e67e41cd507953a59d5e4fcb31985538dd609eb9ae1ddba1b555478227134357

Sharing

Copy URL Twitter E-mail

General

Target

e67e41cd507953a59d5e4fcb31985538dd609eb9ae1ddba1b555478227134357
Size

787KB
MD5

681c46165324f0e87c21bd1da2083a27
SHA1

d6391bdd7968b28e74a1049c4d3869973f329bdd
SHA256

e67e41cd507953a59d5e4fcb31985538dd609eb9ae1ddba1b555478227134357
SHA512

116ca1d433c8fdafd049b3eb2591bea235fbb48aeba68503a7e899ade39ea8abf0573465c4232c3d2b3f54629fda36ba8feb0530e0918a8cb6a7472fb14a8631
SSDEEP

12288:NVYEdMl8DKPhTcIp83yGnp0VrG8Me8i4DXkJ9F/w3EIVzj2BA8UI4GtRAcL+eAm7:s8JWCsr5Me8iuXi9hvIV+BTHHbLaIx

Score

N/A

Malware Config

Signatures

Files

e67e41cd507953a59d5e4fcb31985538dd609eb9ae1ddba1b555478227134357
.zip
CLaunch/CLaunch.exe
.exe windows x64

acfb44448985a1737f1c4485ae5437cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CompareStringW
FileTimeToSystemTime
TerminateThread
GlobalAlloc
GlobalFree
FileTimeToLocalFileTime
GlobalLock
LocalFree
GetTimeFormatW
GetDateFormatW
GlobalUnlock
SetEndOfFile
GetTempPathW
MultiByteToWideChar
CopyFileW
GetTempFileNameW
SetSystemPowerState
GetPrivateProfileIntW
TerminateProcess
CreateToolhelp32Snapshot
GetPrivateProfileStringW
Process32NextW
Process32FirstW
CreateProcessW
SetThreadExecutionState
GetFileTime
GlobalReAlloc
WriteConsoleW
HeapSize
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
MoveFileW
GetFileType
LCMapStringW
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
GetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CompareFileTime
GetFileSize
DeleteFileW
GetSystemDirectoryW
EnumResourceNamesW
SetFilePointer
RemoveDirectoryW
ExpandEnvironmentStringsW
WriteFile
SizeofResource
ReadFile
CreateDirectoryW
WideCharToMultiByte
GetModuleHandleW
MulDiv
HeapDestroy
FindClose
VirtualAlloc
FindNextFileW
HeapFree
HeapCreate
FindFirstFileW
LoadLibraryExW
lstrcmpW
GetTickCount
lstrcmpiW
CreateFileW
SetProcessWorkingSetSize
GetSystemTime
lstrcpyW
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetProcAddress
GetWindowsDirectoryW
SetCurrentDirectoryW
HeapAlloc
FindResourceW
LoadResource
LoadLibraryW
CloseHandle
HeapReAlloc
LockResource
lstrcatW
GetUserDefaultLCID
Sleep
OpenProcess
GetVersionExW
GetCurrentThreadId
WaitForSingleObject
GetModuleFileNameW
SetPriorityClass
lstrcpynW
lstrlenW
GetCurrentProcess
VirtualFree
GetConsoleMode

