4afaf4635556de67bf629a11b3c8f3235672af9d822dade615148a11be6eced9

Sharing

Copy URL Twitter E-mail

General

Target

4afaf4635556de67bf629a11b3c8f3235672af9d822dade615148a11be6eced9
Size

1.1MB
MD5

4c22af5f2dee8cb0bcd63519428a0049
SHA1

3b95d1174048b5a025b4e705a7d6dbd7810644e9
SHA256

4afaf4635556de67bf629a11b3c8f3235672af9d822dade615148a11be6eced9
SHA512

b18443da921ca858d1941654aee3d1b5b9ddfe4c7f4c8174f8ab1a94bc16c2e3cc0d31cabf08032bf194c22d588331580f00dd89114cd8134a25184f0ee082d3
SSDEEP

24576:3YxAu3MNHThylcFxS+IEHrT1zmwReiik/J:o6u8JTAQS+5HrNRKk/J

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/5D自動化/dm.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/5D自動化/dm.dll	upx

Files

4afaf4635556de67bf629a11b3c8f3235672af9d822dade615148a11be6eced9
.rar
5D自動化/123buff456789招不撿東西.txt
5D自動化/123buff456789招自動撿東西.txt
5D自動化/123必殺熱血鬥氣456789招不撿東西(必殺精格).txt
5D自動化/123必殺熱血鬥氣456789招自動撿東西(必殺精格).txt
5D自動化/1血箭234567招(不撿東西).txt
5D自動化/1血箭234567招(自動撿東西).txt
5D自動化/5D自動化.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5D自動化/Config/Config.ini
5D自動化/F3BuffF2打(2BUFF 120秒).txt
5D自動化/F3BuffF2打(不撿東西).txt
5D自動化/F3BuffF2打(短BUFF不撿東西).txt
5D自動化/F3BuffF2打(血箭 120秒).txt
5D自動化/F3BuffF2打.txt
5D自動化/GlobalHotKey.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5D自動化/Newtonsoft.Json.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 511KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5D自動化/Texture/Backpack.bmp
5D自動化/Texture/ExpBox.bmp
5D自動化/Texture/Lunch.bmp
5D自動化/Texture/Lunch2.bmp
5D自動化/Texture/NoBox.bmp
5D自動化/Texture/VIP.bmp
5D自動化/Texture/VIP12H.bmp
5D自動化/Texture/VIP3H.bmp
5D自動化/Texture/VIP6H.bmp
5D自動化/Texture/VIPOpen.bmp
5D自動化/Texture/loading.bmp
5D自動化/Texture/menu.bmp
5D自動化/Update/5D自動化.zip
.zip
5D自動化/Update/5D赻趙.zip
.zip
5D自動化/dm.dll
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
CBFunA
CBFunB
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 684KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 753KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5D自動化/dmc.dll
.dll windows x86

c647bb5c9b0b1a483890c564bac2b2e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualFree
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
LocalFree
LoadLibraryW
IsValidLocale
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
InterlockedExchangeAdd
FreeLibrary
FormatMessageW
EnumSystemLocalesW
EnumCalendarInfoW
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

