General

Malware Config

Signatures

Files

• d897f6f697f7043f110593e4da68fd9394e69a69e7075457f155bf6ed748c004

  .rar
• 缩水记录软件.exe

  .exe windows x86

  76fcf106452e70f24cc861b2b01bb6d9

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  rasapi32

  RasGetConnectStatusA

  RasHangUpA

  winmm

  midiStreamRestart

  midiStreamClose

  midiOutReset

  midiStreamStop

  midiStreamOut

  waveOutUnprepareHeader

  waveOutPrepareHeader

  waveOutWrite

  waveOutPause

  waveOutReset

  waveOutClose

  waveOutGetNumDevs

  waveOutOpen

  midiOutPrepareHeader

  midiStreamProperty

  midiStreamOpen

  midiOutUnprepareHeader

  ws2_32

  send

  select

  WSACleanup

  WSAStartup

  inet_ntoa

  closesocket

  WSAAsyncSelect

  accept

  getpeername

  recv

  ioctlsocket

  recvfrom

  kernel32

  MultiByteToWideChar

  GetVersion

  lstrcmpiA

  WideCharToMultiByte

  InterlockedExchange

  IsBadCodePtr

  IsBadReadPtr

  CompareStringW

  CompareStringA

  GetStringTypeW

  GetStringTypeA

  SetUnhandledExceptionFilter

  IsBadWritePtr

  VirtualAlloc

  LCMapStringW

  LCMapStringA

  SetEnvironmentVariableA

  VirtualFree

  HeapCreate

  HeapDestroy

  GetEnvironmentVariableA

  GetStdHandle

  SetHandleCount

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  UnhandledExceptionFilter

  GetFileType

  SetStdHandle

  GetACP

  HeapSize

  RaiseException

  GetLocalTime

  GetSystemTime

  RtlUnwind

  GetStartupInfoA

  GetOEMCP

  GetCPInfo

  GetProcessVersion

  SetErrorMode

  GlobalFlags

  GetCurrentThread

  GetFileTime

  TlsGetValue

  LocalReAlloc

  TlsSetValue

  TlsFree

  GlobalHandle

  TlsAlloc

  LocalAlloc

  lstrcmpA

  GlobalGetAtomNameA

  GlobalAddAtomA

  GlobalFindAtomA

  GlobalDeleteAtom

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  DuplicateHandle

  lstrcpynA

  FileTimeToLocalFileTime

  LocalFree

  InterlockedDecrement

  InterlockedIncrement

  TerminateProcess

  GetCurrentProcess

  GetFileSize

  SetFilePointer

  CreateToolhelp32Snapshot

  Process32First

  Process32Next

  SetLastError

  GetTimeZoneInformation

  FileTimeToSystemTime

  CreateSemaphoreA

  ResumeThread

  ReleaseSemaphore

  EnterCriticalSection

  LeaveCriticalSection

  GetProfileStringA

  CloseHandle

  WaitForSingleObject

  GetTickCount

  GetCommandLineA

  MulDiv

  GetEnvironmentStringsW

  GetProcAddress

  GetModuleHandleA

  GetVolumeInformationA

  SetCurrentDirectoryA

  WriteFile

  ReadFile

  GetLastError

  WaitForMultipleObjects

  CreateFileA

  SetEvent

  FindResourceA

  LoadResource

  LockResource

  GetModuleFileNameA

  GetCurrentThreadId

  ExitProcess

  GlobalSize

  GlobalFree

  DeleteCriticalSection

  InitializeCriticalSection

  lstrcatA

  WinExec

  lstrcpyA

  FindNextFileA

  GlobalReAlloc

  HeapFree

  HeapReAlloc

  GetProcessHeap

  HeapAlloc

  GetFullPathNameA

  FreeLibrary

  LoadLibraryA

  lstrlenA

  GetVersionExA

  WritePrivateProfileStringA

  CreateThread

  CreateEventA

  Sleep

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  FindFirstFileA

  FindClose

  GetFileAttributesA

  GetSystemTime

  GetLocalTime

  SystemTimeToFileTime

  CompareFileTime

  GetTickCount

  TerminateProcess

  GetCurrentProcess

  InitializeCriticalSection

  GetModuleFileNameW

  GetModuleHandleW

  DeleteCriticalSection

  LoadLibraryW

  CreateEventW

  CompareStringW

  SetLastError

  GetModuleHandleA

  VirtualProtect

  EnterCriticalSection

  LeaveCriticalSection

  VirtualFree

  VirtualAlloc

  WriteProcessMemory

  CreateToolhelp32Snapshot

  GetCurrentProcessId

  GetCurrentThreadId

  Thread32First

  OpenThread

  Thread32Next

  CloseHandle

  SuspendThread

  ResumeThread

  GetSystemInfo

  FreeLibrary

  LoadResource

  FindResourceExW

  MultiByteToWideChar

  GetThreadLocale

  GetUserDefaultLCID

  GetSystemDefaultLCID

  WideCharToMultiByte

  DecodePointer

  EncodePointer

  GetCommandLineA

  GetLastError

  HeapFree

  HeapAlloc

  RaiseException

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  WriteFile

  GetStdHandle

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  InterlockedDecrement

  GetProcAddress

  GetStringTypeW

  IsProcessorFeaturePresent

  Sleep

  ExitProcess

  SetHandleCount

  InitializeCriticalSectionAndSpinCount

  GetFileType

  GetStartupInfoW

  GetModuleFileNameA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  HeapCreate