user32

IsDlgButtonChecked
IsWindowEnabled
SendDlgItemMessageW
GetDlgItemTextW
SetDlgItemTextW
GetDlgCtrlID
GetWindowLongPtrW
SetWindowTextW
EndDialog
CallNextHookEx
FillRect
CheckRadioButton
MessageBoxW
GetDC
GetFocus
UpdateWindow
DrawTextW
IsWindow
GetCursorPos
SetForegroundWindow
ReleaseCapture
PtInRect
DialogBoxParamW
RegisterWindowMessageW
EnableMenuItem
GetDesktopWindow
PostQuitMessage
KillTimer
SetRectEmpty
GetWindowDC
IntersectRect
UnhookWindowsHookEx
SetFocus
GetClassNameW
SetWindowsHookExW
GetDlgItemInt
GetClientRect
GetDlgItem
DrawIconEx
CheckDlgButton
SetDlgItemInt
GetParent
LoadImageW
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
IsRectEmpty
OffsetRect
GetIconInfo
MonitorFromWindow
InvertRect
GetSysColor
CopyRect
LookupIconIdFromDirectoryEx
CharNextW
CreateIconFromResource
CharPrevW
CreateIconFromResourceEx
CharUpperW
SystemParametersInfoW
SetClipboardData
SetParent
EmptyClipboard
IsIconic
UnhookWinEvent
SetWinEventHook
EnumWindows
SetMenuDefaultItem
GetKeyNameTextW
RegisterClipboardFormatW
CreatePopupMenu
SetRect
PostThreadMessageW
CheckMenuItem
TrackPopupMenuEx
wsprintfW
SetCursor
SetCapture
LoadCursorW
FindWindowW
LoadIconW
GetClipboardData
TranslateMessage
BringWindowToTop
SendNotifyMessageW
DestroyMenu
MoveWindow
GetForegroundWindow
AttachThreadInput
TrackMouseEvent
GetDoubleClickTime
SetMenuItemInfoW
CloseClipboard
ExitWindowsEx
ClientToScreen
GetMonitorInfoW
DestroyIcon
SetTimer
DispatchMessageW
OpenClipboard
GetAsyncKeyState
ShowWindow
GetSubMenu
LoadStringW
WindowFromPoint
RegisterClassExW
GetShellWindow
SetClassLongPtrW
GetSystemMetrics
SendMessageW
ScreenToClient
CreateWindowExW
EnumDisplayMonitors
SetWindowLongPtrW
SetWindowPos
IsWindowVisible
EnableWindow
GetWindowTextW
GetWindowThreadProcessId
GetMessageW
GetMenuItemInfoW
DefWindowProcW
LoadMenuW
PostMessageW
MapVirtualKeyW
MonitorFromPoint
CheckMenuRadioItem
GetWindowRect
InsertMenuItemW
DestroyWindow

gdi32

CreateCompatibleBitmap
BitBlt
Polygon
MoveToEx
CreateCompatibleDC
CreatePolygonRgn
SetDIBits
CreateDIBitmap
CreateDIBSection
StretchBlt
GetClipRgn
GetDIBits
GetDeviceCaps
CreateRectRgn
DeleteDC
SelectClipRgn
SetStretchBltMode
CreateFontIndirectW
CombineRgn
GetObjectA
SelectObject
GetStockObject
GetPixel
GetTextExtentPoint32W
SetBkMode
CreatePen
Rectangle
DeleteObject
LineTo
SetTextColor
CreateSolidBrush

comdlg32

GetSaveFileNameW
ChooseColorW
ChooseFontW
GetOpenFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW

shell32

ExtractIconExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
DuplicateIcon
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHQueryRecycleBinW
ShellExecuteW
SHFileOperationW
Shell_NotifyIconW

ole32

RevokeDragDrop
RegisterDragDrop
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CoCreateInstance
CoInitializeEx
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

SysAllocString
SysFreeString

comctl32

CreatePropertySheetPageW
ImageList_Destroy
ord410
ord413
ImageList_ReplaceIcon
ImageList_Create
PropertySheetW
ord412
ord17
ImageList_GetIcon

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext
ImmSetOpenStatus

shlwapi

PathIsDirectoryW
PathIsUNCW
PathIsURLW
PathRemoveExtensionW
PathFindFileNameW
StrStrIW
PathUnquoteSpacesW
PathRemoveBackslashW
StrDupW
PathQuoteSpacesW
StrFormatByteSizeW
PathAddBackslashW
PathIsRootW
PathAppendW
PathRemoveBlanksW
PathCombineW
PathRemoveFileSpecW
PathRemoveArgsW
AssocQueryStringW
PathIsSameRootW
ord176
StrRetToBufW
PathRenameExtensionW
PathFileExistsW

gdiplus

GdipDrawRectangleI
GdipFillPolygonI
GdipDrawPolygonI
GdipCreatePen2
GdiplusStartup
GdiplusShutdown
GdipCreateStringFormat
GdipDeleteFontFamily
GdipGetFamily
GdipCreateFontFromLogfontA
GdipAddPathString
GdipDeleteBrush
GdipDrawImageRectI
GdipDeletePath
GdipDisposeImage
GdipSetSmoothingMode
GdipCreatePath
GdipSetStringFormatLineAlign
GdipSetInterpolationMode
GdipGetFontStyle
GdipFillPath
GdipCreateFontFromDC
GdipDrawPath
GdipDrawString
GdipCreateSolidFill
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipMeasureString
GdipFillRectangleI
GdipCreateBitmapFromHICON
GdipDeleteGraphics
GdipDeleteStringFormat
GdipSetCompositingMode
GdipDeleteFont
GdipGetFontSize
GdipDeletePen
GdipCreatePen1
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetPenLineJoin

