General

Malware Config

Signatures

Files

• 6827e7b27f12a6244f38291c4a20586a295e4fedd69522f50e1706bd3bf5f886

  .exe windows x86

  cb871d0278281aa3fb8279fd1a657917

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetLocalTime

  HeapFree

  HeapAlloc

  GetProcessHeap

  GlobalFree

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  GlobalSize

  GetTickCount

  GetStartupInfoA

  CreatePipe

  DisconnectNamedPipe

  TerminateProcess

  GetLastError

  WaitForMultipleObjects

  OutputDebugStringA

  GetDiskFreeSpaceExA

  GetDriveTypeA

  GlobalMemoryStatus

  GetSystemInfo

  OpenEventA

  SetErrorMode

  LocalSize

  OpenProcess

  lstrcmpiA

  GetCurrentThreadId

  GetModuleFileNameA

  DeleteFileA

  SetLastError

  MoveFileA

  WriteFile

  SetFilePointer

  ReadFile

  GetSystemDirectoryA

  GetFileSize

  RemoveDirectoryA

  LocalAlloc

  FindFirstFileA

  LocalReAlloc

  FindNextFileA

  LocalFree

  FindClose

  GetLogicalDriveStringsA

  GetVolumeInformationA

  FreeLibrary

  MultiByteToWideChar

  GetWindowsDirectoryA

  lstrcatA

  GetVersionExA

  GetPrivateProfileSectionNamesA

  lstrlenA

  GetPrivateProfileStringA

  lstrcmpA

  WideCharToMultiByte

  CancelIo

  InterlockedExchange

  lstrcpyA

  ResetEvent

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  WaitForSingleObject

  VirtualAlloc

  VirtualFree

  TerminateThread

  CloseHandle

  CreateEventA

  LoadLibraryA

  GetProcAddress

  CreateThread

  ExitProcess

  CreateToolhelp32Snapshot

  Process32First

  Process32Next

  InitializeCriticalSection

  GetCurrentProcess

  WinExec

  CreateFileA

  CreateProcessA

  ResumeThread

  Sleep

  SetEvent

  PeekNamedPipe

  user32

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  GetClipboardData

  GetSystemMetrics

  LoadCursorA

  DestroyCursor

  ReleaseDC

  GetDC

  SetCursorPos

  SetRect

  SetCapture

  GetCursorInfo

  SetProcessWindowStation

  OpenWindowStationA

  GetProcessWindowStation

  ExitWindowsEx

  GetWindowThreadProcessId

  IsWindowVisible

  CloseDesktop

  SetThreadDesktop

  GetWindowTextA

  WindowFromPoint

  CloseWindow

  CreateWindowExA

  IsWindow

  mouse_event

  MapVirtualKeyA

  SendMessageA

  BlockInput

  GetForegroundWindow

  GetCursorPos

  EnumWindows

  GetMessageA

  wsprintfA

  GetDesktopWindow

  MessageBoxA

  PostMessageA

  OpenDesktopA

  GetThreadDesktop

  GetUserObjectInformationA

  OpenInputDesktop

  gdi32

  CreateCompatibleDC

  CreateDIBSection

  SelectObject

  BitBlt

  CreateCompatibleBitmap

  GetDIBits

  DeleteObject

  DeleteDC

  advapi32

  RegOpenKeyA

  LookupAccountNameA

  IsValidSid

  LsaFreeMemory

  LsaRetrievePrivateData

  LsaOpenPolicy

  SetNamedSecurityInfoA

  BuildExplicitAccessWithNameA

  GetNamedSecurityInfoA

  SetEntriesInAclA

  RegCloseKey

  RegQueryValueExA

  CloseServiceHandle

  DeleteService

  ControlService

  QueryServiceStatus

  OpenServiceA

  OpenSCManagerA

  RegSetValueExA

  RegCreateKeyA

  RegQueryValueA

  RegOpenKeyExA

  CloseEventLog

  ClearEventLogA

  OpenEventLogA

  RegCreateKeyExA

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  OpenProcessToken

  FreeSid

  RegSetKeySecurity

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  AddAccessAllowedAce

  InitializeAcl

  GetLengthSid

  AllocateAndInitializeSid

  RegEnumValueA

  RegEnumKeyExA

  RegDeleteValueA

  RegDeleteKeyA

  CreateProcessAsUserA

  SetTokenInformation

  DuplicateTokenEx

  LookupAccountSidA

  GetTokenInformation

  LsaClose

  shell32

  SHGetFileInfoA

  SHGetSpecialFolderPathA

  ShellExecuteA

  msvcrt

  _strnicmp

  _strupr

  _strrev

  _strcmpi

  ??1type_info@@UAE@XZ

  calloc

  _beginthreadex

  realloc

  strncat

  strtok

  _snprintf

  _errno

  atoi

  strncmp

  strrchr

  strncpy

  sprintf

  _except_handler3

  free

  malloc

  strcat

  strcmp

  strchr

  strcpy

  memmove

  strstr

  strlen

  _ftol

  ceil

  memcpy

  ??3@YAXPAX@Z

  _CxxThrowException

  __CxxFrameHandler

  ??2@YAPAXI@Z

  memset

  shlwapi

  SHDeleteKeyA

  winmm

  waveOutOpen

  waveOutGetNumDevs

  waveInStart

  waveOutUnprepareHeader

  waveOutReset

  waveInClose

  waveInUnprepareHeader

  waveInReset

  waveInAddBuffer

  waveInPrepareHeader

  waveInOpen

  waveOutPrepareHeader

  waveOutClose

  waveInStop

  waveOutWrite

  waveInGetNumDevs

  ws2_32

  WSAIoctl

  gethostname

  setsockopt

  WSAGetLastError

  ioctlsocket

  __WSAFDIsSet

  recvfrom

  sendto

  listen

  accept

  getpeername

  bind

  getsockname

  inet_addr

  inet_ntoa

  send

  select

  closesocket

  recv

  ntohs

  socket

  gethostbyname

  htons

  connect

  WSACleanup

  WSAStartup

  msvcp60

  ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

  ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

  wininet

  InternetOpenUrlA

  InternetCloseHandle

  InternetOpenA

  InternetGetConnectedState

  InternetReadFile

  msvfw32

  ICSeqCompressFrame

  ICSendMessage

  ICOpen

  ICClose

  ICCompressorFree

  ICSeqCompressFrameEnd

  ICSeqCompressFrameStart

  wtsapi32

  WTSFreeMemory

  WTSQueryUserToken

  WTSQuerySessionInformationA

  userenv

  CreateEnvironmentBlock

  psapi

  EnumProcessModules

  GetModuleFileNameExA

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  QueryMediaInfo

  kugou_SetPlayerConfigDelegate

  Sections

  .text

  Size: 108KB - Virtual size: 105KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 16KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 12KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