7d6bbd9dfb96fe2737769f106a32721b10a275588b9432da183cb0514d888aae

Sharing

Copy URL Twitter E-mail

General

Target

7d6bbd9dfb96fe2737769f106a32721b10a275588b9432da183cb0514d888aae
Size

2.0MB
MD5

1863396fdc18097e410db51fd5f341c0
SHA1

681ec30c2e0f55aa37a8bbeed3b175f4fd65d2cc
SHA256

7d6bbd9dfb96fe2737769f106a32721b10a275588b9432da183cb0514d888aae
SHA512

0bfc6def4a452ecb189c8bf0a5be38a4127541a6393053da57bbe0b6e53ef3eda2d658ebae5835b414076681050d9bd8a41e7705a2bd1ca994e095c64b178f28
SSDEEP

49152:lgdh3TZqqeopfNu1DGJ3+jSP7kYR5f83BswF9mEOtHb9yHwm44w:l8qqRp89GJOjSP7pR5k7F9LYck4w

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/sishuzyzqqg_gpxz/sishuzyzqqg_gpxz/sishuzyzqqg/时速-QB年费抢购软件正版无限授权-/jedata.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/sishuzyzqqg_gpxz/sishuzyzqqg_gpxz/sishuzyzqqg/时速-QB年费抢购软件正版无限授权-/jedata.dll	upx
static1/unpack001/sishuzyzqqg_gpxz/sishuzyzqqg_gpxz/sishuzyzqqg/时速-QB年费抢购软件正版无限授权-/时速自由足球抢购.exe	upx

Files

7d6bbd9dfb96fe2737769f106a32721b10a275588b9432da183cb0514d888aae
.rar
sishuzyzqqg_gpxz/@下载安装帮助.cmd
sishuzyzqqg_gpxz/sishuzyzqqg_gpxz/sishuzyzqqg/时速-QB年费抢购软件正版无限授权-/UUWiseHelper.dll
.dll windows x86

a98e826a2eaf31a3c09883e798447f36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetProcAddress
GetModuleHandleW
CloseHandle
ReadFile
GetFileSize
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetLocalTime
lstrcmpiW
GlobalUnlock
GlobalLock
GlobalSize
SetUnhandledExceptionFilter
lstrlenW
lstrcatW
lstrcpyW
InitializeCriticalSection
DisableThreadLibraryCalls
lstrlenA
MultiByteToWideChar
WaitForSingleObject
CreateThread
CreateDirectoryW
GetPrivateProfileIntW
GetModuleFileNameW
WriteFile
SetFilePointer
FreeLibrary
LoadLibraryW
DeviceIoControl
GetSystemInfo
GetVersionExW
FindNextFileW
FindFirstFileW
lstrcpynW
IsBadWritePtr
SetEvent
IsBadReadPtr
lstrcpyA
lstrcpynA
WriteConsoleW
CreateFileA
Sleep
SetStdHandle
GetConsoleMode
GetConsoleCP
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetEndOfFile
GetStartupInfoW
GetFileType
SetHandleCount
GetStringTypeW
IsProcessorFeaturePresent
GetStdHandle
ExitProcess
HeapCreate
LCMapStringW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCommandLineA
DeleteFileA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetTickCount
RaiseException
HeapDestroy
HeapAlloc
HeapFree

user32

GetDC
ReleaseDC
FindWindowW
PrintWindow
GetSystemMetrics
wsprintfA
GetWindowDC
GetWindowRect

gdi32

CreateCompatibleDC
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC

advapi32

RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

SafeArrayGetUBound
SafeArrayCreateVector
VariantInit
SysAllocStringLen
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
VariantClear
SysAllocString

