34c60367422d51d1b6c902d47e4e5a912c0f338d5943b7305d568819e0fe22f4

Sharing

Copy URL Twitter E-mail

General

Target

34c60367422d51d1b6c902d47e4e5a912c0f338d5943b7305d568819e0fe22f4
Size

2.5MB
MD5

09b2f0079db5d5d39debe1df4f47157a
SHA1

c87207231c799087ca33cde362fd00bc16c091de
SHA256

34c60367422d51d1b6c902d47e4e5a912c0f338d5943b7305d568819e0fe22f4
SHA512

633cfd961ec017c9ebb96435d4828c982fea6f03e78c164ae5d9f3f6690535ddee0d47b4fbca5d5f1e4d9e605089acd1fcfc9c0c20c900f3014e5e4b64de734e
SSDEEP

49152:ZfBV+1wTqmSPnj5CLumL0x2JMqBsvbGD5AJUMTG1n3TC/xfAFBNwSj2cy2bXsi:l+4OPj5C6m6ESGNA+qG13TqONwSCOXP

Score

N/A

Malware Config

Signatures

Files

34c60367422d51d1b6c902d47e4e5a912c0f338d5943b7305d568819e0fe22f4
.rar
lkwgwg_jb51/jb51.net.txt
lkwgwg_jb51/lkwgwg_jb51.rar
.rar
lkwgwg100/360等杀毒会报毒，先退出后运行.txt
lkwgwg100/lkwg/洛克伴侣单文件版.exe
.exe windows x86

73ec795c6c369c6ce2c3b4c3f6477daa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrcatA
InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DuplicateHandle
GetShortPathNameA
ResumeThread
WriteProcessMemory
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

user32

DefWindowProcA
AdjustWindowRectEx

Sections

0
Size: 108KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

3
Size: 40KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7
Size: 48KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lkwgwg100/silentoi_29065018_11.exe
.exe windows x86

d30fe54f4a689cd12d29ad515f39a53f

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:2f:33:e4:18:2e:6a:fd:d9:82:d1:5c:66:3e:98:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/05/2012, 00:00

Not After

18/07/2014, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsURLA
PathIsURLW
PathFileExistsW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW

wininet

InternetOpenW
HttpOpenRequestW
InternetCrackUrlW
HttpAddRequestHeadersW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
InternetConnectW
InternetSetOptionW

kernel32

TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
CreateFileA
SetEndOfFile
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetSystemDefaultLCID
WriteFile
GetCommandLineW
SetLastError
CreateMutexW
GetLastError
CloseHandle
GetModuleHandleW
GetTempPathW
CreateFileW
RaiseException
MultiByteToWideChar
FindResourceW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
SizeofResource
LockResource
LoadResource
FindResourceExW
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
CreateEventW
CreateSemaphoreW
ExitProcess
SetEvent
WaitForMultipleObjects
GetExitCodeThread
TerminateThread
Sleep
lstrlenW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetVersionExW
DeleteFileW
GetFileSize
GetSystemInfo
MoveFileExW
EnumResourceNamesW
WriteConsoleA
SetFilePointer
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
ReadFile
GetCPInfo
GetOEMCP
GetModuleHandleA
IsValidCodePage
ReleaseSemaphore
GetCurrentDirectoryA
GetFullPathNameW
GetConsoleMode
GetConsoleCP
RtlUnwind
GetStartupInfoW
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
HeapCreate

user32

CreateWindowExW
CharNextW
IsWindow
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
SendMessageW
PostQuitMessage
KillTimer
SetTimer
CallWindowProcW
GetWindowLongW
PostMessageW
SetWindowLongW
UnregisterClassA
LoadCursorW
GetClassInfoExW
RegisterClassExW

advapi32

RegCloseKey
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW

ole32

CoCreateGuid
CoUninitialize
CoInitialize

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lkwgwg100/介绍.txt
lkwgwg100/时空洛克终结者2012版[无限制版]/config/mapid.ini
lkwgwg_jb51/去脚本之家看看.url
.url
lkwgwg_jb51/服务器软件.url
.url
lkwgwg_jb51/街机游戏说明.txt

Sharing

General

Malware Config

Signatures

Files

73ec795c6c369c6ce2c3b4c3f6477daa

Headers

File Characteristics

Imports

kernel32

user32

Sections

0 Size: 108KB - Virtual size: 284KB

1 Size: 4KB - Virtual size: 9KB

2 Size: 24KB - Virtual size: 23KB

3 Size: 40KB - Virtual size: 71KB

4 Size: 4KB - Virtual size: 3KB

5 Size: 8KB - Virtual size: 28KB

6 Size: 4KB - Virtual size: 4KB

7 Size: 48KB - Virtual size: 71KB

8 Size: 4KB - Virtual size: 3KB

9 Size: 8KB - Virtual size: 28KB

d30fe54f4a689cd12d29ad515f39a53f

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

26:2f:33:e4:18:2e:6a:fd:d9:82:d1:5c:66:3e:98:ffCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

shlwapi

shell32

wininet

kernel32

user32

advapi32

ole32

Sections

.text Size: 136KB - Virtual size: 133KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 40KB - Virtual size: 36KB

0
Size: 108KB - Virtual size: 284KB

1
Size: 4KB - Virtual size: 9KB

2
Size: 24KB - Virtual size: 23KB

3
Size: 40KB - Virtual size: 71KB

4
Size: 4KB - Virtual size: 3KB

5
Size: 8KB - Virtual size: 28KB

6
Size: 4KB - Virtual size: 4KB

7
Size: 48KB - Virtual size: 71KB

8
Size: 4KB - Virtual size: 3KB

9
Size: 8KB - Virtual size: 28KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

26:2f:33:e4:18:2e:6a:fd:d9:82:d1:5c:66:3e:98:ff
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 136KB - Virtual size: 133KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 40KB - Virtual size: 36KB