a6f73f83664bf337a9ecabf90e3adc0f1aa3af17aa06c4041fd586a8af68caad

Sharing

Copy URL Twitter E-mail

General

Target

a6f73f83664bf337a9ecabf90e3adc0f1aa3af17aa06c4041fd586a8af68caad
Size

409KB
MD5

582d8ac734d6aece679ae648536072d6
SHA1

23ef4449db25e3dc420c515eca4d03c80e43de59
SHA256

a6f73f83664bf337a9ecabf90e3adc0f1aa3af17aa06c4041fd586a8af68caad
SHA512

4ed2d49edf6232b30ee56387bd4e6b9970af269d6db72cf7d9092a3ec0cdb203486247dc76244eb5456a0b40cbc4f138ea245d32cfa60c7fcc582c430977b68f
SSDEEP

6144:YYN4+TGC3XkV7kZR73zVaIfRlM1jD+7tgiGilTlKbAulW2j/6c7mQ5VKvHpw:YYhF3XY7kZRjzV8i7t5R5RIhSQ5Vqm

Score

N/A

Malware Config

Signatures

Files

a6f73f83664bf337a9ecabf90e3adc0f1aa3af17aa06c4041fd586a8af68caad
.rar
SciLexer.dll
.dll windows x86

77f881f041ef9b367af469b20a63451f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
HeapCreate
GetCurrentProcessId
TerminateProcess
CompareStringW
HeapAlloc
RtlUnwind
GetCPInfo
RaiseException
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapReAlloc
HeapFree
GetLastError
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
HeapDestroy
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CreateFileW
CloseHandle
LCMapStringW
GetModuleHandleA
FreeLibrary
GlobalFree
GlobalUnlock
Sleep
WideCharToMultiByte
GlobalAlloc
GetTickCount
GlobalLock
GlobalSize
GetLocaleInfoA
DeleteCriticalSection
QueryPerformanceFrequency
LoadLibraryExA
LoadLibraryA
EnterCriticalSection
GetProcAddress
MultiByteToWideChar
MulDiv
LeaveCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetCurrentProcess
FlushFileBuffers

user32

HideCaret
ScreenToClient
IsChild
NotifyWinEvent
KillTimer
MsgWaitForMultipleObjects
IsClipboardFormatAvailable
SetFocus
ShowCaret
SetTimer
RegisterClassExW
LoadCursorA
DestroyMenu
CallWindowProcA
MapWindowPoints
GetSystemMetrics
ReleaseCapture
SystemParametersInfoA
GetUpdateRgn
CloseClipboard
PtInRect
GetKeyboardLayout
RegisterClipboardFormatA
GetScrollInfo
GetClipboardData
EmptyClipboard
DestroyCaret
AppendMenuA
CreateCaret
PostMessageA
OpenClipboard
SetCaretPos
SetClipboardData
GetDlgCtrlID
GetCaretBlinkTime
SetScrollInfo
GetMessageTime
EndPaint
ClientToScreen
DestroyWindow
SetCursor
GetWindowRect
RegisterClassExA
TrackPopupMenu
FillRect
SetCapture
DrawTextW
DrawTextA
GetKeyState
GetParent
GetClientRect
SendMessageA
BeginPaint
GetDoubleClickTime
CreateIconIndirect
GetIconInfo
GetDC
DrawFocusRect
InflateRect
SetWindowLongA
InvalidateRect
UnregisterClassA
GetWindowLongA
CreateWindowExA
ReleaseDC
DefWindowProcA
DestroyCursor
GetSysColor
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
FrameRect
AdjustWindowRectEx

gdi32

GetNearestColor
GetTextExtentPoint32W
GetTextExtentPoint32A
LineTo
SetTextColor
DeleteDC
Polygon
CreateDIBSection
CreateFontIndirectW
GetDeviceCaps
StretchBlt
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
ExtTextOutW
Ellipse
GetObjectW
GetTextExtentExPointW
GetTextExtentExPointA
CreatePatternBrush
CreatePen
GetTextMetricsA
RoundRect
SetTextAlign
IntersectClipRect
GetObjectA
GetStockObject
ExtTextOutA
CreateSolidBrush
MoveToEx
CreateRectRgn
CombineRgn
CreateBitmap
BitBlt

imm32

ImmEscapeW
ImmReleaseContext
ImmSetCompositionFontW
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetContext

ole32

RegisterDragDrop
DoDragDrop
OleUninitialize
OleInitialize
RevokeDragDrop
CLSIDFromProgID
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Exports

