385b293b0839ee71aa5c64312cd886dc87292d6ebc19304252fe7af92ff24ff1

Sharing

Copy URL Twitter E-mail

General

Target

385b293b0839ee71aa5c64312cd886dc87292d6ebc19304252fe7af92ff24ff1
Size

1.5MB
MD5

735910e00c5397ccea5498a9f0d01a67
SHA1

c323696e8202028edb01160dd964a88444d86564
SHA256

385b293b0839ee71aa5c64312cd886dc87292d6ebc19304252fe7af92ff24ff1
SHA512

03b5707ad5fb4d6c1bef2f99f921d053fe71791438e6e3af66706c981575ca657e6a21bae09160057305fe99472c6726e988d4e1544b6d20276d012c876c9c7a
SSDEEP

24576:ImTZEbLxCsagEXTEVHonaudUCtVgrSKkqvv1RUZUMX:BqLxWbMInTdxVCSMPUZUMX

Score

N/A

Malware Config

Signatures

Files

385b293b0839ee71aa5c64312cd886dc87292d6ebc19304252fe7af92ff24ff1
.exe windows x86

68cc1fdbc5ccf83ce4ee0616ac40bda1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

irsdk

?IrSdk_StartRealPlay@@YAHW4enMEDIA_TYPE@@H@Z
?IrSdk_EnumMediaDevice@@YAHPADW4enMEDIA_TYPE@@QAPAD@Z
?IrSdk_Close@@YAHPAD@Z
?IrSdk_StartRealPlay@@YAHW4enMEDIA_TYPE@@@Z
?IrSdk_GetFuseScale@@YAHXZ
?IrSdk_Checkleakage@@YAH_N@Z
?IrSdk_SetCaptureMode@@YAHW4enCAPTURE_Mode@@@Z
?IrSdk_EnumHostDevice@@YAHQAPAD@Z
?IrSdk_Init@@YAHJP6GHJHPAEH@ZP6GHJW4enMEDIA_TYPE@@0H@Z@Z
?IrSdk_GetSdkInfo@@YAXPAUIrSdkInfo@@@Z
?IrSdk_SetFuseScale@@YAHH@Z
?IrSdk_GetCameraCutRect@@YAHPAUtagCutRect@@@Z
?IrSdk_SetCameraCutRect@@YAHPAUtagCutRect@@@Z
?IrSdk_GetCameraResolution@@YAHAAJ0@Z
?IrSdk_DeInit@@YAHXZ
?IrSdk_Open@@YAHPAD@Z

xzmzip

解密数据
RC4加密
zip解压指定文件
GetMd5
解压数据
GetMd5_F
RC4解密
GetMd5_W

kernel32

SetFilePointer
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
lstrcpynW
InitializeCriticalSectionEx
InitializeSListHead
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
OutputDebugStringW
IsDebuggerPresent
FormatMessageW
VerSetConditionMask
VerifyVersionInfoW
MulDiv
GetCurrentDirectoryW
FreeResource
WriteFile
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
SizeofResource
LockResource
LoadResource
Module32NextW
FindResourceExW
FindResourceW
WideCharToMultiByte
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetTickCount
CreateThread
Sleep
lstrlenW
GetQueuedCompletionStatus
lstrlenA
PostQueuedCompletionStatus
GetLastError
CloseHandle
GetSystemInfo
CreateIoCompletionPort
MultiByteToWideChar
ExitProcess
GetPrivateProfileStringW
GetSystemDirectoryW
lstrcmpW
WritePrivateProfileStringW
EnterCriticalSection
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
RaiseException
DecodePointer
DeleteCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
GetCurrentProcess
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32FirstW
Process32NextW
CreateFileW
GetFileSize
ReadFile
GetTempPathW
lstrcpyW
LocalFree
Module32FirstW

user32

LoadCursorW
SetCursor
MoveWindow
GetParent
ClientToScreen
IsWindowVisible
GetKeyNameTextW
GetKeyboardLayout
MapVirtualKeyExW
DrawTextA
SetCaretPos
ShowCaret
HideCaret
CreateCaret
EqualRect
GetWindowRgn
UpdateLayeredWindow
IsWindowEnabled
MonitorFromPoint
GetGUIThreadInfo
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
SetForegroundWindow
CharPrevW
SetRect
DrawTextW
FillRect
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
CreatePopupMenu
GetCaretPos
GetCaretBlinkTime
GetWindowTextLengthW
IsZoomed
InvalidateRect
GetSysColor
MapWindowPoints
SetWindowPos
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
DestroyWindow
GetKeyState
GetPropW
SetPropW
CallWindowProcW
GetWindowLongW
RegisterClassExW
GetClassInfoExW
RegisterClassW
LoadImageW
MonitorFromWindow
GetMonitorInfoW
SetFocus
GetMessageW
EnableWindow
GetWindow
SetWindowLongW
CreateWindowExW
DefWindowProcW
UnionRect
InflateRect
OffsetRect
GetActiveWindow
LoadIconW
DispatchMessageW
TranslateMessage
PostQuitMessage
PeekMessageW
EnumWindows
GetWindowThreadProcessId
MessageBoxW
ShowWindow
SetWindowTextW
CharNextW
MessageBoxA
SetActiveWindow
UnregisterDeviceNotification
RegisterDeviceNotificationW
SetTimer
KillTimer
wsprintfA
SetWindowRgn
GetWindowRect
IsIconic
IntersectRect
GetCursorPos
IsWindow
GetSystemMetrics
GetDC
CopyRect
DrawTextExW
IsRectEmpty
PostMessageW
SetCapture
SendMessageW
ReleaseCapture
GetClientRect
ScreenToClient
PtInRect
GetFocus
FindWindowExW

