9229bf3c95eefabaf00e4221c0ff71ad3cb8c842a813d8a5816af2b0b15bba06

Sharing

Copy URL

Twitter E-mail

General

Target

9229bf3c95eefabaf00e4221c0ff71ad3cb8c842a813d8a5816af2b0b15bba06
Size

3.2MB
MD5

40aae305af33860e075bf6b4f63051b5
SHA1

911f50f74cdd5851ebbb81843b42856041b53e34
SHA256

9229bf3c95eefabaf00e4221c0ff71ad3cb8c842a813d8a5816af2b0b15bba06
SHA512

e6d74412c77f082b4de50af94af0d52ed89e02f0d2a372b78f30d91cb67373a419f21571c701a79fabfed40b32e90ca67fdbfb277aec71a0210d5ba77558e9c5
SSDEEP

49152:aq/GYM48GPV3AAiSCD2GLgRBMrKIDhP5e7mID3VSr+hWTZtzckj5rlv:aq/4wV382GySrKIDhgJ3VSeWTke5rlv

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/夢魔个人远控GHOST+.3.78美化版/夢魔个人远控GHOST .3.78美化版.exe	vmprotect

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/夢魔个人远控GHOST+.3.78美化版/Tool/zip/Stubs/lzma	nsis_installer_2
static1/unpack001/夢魔个人远控GHOST+.3.78美化版/Tool/zip/Stubs/zlib	nsis_installer_2

Files

9229bf3c95eefabaf00e4221c0ff71ad3cb8c842a813d8a5816af2b0b15bba06
.rar
夢魔个人远控GHOST+.3.78美化版/DivXAvi.dll
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
夢魔个人远控GHOST+.3.78美化版/Gh0st.ini
夢魔个人远控GHOST+.3.78美化版/Ico/451.ico
夢魔个人远控GHOST+.3.78美化版/Ico/bat.ico
夢魔个人远控GHOST+.3.78美化版/Ico/blank.ico
夢魔个人远控GHOST+.3.78美化版/Ico/doc2003.ico
夢魔个人远控GHOST+.3.78美化版/Ico/dos.ico
夢魔个人远控GHOST+.3.78美化版/Ico/folder.ico
夢魔个人远控GHOST+.3.78美化版/Ico/ie.ico
夢魔个人远控GHOST+.3.78美化版/Ico/jpeg.ico
夢魔个人远控GHOST+.3.78美化版/Ico/rar.ico
夢魔个人远控GHOST+.3.78美化版/Ico/ss5.ico
夢魔个人远控GHOST+.3.78美化版/Ico/txt.ico
夢魔个人远控GHOST+.3.78美化版/Ico/txtxp.ico
夢魔个人远控GHOST+.3.78美化版/Ico/wmp.ico
夢魔个人远控GHOST+.3.78美化版/Ico/wmplayer.ico
夢魔个人远控GHOST+.3.78美化版/Ico/word.ico
夢魔个人远控GHOST+.3.78美化版/Ico/xls2003.ico
夢魔个人远控GHOST+.3.78美化版/MP3Enc.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetDevices
GetDuration
GetLineIn
GetMP3Inf
GetOutVol
GetPlayStatus
GetPos
GetRecSec
GetRecStatus
GetVer
InitAll
Pause
PauseRec
PlayFile
SeekTo
SetCallBack
SetInVol
SetInWavFmt
SetInput
SetMP3Inf
SetOutVol
StartRec
Stop
StopRec
UninitAll

Sections

.nsp0
Size: - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
夢魔个人远控GHOST+.3.78美化版/QQWry.dat
夢魔个人远控GHOST+.3.78美化版/SkinH_EL.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.Hmily
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.52PoJie
Size: 98KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
夢魔个人远控GHOST+.3.78美化版/Sound/Login.wav
夢魔个人远控GHOST+.3.78美化版/Sound/Offline.wav
夢魔个人远控GHOST+.3.78美化版/Tool/xp3389.tool
.exe windows x86

7c7bcd042ccd9ad87fc9f08ca8fba1a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
CreateFileA
LoadResource
FindResourceA
SetFileAttributesA
lstrcatA
GetSystemDirectoryA
WriteFile
Sleep
WinExec
GetModuleFileNameA
ExitProcess
GetFileAttributesA
GetWindowsDirectoryA
Module32First
Module32Next
OpenProcess
GetModuleHandleA
GetStartupInfoA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
GetCurrentProcess
GetLastError
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetVersionExA
CloseHandle

user32

GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SendMessageA
wsprintfA

advapi32

StartServiceA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CloseServiceHandle
OpenServiceA
OpenSCManagerA
AbortSystemShutdownA
OpenProcessToken

msvcrt

__getmainargs
_controlfp
__set_app_type
strlen
_except_handler3
_exit
_XcptFilter
exit
_acmdln
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
夢魔个人远控GHOST+.3.78美化版/Tool/zip/Stubs/lzma
.exe windows x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
夢魔个人远控GHOST+.3.78美化版/Tool/zip/Stubs/uninst
夢魔个人远控GHOST+.3.78美化版/Tool/zip/Stubs/zlib
.exe windows x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
夢魔个人远控GHOST+.3.78美化版/Tool/zip/zip.exe
.exe windows x86

