSection
BitBlt
DeleteDC
SetBkColor
CreateBitmap
CreatePatternBrush
SetBrushOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SetTextColor
GetObjectA
CreateFontIndirectA
SelectObject
SetBkMode
DeleteObject

advapi32

ControlTraceW
CloseTrace
ProcessTrace
SetTraceCallback
OpenTraceW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
StartTraceW

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoUninitialize
CoInitialize

comctl32

ImageList_GetImageCount
ImageList_Draw
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_LoadImageA
ImageList_AddMasked
ImageList_Create
ord6
ImageList_Destroy

ipdbhlp

?OpenIPD@@YAPAXPBDW4IPDTYPE@@@Z
?CloseIPD@@YAXPAX@Z
?GetAddrByIP@@YAPBDPAXKPADI@Z

shlwapi

PathCombineA

psapi

GetModuleFileNameExA
EnumProcesses

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
人肉一件套/QQip/QQ查IP工具.exe
.exe windows x86

cbdf2a384eef1db34be0cb0e40abfc6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
Sleep
IsBadCodePtr
IsBadReadPtr
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
OpenProcess
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
SetUnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
GetProcessHeap
FindResourceA
LoadResource
LockResource
WaitForSingleObject
CreateThread
MultiByteToWideChar
CreateEventA
GetLastError
CloseHandle
HeapDestroy
GetPrivateProfileIntA
GetCurrentDirectoryA
GetPrivateProfileStringA
DeleteCriticalSection
InitializeCriticalSection
lstrcmpA
IsBadWritePtr
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcpynW
InterlockedExchange
lstrcpynA
lstrcpyA
lstrlenA
GetCurrentProcessId
GetVersionExA
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
FreeEnvironmentStringsW
GetTickCount

user32

MessageBoxA
DestroyWindow
GetClassNameA
DrawFrameControl
ModifyMenuA
DrawEdge
SetRectEmpty
CallNextHookEx
RemoveMenu
MonitorFromPoint
GetMonitorInfoA
CreatePopupMenu
AppendMenuA
CreateWindowExA
GetMessagePos
WindowFromPoint
ScreenToClient
GetMenu
DialogBoxParamA
wsprintfA
SetWindowPos
MapWindowPoints
GetClientRect
KillTimer
LoadBitmapA
GetKeyState
InvalidateRect
GetSubMenu
PtInRect
GetActiveWindow
GetWindowThreadProcessId
IsMenu
TrackPopupMenuEx
UpdateWindow
GetSystemMetrics
SystemParametersInfoA
GetWindowRect
GetWindow
GetWindowLongA
SetTimer
TranslateAcceleratorA
GetDC
GetDlgItem
GetParent
EndDialog
DispatchMessageA
SetMenu
GetWindowDC
DrawTextA
ReleaseDC
GetSysColorBrush
FrameRect
OffsetRect
InflateRect
GetSysColor
LoadStringW
PostQuitMessage
SetFocus
wvsprintfA
GetClassInfoExA
LoadCursorA
LoadImageA
RegisterClassExA
LoadStringA
LoadMenuA
LoadAcceleratorsA
PostMessageA
SendMessageA
CallWindowProcA
SetWindowsHookExA
UnhookWindowsHookEx
FillRect
GetMenuItemCount
GetMenuItemID
RegisterWindowMessageA
IsWindowVisible
CharNextA
CharLowerA
IsWindowEnabled
MessageBeep
GetFocus
SetWindowLongA
DefWindowProcA
IsWindow
DestroyMenu
SetMenuDefaultItem
GetMenuItemInfoA
SetMenuItemInfoA
ShowWindow
PeekMessageA
GetMessageA
TranslateMessage

gdi32

GetCurrentObject
GetStockObject
CreateDIBSection
BitBlt
DeleteDC
SetBkColor
CreateBitmap
CreatePatternBrush
SetBrushOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SetTextColor
GetObjectA
CreateFontIndirectA
SelectObject
SetBkMode
DeleteObject

advapi32

ControlTraceW
CloseTrace
ProcessTrace
SetTraceCallback
OpenTraceW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
StartTraceW