gdi32

CreateRoundRectRgn
BitBlt
SelectObject
CreateCompatibleBitmap
DeleteDC
StretchDIBits
CreateCompatibleDC
DeleteObject
CreatePen
Pie
Arc
CreateFontW
Polygon
Ellipse
SetTextAlign
SetViewportOrgEx
SetDIBColorTable
GetDIBColorTable
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
PtInRegion
CreateRectRgn
CreatePatternBrush
GdiFlush
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
SetTextColor
SetBkMode
GetObjectA
CreatePenIndirect
CreateSolidBrush
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
PlayEnhMetaFile
GetDeviceCaps
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
Rectangle
RestoreDC
SaveDC
RemoveFontMemResourceEx
CreateFontIndirectW
GetStockObject
GetObjectW
CreateDIBSection
SetStretchBltMode
StretchBlt
LineTo
MoveToEx

comdlg32

ChooseColorW
GetSaveFileNameW

advapi32

RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW

shell32

ShellExecuteW
DragQueryFileW
Shell_NotifyIconW

ole32

CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
DoDragDrop
RegisterDragDrop
OleLockRunning
CLSIDFromString
CLSIDFromProgID
ReleaseStgMedium
OleDuplicateData
CoTaskMemRealloc

oleaut32

SysFreeString
VarUI4FromStr
VarDateFromStr
VariantTimeToSystemTime
VariantInit
VariantClear
CreateErrorInfo
VariantChangeType
SysAllocString

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xbad_function_call@std@@YAXXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??Bid@locale@std@@QAEIXZ

shlwapi

PathIsDirectoryW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
StrToIntW

gdiplus

GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipDrawArcI
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetSolidFillColor
GdipFillPieI
GdipFillPolygonI
GdipLoadImageFromStream
GdipSaveImageToStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawString
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipCreateBitmapFromHBITMAP
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdiplusStartup
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFromHDC
GdipCreateFontFromDC
GdipFillPath
GdipDeleteGraphics
GdipCreateSolidFill
GdipCreateLineBrushI
GdipDrawPath
GdipClosePathFigure
GdipGetImagePixelFormat
GdipAddPathLineI
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipCreatePen1
GdipDeletePen
GdipSetPenStartCap
GdipSetPenEndCap
GdipAddPathArcI
GdipDeletePath
GdipCreatePath
GdipDrawRectangleI
GdipSetPenMode
GdipDrawLinesI
GdipDrawLineI
GdipSetSmoothingMode
GdiplusShutdown

msimg32

AlphaBlend
TransparentBlt

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

ws2_32

bind
htons
closesocket
WSAStartup
ioctlsocket
connect
WSARecv
WSASend
gethostbyname
setsockopt
gethostname
WSAGetLastError
WSASocketW
select
inet_addr
inet_ntoa
shutdown

hid

HidD_GetHidGuid

wininet

InternetOpenW
HttpQueryInfoW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime

vcruntime140

__std_terminate
wcsstr
wcsrchr
strstr
strchr
_except_handler4_common
__current_exception_context
__current_exception
memmove
memset
memcpy
memchr
__RTDynamicCast
_CxxThrowException
wcschr
_purecall
__std_exception_destroy
__std_exception_copy
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_set_new_mode
_recalloc
realloc
free
_callnewh

api-ms-win-crt-string-l1-1-0

isdigit
wcsncat
toupper
wcsncpy_s
wcsnlen
wcsncpy
_wcslwr_s
_wcslwr
strnlen
_wcsupr_s
_wcsicmp
iswspace
wmemcpy_s
strncpy
strncmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_initialize_onexit_table
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_controlfp_s
terminate
_invalid_parameter_noinfo_noreturn
_resetstkoflw
_crt_atexit
_exit
exit
_register_onexit_function
_invalid_parameter_noinfo
_errno
_beginthreadex

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-convert-l1-1-0

_itow
atoi
wcstod
strtol
wcstoul
_strtoi64
_wtof
mbstowcs_s
atof
_wtoi
wcstombs_s
wcstol

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vswprintf_s
fread
__stdio_common_vsprintf
__stdio_common_vsscanf
_wfopen
_wfopen_s
__stdio_common_vsprintf_s
__p__commode
_set_fmode
ferror
__stdio_common_vfprintf
fclose
fwrite
_get_stream_buffer_pointers
fgetc
fputc
ungetc
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
__acrt_iob_func

api-ms-win-crt-time-l1-1-0

_localtime64
strftime
_time64

api-ms-win-crt-multibyte-l1-1-0

_mbschr
_mbscmp
_mbsstr

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

ceil
_libm_sse2_tan_precise
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
ldexp
_libm_sse2_pow_precise
_libm_sse2_cos_precise
_libm_sse2_acos_precise
_CIfmod
_CIatan2
__setusermatherr
floor

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

Sections

.text
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68cc1fdbc5ccf83ce4ee0616ac40bda1

Headers

DLL Characteristics

File Characteristics

Imports

irsdk

xzmzip

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp140

shlwapi

gdiplus

msimg32

comctl32

imm32

ws2_32

hid

wininet

version

winmm

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 916KB - Virtual size: 916KB

.rdata Size: 192KB - Virtual size: 191KB

.data Size: 10KB - Virtual size: 14KB

.rsrc Size: 371KB - Virtual size: 371KB

.reloc Size: 73KB - Virtual size: 72KB

.text
Size: 916KB - Virtual size: 916KB

.rdata
Size: 192KB - Virtual size: 191KB

.data
Size: 10KB - Virtual size: 14KB

.rsrc
Size: 371KB - Virtual size: 371KB

.reloc
Size: 73KB - Virtual size: 72KB