  HeapDestroy

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  HeapSize

  RtlUnwind

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  HeapReAlloc

  LCMapStringW

  VirtualQuery

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  GetMenuState

  GetTabbedTextExtentA

  DrawStateA

  GrayStringA

  TabbedTextOutA

  WindowFromDC

  GetPropA

  SetPropA

  GetCursor

  FrameRect

  GetSysColorBrush

  GetWindowDC

  GetMenuStringA

  CallNextHookEx

  EnumChildWindows

  GetWindowTextLengthA

  EnumThreadWindows

  UnhookWindowsHookEx

  SetWindowsHookExA

  DrawTextA

  GetClipboardData

  CloseClipboard

  wsprintfA

  GetMenuItemID

  GetMenuItemCount

  GetForegroundWindow

  CallWindowProcA

  MoveWindow

  DestroyIcon

  LoadStringA

  GetMenuCheckMarkDimensions

  EnumWindows

  GetWindowTextA

  FindWindowExA

  GetDlgItem

  GetClassNameA

  GetDesktopWindow

  SetWindowTextA

  SystemParametersInfoA

  TranslateMessage

  LoadIconA

  DrawFrameControl

  DrawEdge

  DrawFocusRect

  WindowFromPoint

  GetMessageA

  DispatchMessageA

  SetRectEmpty

  RegisterClipboardFormatA

  CreateIconFromResourceEx

  CreateIconFromResource

  DrawIconEx

  CreatePopupMenu

  AppendMenuA

  ModifyMenuA

  CreateMenu

  CreateAcceleratorTableA

  GetDlgCtrlID

  GetSubMenu

  EnableMenuItem

  ClientToScreen

  EnumDisplaySettingsA

  LoadImageA

  ShowWindow

  IsWindowEnabled

  SetMenuItemBitmaps

  CheckMenuItem

  IsDialogMessageA

  ScrollWindowEx

  SendDlgItemMessageA

  MapWindowPoints

  AdjustWindowRectEx

  GetScrollPos

  RegisterClassA

  CreateWindowExA

  GetClassLongA

  RemovePropA

  GetMessageTime

  GetLastActivePopup

  RegisterWindowMessageA

  GetWindowPlacement

  GetNextDlgTabItem

  EndDialog

  CreateDialogIndirectParamA

  DestroyWindow

  EndPaint

  BeginPaint

  CharUpperA

  OpenClipboard

  SetClipboardData

  EmptyClipboard

  GetSystemMetrics

  GetCursorPos

  MessageBoxA

  TranslateAcceleratorA

  GetKeyState

  CopyAcceleratorTableA

  PostQuitMessage

  IsZoomed

  GetSystemMenu

  DeleteMenu

  GetClassInfoA

  DefWindowProcA

  GetMenu

  SetMenu

  PeekMessageA

  IsIconic

  SetFocus

  GetActiveWindow

  GetWindow

  DestroyAcceleratorTable

  SetWindowRgn

  GetMessagePos

  ScreenToClient

  ChildWindowFromPointEx

  CopyRect

  LoadBitmapA

  WinHelpA

  KillTimer

  SetTimer

  ReleaseCapture

  GetCapture

  SetCapture

  GetScrollRange

  SetScrollRange

  SetScrollPos

  InflateRect

  SetRect

  IntersectRect

  UnregisterClassA

  PtInRect

  OffsetRect

  IsWindowVisible

  EnableWindow

  RedrawWindow

  GetWindowLongA

  SetWindowLongA

  GetSysColor

  SetActiveWindow

  SetCursorPos

  LoadCursorA

  SetCursor

  GetDC

  FillRect

  IsRectEmpty

  ReleaseDC

  IsChild

  TrackPopupMenu

  DestroyMenu

  SetForegroundWindow

  GetWindowRect

  EqualRect

  UpdateWindow

  ValidateRect

  InvalidateRect

  GetClientRect

  GetFocus

  GetParent

  GetTopWindow

  PostMessageA

  IsWindow

  SetParent