Sections

.text
Size: 691KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLaunch/ClAdmin.exe
.exe windows x64

4371732118d32f62a4697ae6bbc071c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentThreadId
GetVersionExW
OpenProcess
Sleep
lstrcatW
CloseHandle
LoadLibraryW
GetProcAddress
GetCurrentProcessId
CreateProcessW
FreeLibrary
lstrcpyW
K32EnumProcessModules
SetProcessWorkingSetSize
lstrcmpiW
GetTickCount
WriteConsoleW
CreateFileW
K32GetModuleFileNameExW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
GetStringTypeW
GetFileType
GetModuleFileNameW
SetFilePointerEx
GetCurrentProcess
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapAlloc
HeapFree
FindClose
FindFirstFileExW

user32

SetTimer
SetForegroundWindow
PostQuitMessage
GetWindowThreadProcessId
GetMessageW
DefWindowProcW
AllowSetForegroundWindow
KillTimer
CreateWindowExW
RegisterClassExW
IsWindow
DispatchMessageW
PostMessageW
AttachThreadInput
GetForegroundWindow
EnumWindows
BringWindowToTop
TranslateMessage
LoadIconW
GetClassNameW

advapi32

GetTokenInformation
OpenProcessToken

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocString

shlwapi

PathAppendW
ord176
PathRemoveFileSpecW
StrStrIW

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLaunch/ClHook.dll
.dll windows x64

e5f385c6666e179fdbccbd9d35ae8737

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteProcessMemory
CreateMutexW
WaitForSingleObject
GetVersionExW
ReleaseMutex
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
LoadLibraryW
GetProcAddress
ReadProcessMemory
GetCurrentProcessId
FreeLibrary
lstrcpyW
lstrcmpiW
OpenMutexW
GetTickCount
lstrcmpW
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
RaiseException

user32

WindowFromPoint
GetWindowTextW
GetParent
GetWindowThreadProcessId
PostMessageW
FindWindowExW
IsWindowVisible
ScreenToClient
SetWindowsHookExW
CallNextHookEx
GetSystemMetrics
SendMessageW
GetAsyncKeyState
GetWindowInfo
GetDoubleClickTime
GetForegroundWindow
UnhookWindowsHookEx
GetClassNameW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear

shlwapi

StrStrIW

Exports

Exports

_ClCheckFullScreen
_ClCheckMouseCircle
_ClCheckPtOnEdge
_ClCheckSuppression
_ClClrWindowControlReq
_ClGetDllVersion
_ClGetWindowControlReq
_ClIsExplorerWindow
_ClOperateKeyboardHook
_ClOperateMouseHook
_ClSendSettings
_ClSetWindowControlReq

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GLOBALS
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLaunch/Languages/Chinese.dll
.dll windows x64

9059099771e953ef16fc8ef1e3f7c07e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
RaiseException

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLaunch/Languages/English.dll
.dll windows x64

c05b1ab481f28cc9910acfd650f5b723

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLaunch/Plugins/ClWndCtl.dll
.dll windows x64

494190d96ab78ce2795d3f57493d4192

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
GetProcessHeap
OpenProcess
LoadLibraryW
GetVersionExW
lstrcpynW
TerminateProcess
lstrcmpW
lstrlenW
GetProcAddress
lstrcmpiW
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
lstrcpyW
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
WriteFile
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
DecodePointer
ExitProcess
GetModuleHandleW
Sleep
FlsAlloc
GetLastError
HeapSize
SetLastError
FreeLibrary
EnterCriticalSection
HeapReAlloc
FlsSetValue
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree

user32

IsIconic
SetCapture
PostMessageW
IsZoomed
SetForegroundWindow
DialogBoxParamW
GetParent
AttachThreadInput
WindowFromPoint
GetWindowLongPtrW
SetFocus
EnumWindows
wsprintfW
InsertMenuItemW
GetForegroundWindow
TrackPopupMenuEx
GetWindowTextW
GetClassNameW
GetDlgItem
EndDialog
SendDlgItemMessageW
GetDesktopWindow
SetWindowPos
GetCursorPos
LoadStringW
CheckDlgButton
ShowWindow
CreatePopupMenu
IsDlgButtonChecked
ReleaseCapture
IsWindowVisible
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
EnableWindow
DestroyMenu
SetWindowTextW
GetWindowThreadProcessId
ShowWindowAsync

comdlg32

GetOpenFileNameW

Exports

Exports

ClPluginEventHandler

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLaunch/Setup.exe
.exe windows x64

