joker | 031232fd2a6bf37a2af72adb3c4d368e7fcf3d10b2d3c1372cf38cf9c25bfc01

Sharing

Copy URL

Twitter E-mail

General

Target

031232fd2a6bf37a2af72adb3c4d368e7fcf3d10b2d3c1372cf38cf9c25bfc01
Size

56KB
MD5

819bdbeea7ef91e0f32bee99678d4080
SHA1

ab3f5712781c6805fd19ee9e93d6d5fd47f666d0
SHA256

031232fd2a6bf37a2af72adb3c4d368e7fcf3d10b2d3c1372cf38cf9c25bfc01
SHA512

2b48cba66f4919b7cd48398af199b4648e4b016231aa88e9c546067ec157f997f453488ef5b48b6b54d4fec37d8ce0e9af6dc2f5c0714de71d691fe2f6b0c416
SSDEEP

1536:WZBxKZvZHDW9IDW8cUVgm3fewVK/VSBzS9:GxKZvZHDW9IDW87Wm3mwVK/VSBzS

Score

10^/10

joker

Malware Config

Extracted

Family

joker

http://wuji.oss-cn-hangzhou.aliyuncs.com

Signatures

Joker family
joker

Files

031232fd2a6bf37a2af72adb3c4d368e7fcf3d10b2d3c1372cf38cf9c25bfc01
.exe windows x86

a42d9cc75050e8fa98011e239ec2524e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetPrivateProfileStringW
FreeResource
LoadResource
SizeofResource
FindResourceW
lstrcatW
MultiByteToWideChar
GetLastError
WriteFile
CreateFileW
LockResource
GetVersionExW
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
ExpandEnvironmentStringsW
WinExec
GetModuleFileNameA
CopyFileW
GetModuleHandleA
GetStartupInfoA
GetModuleHandleW
CreateProcessW
CloseHandle
DeleteFileW
Sleep
CreateThread
TerminateThread

user32

SetWindowPos
SystemParametersInfoW
GetWindow
IsWindow
GetParent
GetWindowRect
SendMessageW
LoadImageW
GetSystemMetrics
RegisterClassW
LoadCursorW
CallWindowProcW
GetWindowLongW
ShowWindow
LoadStringW
wvsprintfW
SetWindowLongW
CreateWindowExW
DefWindowProcW
PostMessageW
wsprintfW
BeginPaint
EndPaint
PostQuitMessage
TranslateMessage
DispatchMessageW
GetMessageW

advapi32

RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

msvcp60

??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

comctl32

InitCommonControlsEx

msvcrt

__p__commode
wcstoul
_adjust_fdiv
wcsncpy
__setusermatherr
_initterm
_controlfp
_except_handler3
__set_app_type
__getmainargs
__p__fmode
_wcsdup
_snwprintf
wcsrchr
_purecall
time
__CxxFrameHandler
wcslen
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
strrchr
fopen
fprintf
fclose
sprintf
free
realloc
wcstol
wcscpy
_wcsicmp
??2@YAPAXI@Z
wcscmp

wininet

InternetSetFilePointer
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile

shlwapi

PathFileExistsW

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

a42d9cc75050e8fa98011e239ec2524e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp60

comctl32

msvcrt

wininet

shlwapi

psapi

iphlpapi

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 10KB