5f2d2046c126e49e308b4e452aabf04b6201edcf6a6bcdb9e0a927110434196c

Sharing

Copy URL

Twitter E-mail

General

Target

5f2d2046c126e49e308b4e452aabf04b6201edcf6a6bcdb9e0a927110434196c
Size

785KB
MD5

0a18c645928f3dbc3e1237b3c52e5cf5
SHA1

6bc775b711cab91897b08647a4b130a19774f6f6
SHA256

5f2d2046c126e49e308b4e452aabf04b6201edcf6a6bcdb9e0a927110434196c
SHA512

9fd361727b8f57d3c590a4112cc2bab6974c3b4f54bac022f69f24c52036832a2f63e1d4141a29ff04261ca0d71a8fca302c3c66fb120eb144ddfbb7c2ae2cff
SSDEEP

24576:8X3xV8SlG8AxT4/Kp2s5SyZUk6zRVnghcUUP+Rket:8n4EG16KpIUgPGF

Score

N/A

Malware Config

Signatures

Files

5f2d2046c126e49e308b4e452aabf04b6201edcf6a6bcdb9e0a927110434196c
.7z

Password: infected
点击安装(飞机)简体中文语言包_v34.exe
.exe windows x64

ddc0b540b3a49ef4972fa7a971dcc1ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WriteConsoleW
WriteFile

shell32

ShellExecuteExW

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
英文客户基本聊天用语4d.exe
.exe windows x64

e54be3ec7de34f1360c2341f745c2d90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
RaiseException
RtlPcToFileHeader
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetFileAttributesA
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
GetCurrentProcess
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FormatMessageA
LocalFree
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetModuleFileNameW
GetCurrentProcessId
SetLastError
GlobalAddAtomA
GlobalUnlock
WritePrivateProfileStringA
GlobalFree
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetVersion
CompareStringA
MultiByteToWideChar
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
Sleep
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetLastError
CreateMutexA
CloseHandle
WriteFile
GetStdHandle
CreateFileA

user32

GetSysColorBrush
UnregisterClassA
RegisterClipboardFormatA
LoadCursorA
ShowWindow
SetWindowTextA
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowPlacement
GetWindowRect
GetSysColor
SystemParametersInfoA
DestroyMenu
CopyRect
LoadIconA
IsIconic
SendMessageA
GetSystemMetrics
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
GetClientRect
EnableWindow
PostMessageA
PostQuitMessage
SetWindowPos
GetParent
GetWindow
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
GetActiveWindow
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect

gdi32

DeleteDC
GetStockObject
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
CreateBitmap
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
PtVisible

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
话术大全@88.exe
.exe windows x64

239dcb9072514b82a82f6f343648dd9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
GetCPInfo
FreeEnvironmentStringsW
GetOEMCP
Sleep
GetTimeZoneInformation
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
HeapSize
VirtualQuery
GetSystemInfo
RtlPcToFileHeader
RaiseException
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwindEx
RtlLookupFunctionEntry
GetStartupInfoW
GetTickCount
SetErrorMode
GetVersionExW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CreateFileW
GetShortPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
lstrcmpiW
GetStringTypeExW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
MoveFileW
GetCurrentDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
lstrlenA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
SetFileTime
GetFileAttributesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleHandleA
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GetModuleFileNameW
GetVersion
GetCurrentProcessId
GlobalGetAtomNameW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
lstrcmpW
GetModuleHandleW
GetVersionExA
WideCharToMultiByte
GetLastError
GlobalAlloc
FormatMessageW
LocalFree
lstrlenW
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
ExitProcess
GetThreadLocale
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
HeapFree
VirtualFree
VirtualProtect
LoadLibraryA
SetLastError
GetProcAddress
FreeLibrary
GetACP
VirtualAlloc

user32

CreateMenu
PostThreadMessageW
GetTabbedTextExtentA
GetDCEx
LockWindowUpdate
RegisterClipboardFormatW
UnregisterClassW
WindowFromPoint
SetParent
DeleteMenu
IsRectEmpty
GetSysColorBrush
LoadCursorW
DestroyCursor
SetRect
KillTimer
SetWindowContextHelpId
MapDialogRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowOwnedPopups
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
GetDC
ReleaseDC
IsZoomed
UnpackDDElParam
ReuseDDElParam
DestroyMenu
GetWindowThreadProcessId
SetCursor
ReleaseCapture
LoadAcceleratorsW
InvalidateRect
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetFocus
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
IsWindowVisible
GetMenu
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
GetWindow
SetFocus
SetWindowRgn
DrawIcon
FindWindowW
MessageBeep
GetNextDlgGroupItem
SetCapture
InvalidateRgn
CopyAcceleratorTableW
CharNextW
CharUpperW
DestroyIcon
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetMenuItemID
GetMenuItemCount
RemoveMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
MessageBoxA
SetTimer
GetClientRect
FillRect
GetSystemMetrics
SetWindowPos
UpdateWindow
LoadBitmapW
LoadIconW
GetWindowRect
SendMessageW
LoadMenuW
GetSubMenu
EnableWindow
SendDlgItemMessageA
UnregisterClassA