11a8e7c47aeb323fecd7d335c9bd5d61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileSize
GetProcessHeap
lstrcpyW
lstrcmpW
HeapReAlloc
CreateDirectoryW
FindFirstFileW
GetFullPathNameW
FindNextFileW
GetDiskFreeSpaceW
RemoveDirectoryW
GetModuleFileNameW
GetTempPathW
FindClose
WaitForSingleObject
LocalAlloc
GetFileAttributesW
GetSystemDirectoryW
OpenProcess
SetFileAttributesW
Sleep
GetLastError
GetUserDefaultLCID
DeleteFileW
LoadLibraryW
SetCurrentDirectoryW
GetWindowsDirectoryW
GetProcAddress
LocalFree
MoveFileExW
CreateProcessW
GetModuleHandleW
CopyFileW
WideCharToMultiByte
GetTempFileNameW
lstrcmpiW
GetTickCount
MoveFileW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapDestroy
HeapSize
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetACP
GetModuleHandleExW
ExitProcess
HeapAlloc
CloseHandle
lstrcatW
MultiByteToWideChar
CreateFileW
SetEndOfFile
SetFilePointer
VirtualAlloc
WriteFile
VirtualFree
lstrlenW
HeapFree
HeapCreate
ReadFile
LoadLibraryExW
FreeLibrary
FindResourceW
LoadResource
LockResource
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetVersionExW
FlushFileBuffers
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter

user32

SetFocus
LoadStringW
MessageBoxW
GetWindowThreadProcessId
PostMessageW
GetWindowRect
SetWindowPos
SetWindowLongPtrW
IsWindowVisible
EndDialog
GetSystemMetrics
GetShellWindow
IsWindow
SetTimer
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
IsDlgButtonChecked
EnumWindows
SendMessageW
LoadIconW
GetClassNameW
GetDlgItemInt
GetDlgItem
KillTimer
CheckDlgButton
SetDlgItemInt
GetParent
DialogBoxParamW
SetForegroundWindow
EnableWindow
wsprintfW
SetRect

advapi32

SetNamedSecurityInfoW
LookupAccountSidW
GetUserNameW
RegCloseKey
RegEnumKeyW
GetAclInformation
GetAce
GetSidSubAuthorityCount
RegDeleteKeyW
GetSidLengthRequired
RegCreateKeyExW
CopySid
GetNamedSecurityInfoW
DeleteAce
RegSetValueExW
RegOpenKeyExW
AddAccessAllowedAceEx
RegQueryValueExW

shell32

SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString

comctl32

PropertySheetW

shlwapi

PathRemoveFileSpecW
ord176
StrStrIW
PathAddBackslashW
PathFileExistsW
PathCombineW
PathIsRootW
PathIsDirectoryW
PathFindFileNameW
PathRemoveBackslashW

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLaunch/使用说明（必看）.TXT
CLaunch/点我查看更多资源.url
.url
CLaunch/访问易破解网站.url
.url

Sharing

General

Malware Config

Signatures

Files

acfb44448985a1737f1c4485ae5437cc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

imm32

shlwapi

gdiplus

Sections

.text Size: 691KB - Virtual size: 690KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 4KB - Virtual size: 44KB

.pdata Size: 27KB - Virtual size: 26KB

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 2KB - Virtual size: 2KB

4371732118d32f62a4697ae6bbc071c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 2KB - Virtual size: 1KB

e5f385c6666e179fdbccbd9d35ae8737

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 3KB

.GLOBALS Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

9059099771e953ef16fc8ef1e3f7c07e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 46KB - Virtual size: 48KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 691KB - Virtual size: 690KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 4KB - Virtual size: 44KB

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 3KB

.GLOBALS
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 46KB - Virtual size: 48KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 65KB - Virtual size: 64KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 474B

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 3KB - Virtual size: 40KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 1KB