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoUninitialize
CoInitialize

comctl32

ImageList_GetImageCount
ImageList_Draw
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_LoadImageA
ImageList_AddMasked
ImageList_Create
ord6
ImageList_Destroy

ipdbhlp

?OpenIPD@@YAPAXPBDW4IPDTYPE@@@Z
?CloseIPD@@YAXPAX@Z
?GetAddrByIP@@YAPBDPAXKPADI@Z

shlwapi

PathCombineA

psapi

GetModuleFileNameExA
EnumProcesses

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
人肉一件套/QQip/config.ini
人肉一件套/QQip/ipdbhlp.dll
.dll windows x86

546ef7a78941b55beda736b5012e1fe2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
GetFileSize
ReadFile
GetLocalTime
WriteFile
InterlockedExchange
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
Sleep
LCMapStringA
LCMapStringW
HeapSize

user32

wsprintfA

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

Exports

Exports

?CloseIPD@@YAXPAX@Z
?ConvertIPD@@YAHPBDW4IPDTYPE@@01@Z
?GetAddrByIP@@YAPBDPAXKPADI@Z
?GetIPByAddr@@YAIPAXPBDPAKI@Z
?GetIPDVersion@@YAPBDPAXPADI@Z
?OpenIPD@@YAPAXPBDW4IPDTYPE@@@Z

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
人肉一件套/QQip/portdesc.ini
人肉一件套/QQip/定位网址.txt
人肉一件套/QQ查ip/DrvIPBox.sys
.exe windows x86

34223c23d97e1b02adc15446bbdde2ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
DbgPrint
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
IoCreateDevice
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
KeTickCount
IoCreateSymbolicLink
KeWaitForSingleObject
KeInitializeSpinLock

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 634B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
人肉一件套/QQ查ip/QQip抓取.mp4
人肉一件套/QQ查ip/config.ini
人肉一件套/QQ查ip/ipdbhlp.dll
.dll windows x86

546ef7a78941b55beda736b5012e1fe2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
GetFileSize
ReadFile
GetLocalTime
WriteFile
InterlockedExchange
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
Sleep
LCMapStringA
LCMapStringW
HeapSize

user32

wsprintfA

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

Exports

Exports

?CloseIPD@@YAXPAX@Z
?ConvertIPD@@YAHPBDW4IPDTYPE@@01@Z
?GetAddrByIP@@YAPBDPAXKPADI@Z
?GetIPByAddr@@YAIPAXPBDPAKI@Z
?GetIPDVersion@@YAPBDPAXPADI@Z
?OpenIPD@@YAPAXPBDW4IPDTYPE@@@Z

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
人肉一件套/QQ查ip/portdesc.ini
人肉一件套/QQ查ip/新建文本文档.txt
人肉一件套/QQ查ip/梁山好汉抓包工具.exe
.exe windows x86

cbdf2a384eef1db34be0cb0e40abfc6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
Sleep
IsBadCodePtr
IsBadReadPtr
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
OpenProcess
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
SetUnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
GetProcessHeap
FindResourceA
LoadResource
LockResource
WaitForSingleObject
CreateThread
MultiByteToWideChar
CreateEventA
GetLastError
CloseHandle
HeapDestroy
GetPrivateProfileIntA
GetCurrentDirectoryA
GetPrivateProfileStringA
DeleteCriticalSection
InitializeCriticalSection
lstrcmpA
IsBadWritePtr
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcpynW
InterlockedExchange
lstrcpynA
lstrcpyA
lstrlenA
GetCurrentProcessId
GetVersionExA
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
FreeEnvironmentStringsW
GetTickCount