shlwapi

PathFileExistsW
StrStrIW

urlmon

URLDownloadToFileW
FindMimeFromData

dbghelp

MiniDumpWriteDump

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup

iphlpapi

GetAdaptersInfo

Exports

Exports

uu_AsyncRecognizeByCodeTypeAndPathA
uu_CloseAsyncRecognizeHandle
uu_GetAsyncRecognizeResultA
uu_SysCallOneParam
uu_UploadFileA
uu_UploadFileW
uu_UploadScreen
uu_easyRecognizeBytesA
uu_easyRecognizeBytesW
uu_easyRecognizeFileA
uu_easyRecognizeFileW
uu_easyRecognizeScreenA
uu_easyRecognizeScreenW
uu_easyRecognizeUrlA
uu_easyRecognizeUrlW
uu_easyRecognizeWndByHWndAndPosA
uu_easyRecognizeWndByHWndAndPosW
uu_easyRecognizeWndByTitleAndPosA
uu_easyRecognizeWndByTitleAndPosW
uu_getResultA
uu_getResultW
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_payA
uu_payW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_recognizeByCodeTypeAndUrlA
uu_recognizeByCodeTypeAndUrlW
uu_recognizeScreenByCodeTypeA
uu_recognizeScreenByCodeTypeW
uu_recognizeWndByHWndAndPosA
uu_recognizeWndByHWndAndPosW
uu_recognizeWndByTitleAndPosA
uu_recognizeWndByTitleAndPosW
uu_reguserA
uu_reguserW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sishuzyzqqg_gpxz/sishuzyzqqg_gpxz/sishuzyzqqg/时速-QB年费抢购软件正版无限授权-/jedata.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sishuzyzqqg_gpxz/sishuzyzqqg_gpxz/sishuzyzqqg/时速-QB年费抢购软件正版无限授权-/代码.txt
sishuzyzqqg_gpxz/sishuzyzqqg_gpxz/sishuzyzqqg/时速-QB年费抢购软件正版无限授权-/内存注册机.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

KeyMake
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AntiKill
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sishuzyzqqg_gpxz/sishuzyzqqg_gpxz/sishuzyzqqg/时速-QB年费抢购软件正版无限授权-/抢购软件-使用教程.doc
.doc windows office2003
sishuzyzqqg_gpxz/sishuzyzqqg_gpxz/sishuzyzqqg/时速-QB年费抢购软件正版无限授权-/时速自由足球抢购.exe
.exe windows x86

503f8ef9e8cb1847632f437a31e287c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntExW

winmm

midiOutReset

ws2_32

inet_ntoa

rasapi32

RasHangUpA

kernel32

GetCPInfo
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

RegisterClipboardFormatA
MessageBoxA

gdi32

BitBlt

msimg32

GradientFill

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CLSIDFromProgID

oleaut32

RegisterTypeLi

comctl32

ImageList_AddMasked

wldap32

ord29

wininet

InternetConnectA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sishuzyzqqg_gpxz/sishuzyzqqg_gpxz/sishuzyzqqg/时速-QB年费抢购软件正版无限授权-/点我查看删除注册信息.txt
sishuzyzqqg_gpxz/sishuzyzqqg_gpxz/sishuzyzqqg/时速-QB年费抢购软件正版无限授权-/皮肤.she
sishuzyzqqg_gpxz/哥乖.url
.url
sishuzyzqqg_gpxz/谷普下载-首页.url
.url

Sharing

General

Malware Config

Signatures

Files

a98e826a2eaf31a3c09883e798447f36

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

dbghelp

gdiplus

iphlpapi

Exports

Exports

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 156KB

UPX1 Size: 83KB - Virtual size: 84KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

KeyMake Size: - Virtual size: 40KB

AntiKill Size: 11KB - Virtual size: 12KB

.rsrc Size: 6KB - Virtual size: 8KB

503f8ef9e8cb1847632f437a31e287c2

Headers

File Characteristics

Imports

shlwapi

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wldap32

wininet

comdlg32

Sections

.text Size: - Virtual size: 954KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 423KB

.rsrc Size: 12KB - Virtual size: 29KB

.UPX0 Size: - Virtual size: 503KB

.UPX1 Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 4KB - Virtual size: 284B

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 83KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

KeyMake
Size: - Virtual size: 40KB

AntiKill
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: - Virtual size: 954KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 423KB

.rsrc
Size: 12KB - Virtual size: 29KB

.UPX0
Size: - Virtual size: 503KB

.UPX1
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 4KB - Virtual size: 284B