  DestroyCursor

  SendMessageA

  SetWindowPos

  MessageBoxW

  CharUpperBuffW

  wsprintfW

  gdi32

  ExcludeClipRect

  GetClipBox

  ScaleWindowExtEx

  SetWindowExtEx

  ScaleViewportExtEx

  SetViewportExtEx

  OffsetViewportOrgEx

  SelectPalette

  RealizePalette

  GetDIBits

  GetWindowExtEx

  GetViewportOrgEx

  GetWindowOrgEx

  BeginPath

  EndPath

  PathToRegion

  CreateEllipticRgn

  CreateRoundRectRgn

  GetTextColor

  GetBkMode

  GetBkColor

  ExtSelectClipRgn

  GetStretchBltMode

  GetPolyFillMode

  CreateCompatibleBitmap

  CreateDCA

  CreateBrushIndirect

  CreateBitmap

  SelectObject

  GetObjectA

  CreatePen

  PatBlt

  FillRgn

  CreateRectRgn

  CombineRgn

  CreateSolidBrush

  GetStockObject

  CreateFontIndirectA

  EndPage

  EndDoc

  DeleteDC

  StartDocA

  StartPage

  BitBlt

  GetPixel

  CreateCompatibleDC

  SetPixelV

  Ellipse

  Rectangle

  LPtoDP

  DPtoLP

  GetCurrentObject

  RoundRect

  Arc

  GetTextExtentPoint32A

  GetDeviceCaps

  GetViewportExtEx

  StretchBlt

  CreatePalette

  GetSystemPaletteEntries

  CreateDIBitmap

  DeleteObject

  CreatePolygonRgn

  GetClipRgn

  SetStretchBltMode

  SetPixel

  CreateRectRgnIndirect

  SetBkColor

  SetBkMode

  LineTo

  MoveToEx

  SetTextColor

  CreateEllipticRgnIndirect

  GetTextMetricsA

  SetWindowOrgEx

  SaveDC

  RestoreDC

  CreatePenIndirect

  PtVisible

  RectVisible

  TextOutA

  ExtTextOutA

  Escape

  GetROP2

  SelectClipRgn

  SetPolyFillMode

  SetROP2

  SetMapMode

  SetViewportOrgEx

  msimg32

  GradientFill

  winspool.drv

  OpenPrinterA

  DocumentPropertiesA

  ClosePrinter

  advapi32

  RegCloseKey

  RegOpenKeyExA

  RegQueryValueA

  RegCreateKeyExA

  RegSetValueExA

  shell32

  Shell_NotifyIconA

  ShellExecuteA

  ole32

  CLSIDFromString

  OleUninitialize

  OleInitialize

  oleaut32

  UnRegisterTypeLi

  RegisterTypeLi

  LoadTypeLi

  comctl32

  ImageList_GetIcon

  ImageList_GetImageInfo

  ImageList_GetImageCount

  ImageList_SetBkColor

  _TrackMouseEvent

  ImageList_Draw

  ImageList_AddMasked

  ord17

  ImageList_Destroy

  ImageList_Create

  ImageList_Read

  ImageList_DrawIndirect

  ImageList_Duplicate

  wininet

  InternetCanonicalizeUrlA

  InternetCrackUrlA

  HttpOpenRequestA

  HttpSendRequestA

  HttpQueryInfoA

  InternetReadFile

  InternetConnectA

  InternetSetOptionA

  InternetCloseHandle

  InternetOpenA

  comdlg32

  GetSaveFileNameA

  GetFileTitleA

  GetOpenFileNameA

  ChooseColorA

  Sections

  .text

  Size: - Virtual size: 876KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 177KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 344KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: 8KB - Virtual size: 28KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: - Virtual size: 520KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp2

  Size: 872KB - Virtual size: 869KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 8KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