Exports

Scintilla_DirectFunction

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mykm.exe
.exe windows x86

8f67e2f775dadfaf17d2a4e4af00153d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4376
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord324
ord2370
ord2302
ord4234
ord4224
ord4853
ord940
ord939
ord2614
ord6334
ord5981
ord3092
ord4710
ord4278
ord5683
ord6929
ord6927
ord6877
ord2301
ord2299
ord2358
ord2086
ord3317
ord2379
ord3610
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord6055
ord1776
ord4401
ord5290
ord3402
ord4424
ord3639
ord692
ord656
ord567
ord4299
ord6880
ord6215
ord2863
ord812
ord6453
ord559
ord5862
ord4202
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord2294
ord2362
ord6199
ord2298
ord2864
ord2642
ord4275
ord941
ord802
ord654
ord5265
ord542
ord341
ord2764
ord2784
ord5710
ord5572
ord2915
ord924
ord5606
ord5643
ord6569
ord6648
ord922
ord5858
ord5603
ord5608
ord1622
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord1146
ord3742
ord818
ord1168
ord690
ord5353
ord5356
ord5808
ord5205
ord3229
ord6059
ord389
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord795
ord804
ord2621
ord6438
ord1134
ord765
ord781
ord2587
ord4406
ord3394
ord3729
ord3721
ord2361
ord1138
ord1621
ord1105
ord6785
ord755
ord470
ord2516
ord361
ord2859
ord2820
ord3811
ord6143
ord3499
ord2515
ord355
ord3874
ord5718
ord6378
ord6197
ord6380
ord2289
ord4284
ord3708
ord3698
ord4132
ord6136
ord6134
ord2363
ord3361
ord326
ord2291
ord2367
ord859
ord536
ord2360
ord2295
ord2364
ord2405
ord1641
ord5785
ord6194
ord1158
ord6394
ord5834
ord6383
ord5440
ord5450
ord2414
ord3626
ord2818
ord926
ord1200
ord2107
ord2044
ord537
ord3903
ord860
ord500
ord772
ord6142
ord5860
ord2450
ord540
ord2448
ord2841
ord825
ord823
ord323
ord1640
ord640
ord3571
ord3663
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord6282
ord6283
ord6928
ord6930
ord4277
ord858
ord2763
ord4129
ord800
ord541
ord535
ord6883
ord801
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_atoi64
fflush
_chdir
_access
memmove
exit
time
srand
__p___argc
__p___argv
ftell
fseek
fwrite
rand
sprintf
printf
isalnum
fread
strncmp
_setmbcp
atoi
__CxxFrameHandler
_ftol
floor
_mbscmp
fclose
fgets
fopen
setlocale
strcoll
qsort
_mbsicmp
free
strtol
strstr
strncpy
calloc
malloc
wcscmp
isspace
atol
fprintf
atof
_CxxThrowException
_controlfp

kernel32

GetTempPathA
GetModuleFileNameA
SetUnhandledExceptionFilter
CreateMutexA
ReleaseMutex
Sleep
MulDiv
WinExec
GetCurrentDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
GlobalFree
GetVersionExA
GetModuleHandleA
GetStartupInfoA
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
ResetEvent
ReadFile
CancelIo
WriteFile
WaitForSingleObject
GetOverlappedResult
FormatMessageW
LocalFree
GetProcAddress
LoadLibraryA
FreeLibrary
CloseHandle
GetLastError
Beep
CreateEventA
CreateFileA

user32

GetWindow
GetAsyncKeyState
CreateWindowExA
RegisterWindowMessageA
LoadIconA
PostMessageA
LoadAcceleratorsA
DrawIcon
IsIconic
UnregisterHotKey
GetKeyState
KillTimer
SetTimer
GetIconInfo
GetCursorInfo
SetForegroundWindow
IsWindowVisible
TranslateAcceleratorA
RegisterHotKey
GetMenuItemInfoA
ReleaseDC
GetWindowTextA
GetClassNameA
EnumWindows
SetWindowTextA
GetMenuItemCount
GetMenuItemID
ModifyMenuA
GetMenuState
GetParent
GetFocus
PtInRect
CreatePopupMenu
AppendMenuA
GetMenu
GetSubMenu
CheckMenuItem
GetClientRect
GetWindowRect
InvalidateRect
SendMessageA
EnableWindow
EnumDisplaySettingsA
GrayStringA
DrawTextA
TabbedTextOutA
MessageBoxA
GetDC
GetSystemMetrics
GetClipboardData
OpenClipboard
CloseClipboard
SetClipboardData
ChangeDisplaySettingsExA
GetCursorPos
ClientToScreen
LoadMenuA
TrackPopupMenu
CallWindowProcA
FindWindowExA
SetWindowLongA

gdi32

GetStockObject
SelectPalette
RealizePalette
GetBitmapBits
GetDeviceCaps
SetPixel
LPtoDP
GetMapMode
DPtoLP
GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
GetDIBits
CreateDCA
DeleteDC

shell32

Shell_NotifyIconA
ShellExecuteA
DragQueryFileA

winmm

timeEndPeriod
timeBeginPeriod

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
固件更新记录.txt
编辑器更新记录.txt

Sharing

General

Malware Config

Signatures

Files

77f881f041ef9b367af469b20a63451f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

imm32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 368KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 19KB - Virtual size: 19KB

8f67e2f775dadfaf17d2a4e4af00153d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

winmm

version

setupapi

dbghelp

Sections

.text Size: 248KB - Virtual size: 245KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 24KB - Virtual size: 21KB

.rsrc Size: 172KB - Virtual size: 169KB

.text
Size: 368KB - Virtual size: 368KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 19KB - Virtual size: 19KB

.text
Size: 248KB - Virtual size: 245KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 24KB - Virtual size: 21KB

.rsrc
Size: 172KB - Virtual size: 169KB