ole32

CoUninitialize
CoInitialize

Exports

Exports

ActiveInputMethod
AddDict
AppendPicAddr
AsmAdd
AsmCall
AsmClear
AsmCode
Assemble
BGR2RGB
Beep
BindWindow
BindWindowEx
Capture
CaptureGif
CaptureJpg
CapturePng
CapturePre
CheckFontSmooth
CheckInputMethod
CheckUAC
ClearDict
ClientToScreen
CmpColor
CopyFile
CreateDM
CreateFolder
CreateFoobarCustom
CreateFoobarEllipse
CreateFoobarRect
CreateFoobarRoundRect
DecodeFile
DelEnv
Delays
DeleteFile
DeleteFolder
DeleteIni
DeleteIniPwd
DisableFontSmooth
DisablePowerSave
DisableScreenSave
DmGuard
DoubleToData
DownCpu
DownloadFile
EnableBind
EnableDisplayDebug
EnableFakeActive
EnableGetColorByCapture
EnableIme
EnableKeypadMsg
EnableKeypadPatch
EnableKeypadSync
EnableMouseMsg
EnableMouseSync
EnableRealKeypad
EnableRealMouse
EnableSpeedDx
EncodeFile
EnterCri
EnumIniKey
EnumIniKeyPwd
EnumIniSection
EnumIniSectionPwd
EnumProcess
EnumWindow
EnumWindowByProcess
EnumWindowSuper
ExcludePos
ExitOs
FaqCancel
FaqCapture
FaqCaptureFromFile
FaqFetch
FaqGetSize
FaqPost
FaqRelease
FaqSend
FetchWord
FindColor
FindColorBlock
FindColorBlockEx
FindColorE
FindColorEx
FindData
FindDataEx
FindDouble
FindDoubleEx
FindFloat
FindFloatEx
FindInputMethod
FindInt
FindIntEx
FindMulColor
FindMultiColor
FindMultiColorE
FindMultiColorEx
FindNearestPos
FindPic
FindPicE
FindPicEx
FindPicExS
FindPicMem
FindPicMemE
FindPicMemEx
FindPicS
FindShape
FindShapeE
FindShapeEx
FindStr
FindStrE
FindStrEx
FindStrExS
FindStrFast
FindStrFastE
FindStrFastEx
FindStrFastExS
FindStrFastS
FindStrS
FindStrWithFont
FindStrWithFontE
FindStrWithFontEx
FindString
FindStringEx
FindWindow
FindWindowByProcess
FindWindowByProcessId
FindWindowEx
FindWindowSuper
FloatToData
FoobarClearText
FoobarClose
FoobarDrawLine
FoobarDrawPic
FoobarDrawText
FoobarFillRect
FoobarLock
FoobarPrintText
FoobarSetFont
FoobarSetSave
FoobarStartGif
FoobarStopGif
FoobarTextLineGap
FoobarTextPrintDir
FoobarTextRect
FoobarUnlock
FoobarUpdate
ForceUnBindWindow
FreeDM
FreePic
FreeProcessMemory
FreeScreenData
GetAveHSV
GetAveRGB
GetBasePath
GetBindWindow
GetClientRect
GetClientSize
GetClipboard
GetColor
GetColorBGR
GetColorHSV
GetColorNum
GetCommandLine
GetCursorPos
GetCursorShape
GetCursorShapeEx
GetCursorSpot
GetDict
GetDictCount
GetDictInfo
GetDir
GetDiskSerial
GetDmCount
GetEnv
GetFileLength
GetForegroundFocus
GetForegroundWindow
GetID
GetKeyState
GetLastError
GetMac
GetMachineCode
GetMachineCodeNoMac
GetModuleBaseAddr
GetMousePointWindow
GetNetTime
GetNetTimeByIp
GetNetTimeSafe
GetNowDict
GetOsType
GetPath
GetPicSize
GetPointWindow
GetProcessInfo
GetResultCount
GetResultPos
GetScreenData
GetScreenDataBmp
GetScreenDepth
GetScreenHeight
GetScreenWidth
GetSpecialWindow
GetTime
GetWindow
GetWindowClass
GetWindowProcessId
GetWindowProcessPath
GetWindowRect
GetWindowState
GetWindowTitle
GetWordResultCount
GetWordResultPos
GetWordResultStr
GetWords
GetWordsNoDict
ImageToBmp
IntToData
Is64Bit
IsBind
IsDisplayDead
IsFileExist
KeyDown
KeyDownChar
KeyPress
KeyPressChar
KeyPressStr
KeyUp
KeyUpChar
LeaveCri
LeftClick
LeftDoubleClick
LeftDown
LeftUp
LoadPic
LockDisplay
LockInput
LockMouseRect
Log
MatchPicName
Md5
MiddleClick
MoveDD
MoveFile
MoveR
MoveTo
MoveToEx
MoveWindow
Ocr
OcrEx
OcrInFile
OpenProcess
Play
RGB2BGR
ReadData
ReadDataAddr
ReadDouble
ReadDoubleAddr
ReadFile
ReadFileData
ReadFloat
ReadFloatAddr
ReadIni
ReadIniPwd
ReadInt
ReadIntAddr
ReadString
ReadStringAddr
Reg
RegEx
RegExNoMac
RegNoMac
RightClick
RightDown
RightUp
RunApp
SaveDict
ScreenToClient
SelectDirectory
SelectFile
SendCommand
SendPaste
SendString
SendString2
SendStringIme
SetClientSize
SetClipboard
SetColGapNoDict
SetDict
SetDictMem
SetDictPwd
SetDisplayAcceler
SetDisplayDelay
SetDisplayInput
SetEnumWindowDelay
SetEnv
SetExactOcr
SetExportDict
SetKeypadDelay
SetMemoryFindResultToFile
SetMemoryHwndAsProcessId
SetMinColGap
SetMinRowGap
SetMouseDelay
SetPath
SetPicPwd
SetRowGapNoDict
SetScreen
SetShowErrorMsg
SetSimMode
SetUAC
SetWindowSize
SetWindowState
SetWindowText
SetWindowTransparent
SetWordGap
SetWordGapNoDict
SetWordLineHeight
SetWordLineHeightNoDict
ShowScrMsg
SortPosDistance
Stop
StrStr
StringToData
TerminateProcess
UnBindWindow
UseDict
Ver
VirtualAllocEx
VirtualFreeEx
WaitKey
WheelDown
WheelUp
WriteData
WriteDataAddr
WriteDouble
WriteDoubleAddr
WriteFile
WriteFloat
WriteFloatAddr
WriteIni
WriteIniPwd
WriteInt
WriteIntAddr
WriteString
WriteStringAddr
delay

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5D自動化/中洞A區門口掛打自動撿.txt
5D自動化/無限空白.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 108KB - Virtual size: 108KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 17KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 511KB - Virtual size: 511KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 684KB

UPX1 Size: 753KB - Virtual size: 756KB

.rsrc Size: 50KB - Virtual size: 52KB

c647bb5c9b0b1a483890c564bac2b2e4

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

ole32

Exports

Exports

Sections

.text Size: 323KB - Virtual size: 323KB

.itext Size: 1KB - Virtual size: 1KB

.data Size: 11KB - Virtual size: 11KB

.bss Size: - Virtual size: 19KB

.idata Size: 3KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 340B

.edata Size: 8KB - Virtual size: 7KB

.reloc Size: 26KB - Virtual size: 25KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 108KB - Virtual size: 108KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 511KB - Virtual size: 511KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 684KB

UPX1
Size: 753KB - Virtual size: 756KB

.rsrc
Size: 50KB - Virtual size: 52KB

.text
Size: 323KB - Virtual size: 323KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 3KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 340B

.edata
Size: 8KB - Virtual size: 7KB

.reloc
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 9KB - Virtual size: 9KB