40bd841bb48fa751c8ce412b2db2cb61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DeleteObject
GetTextExtentPoint32A
SelectObject
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
DeleteDC

user32

wsprintfA
CharNextExA
SendMessageA
CharNextA
CharPrevA
IsWindow
GetDC
MapDialogRect
DestroyWindow
CreateDialogIndirectParamA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetCurrentDirectoryA
GetLocaleInfoW
SetEndOfFile
GetExitCodeProcess
SetStdHandle
SetEnvironmentVariableA
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
CreateEventA
CloseHandle
ResetEvent
WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateThread
GetModuleHandleA
FindClose
FindNextFileA
FindFirstFileA
IsValidCodePage
SetPriorityClass
GetCurrentProcess
OpenEventA
GetSystemInfo
CreateFileMappingA
CreateFileA
GetTempFileNameA
GetTempPathA
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
CreateProcessA
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetModuleFileNameA
GlobalFree
GlobalAlloc
SetLastError
GetLastError
MultiByteToWideChar
WideCharToMultiByte
VirtualAlloc
VirtualFree
GetProcAddress
RtlUnwind
RaiseException
HeapFree
DeleteFileA
HeapAlloc
HeapReAlloc
ExitProcess
TerminateProcess
SetConsoleCtrlHandler
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
SetUnhandledExceptionFilter
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
WriteFile
ReadFile
SetFilePointer
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
LoadLibraryA
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsValidLocale
GetLocaleInfoA
SetCurrentDirectoryA

Sections

.text
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
夢魔个人远控GHOST+.3.78美化版/Tool/敬告.txt
夢魔个人远控GHOST+.3.78美化版/skinh.she
夢魔个人远控GHOST+.3.78美化版/update/Server.Dat
.exe windows x86

042c3e0dabd645f5ceb44bd41cdd4002

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
Sleep
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA
GetModuleHandleA

msvcrt

exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
??2@YAPAXI@Z
free
realloc
??3@YAXPAX@Z
_acmdln
_stricmp

Exports

Exports

Ip

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
夢魔个人远控GHOST+.3.78美化版/使用说明.txt
夢魔个人远控GHOST+.3.78美化版/夢魔个人远控GHOST .3.78美化版.exe
.exe windows x86

2cc9d8a070d0df407ff4a7a252fc1a86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IntersectRect

gdi32

GetCurrentPositionEx

comdlg32

GetSaveFileNameA

winspool.drv

DocumentPropertiesA

advapi32

RegSetValueA

shell32

SHGetMalloc

comctl32

ord17

oledlg

ord8

ole32

ReleaseStgMedium

olepro32

ord253

oleaut32

VariantChangeType

ws2_32

WSAGetLastError

pdh

PdhAddCounterA

avifil32

AVIFileRelease

msvfw32

ICOpen

shlwapi

SHAutoComplete

winmm

waveInAddBuffer

mp3enc

StopRec

wininet

InternetWriteFile

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 676KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
夢魔个人远控GHOST+.3.78美化版/夢魔个人远控GHOST .3.78美化版.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.nsp0 Size: - Virtual size: 192KB

.nsp1 Size: 30KB - Virtual size: 32KB

.nsp2 Size: - Virtual size: 2KB

Headers

File Characteristics

Exports

Exports

Sections

.nsp0 Size: - Virtual size: 672KB

.nsp1 Size: 137KB - Virtual size: 140KB

.nsp2 Size: - Virtual size: 5KB

Headers

File Characteristics

Exports

Exports

Sections

.Hmily Size: - Virtual size: 224KB

.52PoJie Size: 98KB - Virtual size: 114KB

7c7bcd042ccd9ad87fc9f08ca8fba1a8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 832B

.rsrc Size: 88KB - Virtual size: 87KB

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 1024B

.rsrc Size: 4KB - Virtual size: 4KB

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 1024B

.rsrc Size: 4KB - Virtual size: 4KB

40bd841bb48fa751c8ce412b2db2cb61

Headers

File Characteristics

Imports

gdi32

.nsp0
Size: - Virtual size: 192KB

.nsp1
Size: 30KB - Virtual size: 32KB

.nsp2
Size: - Virtual size: 2KB

.nsp0
Size: - Virtual size: 672KB

.nsp1
Size: 137KB - Virtual size: 140KB

.nsp2
Size: - Virtual size: 5KB

.Hmily
Size: - Virtual size: 224KB

.52PoJie
Size: 98KB - Virtual size: 114KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 832B

.rsrc
Size: 88KB - Virtual size: 87KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 1024B

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 1024B

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 383KB - Virtual size: 383KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 69KB - Virtual size: 89KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 89KB - Virtual size: 90KB

.rsrc
Size: 512B - Virtual size: 16B

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 301KB

.data
Size: - Virtual size: 148KB

.rsrc
Size: 676KB - Virtual size: 1.3MB

.vmp0
Size: - Virtual size: 817KB

.vmp1
Size: 2.0MB - Virtual size: 2.0MB