user32

MessageBoxA
DestroyWindow
GetClassNameA
DrawFrameControl
ModifyMenuA
DrawEdge
SetRectEmpty
CallNextHookEx
RemoveMenu
MonitorFromPoint
GetMonitorInfoA
CreatePopupMenu
AppendMenuA
CreateWindowExA
GetMessagePos
WindowFromPoint
ScreenToClient
GetMenu
DialogBoxParamA
wsprintfA
SetWindowPos
MapWindowPoints
GetClientRect
KillTimer
LoadBitmapA
GetKeyState
InvalidateRect
GetSubMenu
PtInRect
GetActiveWindow
GetWindowThreadProcessId
IsMenu
TrackPopupMenuEx
UpdateWindow
GetSystemMetrics
SystemParametersInfoA
GetWindowRect
GetWindow
GetWindowLongA
SetTimer
TranslateAcceleratorA
GetDC
GetDlgItem
GetParent
EndDialog
DispatchMessageA
SetMenu
GetWindowDC
DrawTextA
ReleaseDC
GetSysColorBrush
FrameRect
OffsetRect
InflateRect
GetSysColor
LoadStringW
PostQuitMessage
SetFocus
wvsprintfA
GetClassInfoExA
LoadCursorA
LoadImageA
RegisterClassExA
LoadStringA
LoadMenuA
LoadAcceleratorsA
PostMessageA
SendMessageA
CallWindowProcA
SetWindowsHookExA
UnhookWindowsHookEx
FillRect
GetMenuItemCount
GetMenuItemID
RegisterWindowMessageA
IsWindowVisible
CharNextA
CharLowerA
IsWindowEnabled
MessageBeep
GetFocus
SetWindowLongA
DefWindowProcA
IsWindow
DestroyMenu
SetMenuDefaultItem
GetMenuItemInfoA
SetMenuItemInfoA
ShowWindow
PeekMessageA
GetMessageA
TranslateMessage

gdi32

GetCurrentObject
GetStockObject
CreateDIBSection
BitBlt
DeleteDC
SetBkColor
CreateBitmap
CreatePatternBrush
SetBrushOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SetTextColor
GetObjectA
CreateFontIndirectA
SelectObject
SetBkMode
DeleteObject

advapi32

ControlTraceW
CloseTrace
ProcessTrace
SetTraceCallback
OpenTraceW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
StartTraceW

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoUninitialize
CoInitialize

comctl32

ImageList_GetImageCount
ImageList_Draw
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_LoadImageA
ImageList_AddMasked
ImageList_Create
ord6
ImageList_Destroy

ipdbhlp

?OpenIPD@@YAPAXPBDW4IPDTYPE@@@Z
?CloseIPD@@YAXPAX@Z
?GetAddrByIP@@YAPBDPAXKPADI@Z

shlwapi

PathCombineA

psapi

GetModuleFileNameExA
EnumProcesses

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
人肉一件套/专属人肉教程.docx
.docx office2007
人肉一件套/号段数据库.txt
人肉一件套/合集.txt
人肉一件套/安卓版HZJ.txt
人肉一件套/新建文本文档.txt
人肉一件套/电脑端HZJ下载地址.txt
人肉一件套/简户思路.txt
人肉一件套/简户网站.txt
人肉一件套/说明.docx
.docx .ps1 office2007

Sharing

General

Malware Config

Signatures

Files

34223c23d97e1b02adc15446bbdde2ec

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 256B - Virtual size: 198B

.data Size: 12KB - Virtual size: 12KB

INIT Size: 640B - Virtual size: 634B

.reloc Size: 512B - Virtual size: 416B

cbdf2a384eef1db34be0cb0e40abfc6a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

ipdbhlp

shlwapi

psapi

version

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 76KB - Virtual size: 75KB

cbdf2a384eef1db34be0cb0e40abfc6a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

ipdbhlp

shlwapi

psapi

version

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 76KB - Virtual size: 75KB

546ef7a78941b55beda736b5012e1fe2

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 4KB - Virtual size: 3KB

34223c23d97e1b02adc15446bbdde2ec

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 256B - Virtual size: 198B

.data
Size: 12KB - Virtual size: 12KB

INIT
Size: 640B - Virtual size: 634B

.reloc
Size: 512B - Virtual size: 416B

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 76KB - Virtual size: 75KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 76KB - Virtual size: 75KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 256B - Virtual size: 198B

.data
Size: 12KB - Virtual size: 12KB

INIT
Size: 640B - Virtual size: 634B

.reloc
Size: 512B - Virtual size: 416B

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 77KB - Virtual size: 76KB