gdi32

TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
SetTextAlign
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
CreatePen
DPtoLP
StartPage
EndPage
SetAbortProc
RectVisible
EndDoc
GetViewportOrgEx
PatBlt
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
LPtoDP
Ellipse
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
GetTextExtentPoint32A
GetWindowOrgEx
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
PtVisible
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
AbortDoc
CreateSolidBrush
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
ExtTextOutW
CreateFontIndirectW
StretchDIBits
DeleteDC
CreateFontW
GetCharWidthW
DeleteObject
GetTextExtentPoint32W
GetTextMetricsW
CreateCompatibleBitmap
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateDCW
GetDeviceCaps
BitBlt
Rectangle
SelectObject
CreateCompatibleDC
PtInRegion
CreateEllipticRgn
GetObjectW

comdlg32

GetFileTitleW

winspool.drv

GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

GetFileSecurityW
SetFileSecurityW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegSetValueW
RegCloseKey
RegCreateKeyW

shell32

DragFinish
DragQueryFileW
ExtractIconW
SHGetFileInfoW
Shell_NotifyIconW

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
CoRegisterMessageFilter
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoRevokeClassObject
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorageOnILockBytes

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysStringLen

ws2_32

WSACleanup
WSAStartup

Sections

.text
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 222KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 818KB - Virtual size: 817KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
资金盘切客前的裂变话术@.exe
.exe windows x86

b0b055541cd4dccc74780cf90f57ae4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapSize
GetProcessHeap
Sleep
GetProcessTimes
GetCurrentProcess
ExitProcess
TerminateProcess
CreateProcessA
OpenProcess
GetSystemTime
GetModuleHandleExW
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentDirectoryW
CreateFileW
GetFileAttributesW
LocalFileTimeToFileTime
ReadFile
SetFilePointer
SetFileTime
WriteFile
GetFileInformationByHandle
GetFileSize
GetLocalTime
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OutputDebugStringW
HeapReAlloc
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
GetTimeZoneInformation
MoveFileExW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
FlushFileBuffers
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
HeapAlloc
CloseHandle
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
DecodePointer
CreateDirectoryW
GetCommandLineW
MultiByteToWideChar
DeleteCriticalSection
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetCommandLineA
GetStdHandle
InitializeCriticalSectionEx
GetLastError
RaiseException
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetFullPathNameW
GetDriveTypeW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwind
GetLocaleInfoEx
GetCPInfo
CompareStringEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
LocalFree
EncodePointer
LCMapStringEx

user32

SendMessageW
GetDesktopWindow
ShowWindow
SetWindowPos
IsWindowVisible
wsprintfW
EnumWindows
GetWindowThreadProcessId
GetClassNameW

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey

shell32

CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysFreeString
VariantClear
SysAllocString

mscoree

CLRCreateInstance
CorBindToRuntimeEx

ws2_32

inet_addr
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
gethostbyaddr
socket
closesocket
connect
htons
recv
send

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

ddc0b540b3a49ef4972fa7a971dcc1ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

advapi32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 3KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 4KB - Virtual size: 4KB

.retplne Size: 512B - Virtual size: 140B

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 2KB - Virtual size: 1KB

e54be3ec7de34f1360c2341f745c2d90

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

Sections

.text Size: 169KB - Virtual size: 168KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 12KB - Virtual size: 34KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 38KB - Virtual size: 38KB

239dcb9072514b82a82f6f343648dd9a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Sections

.text Size: 428KB - Virtual size: 428KB

.rdata Size: 165KB - Virtual size: 164KB

.data Size: 222KB - Virtual size: 245KB

.pdata Size: 33KB - Virtual size: 32KB

.rsrc Size: 818KB - Virtual size: 817KB

b0b055541cd4dccc74780cf90f57ae4c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

mscoree

ws2_32

Sections

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 4KB - Virtual size: 4KB

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 169KB - Virtual size: 168KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 12KB - Virtual size: 34KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 38KB - Virtual size: 38KB

.text
Size: 428KB - Virtual size: 428KB

.rdata
Size: 165KB - Virtual size: 164KB

.data
Size: 222KB - Virtual size: 245KB

.pdata
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 818KB - Virtual size: 817KB

.text
Size: 424KB - Virtual size: 423KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 23KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 17KB - Virtual size: 17KB