14924a22d9a42940938bef2d0eef4464b4faf9cae627442bab10411fa09c779d

Sharing

Copy URL Twitter E-mail

General

Target

14924a22d9a42940938bef2d0eef4464b4faf9cae627442bab10411fa09c779d
Size

2.8MB
MD5

14126a1d2d676c791171500b703603cc
SHA1

7abd39efce88b9d89d00a486152df5e631c90160
SHA256

14924a22d9a42940938bef2d0eef4464b4faf9cae627442bab10411fa09c779d
SHA512

eb38e489e6766bee3ffa852da327774ebb881a21c065180b7c32f7e665a0e926a371067af5634828e785d1bc8024670e49f4253d3c6048826787629fc4399507
SSDEEP

49152:RVlgKcJqc5SfzybyGsAuI3ZeJBongy9JmXO/fdXSOvqZTvrPRQBzLEiN2Lf:RVlg0oS+eGxZABogec8fAguTFiEiNe

Score

N/A

Malware Config

Signatures

Files

14924a22d9a42940938bef2d0eef4464b4faf9cae627442bab10411fa09c779d
.zip
ԵqqȺ/UUWiseHelper.dll
.dll windows x86

7e7d89e0156061bb052824ba9d8ca9f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
GetFileSize
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetLocalTime
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalSize
SetUnhandledExceptionFilter
lstrcmpiW
lstrcatW
lstrcpyW
InitializeCriticalSection
DisableThreadLibraryCalls
lstrlenA
WaitForSingleObject
CreateThread
CreateDirectoryW
GetPrivateProfileIntW
WriteFile
SetFilePointer
FreeLibrary
LoadLibraryW
WaitForMultipleObjects
DeviceIoControl
GetSystemInfo
GetVersionExW
FindNextFileW
FindFirstFileW
lstrcpynW
IsBadWritePtr
SetEvent
IsBadReadPtr
lstrcpyA
lstrcpynA
CompareStringW
WriteConsoleW
MultiByteToWideChar
SetStdHandle
GetConsoleMode
CloseHandle
lstrlenW
GetModuleHandleW
GetProcAddress
CreateFileW
Sleep
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
WideCharToMultiByte
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
GetStdHandle
ExitProcess
SetEnvironmentVariableA
IsProcessorFeaturePresent
HeapCreate
LCMapStringW
GetStringTypeW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeZoneInformation
DecodePointer
EncodePointer
RtlUnwind
FlushFileBuffers
GetTickCount
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException

user32

PrintWindow
FindWindowW
ReleaseDC
GetDC
GetSystemMetrics
GetWindowRect
GetWindowDC
wsprintfA

gdi32

DeleteObject
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC

advapi32

CryptReleaseContext
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

shell32

SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

SysFreeString
VariantClear
SysAllocString
SafeArrayCreateVector
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantInit
SafeArrayGetLBound

shlwapi

PathFileExistsW
StrStrIW

urlmon

FindMimeFromData

dbghelp

MiniDumpWriteDump

gdiplus

GdiplusStartup
GdipFree
GdipGetImageEncodersSize
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipGetImageEncoders
GdipDisposeImage
GdipAlloc

iphlpapi

GetAdaptersInfo

ws2_32

GetAddrInfoW
sendto
recvfrom
setsockopt
WSAStartup
closesocket
socket

Exports

Exports

uu_AsyncRecognizeByCodeTypeAndPathA
uu_CheckApiSignA
uu_CheckApiSignW
uu_CloseAsyncRecognizeHandle
uu_GetAsyncRecognizeResultA
uu_SysCallOneParam
uu_UploadFileA
uu_UploadFileW
uu_UploadScreen
uu_easyRecognizeBytesA
uu_easyRecognizeBytesW
uu_easyRecognizeFileA
uu_easyRecognizeFileW
uu_easyRecognizeScreenA
uu_easyRecognizeScreenW
uu_easyRecognizeUrlA
uu_easyRecognizeUrlW
uu_easyRecognizeWndByHWndAndPosA
uu_easyRecognizeWndByHWndAndPosW
uu_easyRecognizeWndByTitleAndPosA
uu_easyRecognizeWndByTitleAndPosW
uu_getResultA
uu_getResultW
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_payA
uu_payW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_recognizeByCodeTypeAndUrlA
uu_recognizeByCodeTypeAndUrlW
uu_recognizeScreenByCodeTypeA
uu_recognizeScreenByCodeTypeW
uu_recognizeWndByHWndAndPosA
uu_recognizeWndByHWndAndPosW
uu_recognizeWndByTitleAndPosA
uu_recognizeWndByTitleAndPosW
uu_reguserA
uu_reguserW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ԵqqȺ/ZMApi.dll
.dll regsvr32 windows x86

2602dd552bd947a775daabdea0765381

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
ExitProcess
HeapAlloc
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
SetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetModuleFileNameA
SetHandleCount
GetStdHandle
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
LCMapStringA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFlags
GlobalFindAtomW
GetModuleHandleA
GetVersionExA
GetFileTime
GetFileAttributesW
SetErrorMode
lstrcatW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
InterlockedIncrement
WaitForSingleObject
GlobalAddAtomW
GetCurrentThread
GetCurrentThreadId
lstrcmpW
GlobalDeleteAtom
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
lstrcmpiW
LoadLibraryW
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
SetLastError
lstrcpyW
lstrlenW
lstrcpynW
GetModuleFileNameW
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
Sleep
LCMapStringW
CreateProcessW
GetModuleHandleW
FindFirstFileW
FindClose
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
FormatMessageW
LocalFree
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetLastError
CloseHandle
CreateFileW
SetFilePointer
WriteFile
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetStartupInfoA
InterlockedExchange

user32

DestroyMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
GetClientRect
GetMenu
RegisterClassW
DefWindowProcW
CallWindowProcW
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
RegisterWindowMessageW
AdjustWindowRectEx
LoadCursorW
GetSysColor
GetSysColorBrush
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
MessageBoxW
GetFocus
GetParent
SetWindowPos
EnableWindow
IsWindowEnabled
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
GetWindowLongW
GetDlgItem
GetClassInfoW
GetWindow
wsprintfW
CharUpperW
GetSystemMetrics
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDC
ReleaseDC
GetWindowTextW
IsIconic
ShowWindow
SetForegroundWindow
GetLastActivePopup
UnregisterClassW
SendMessageW
PostMessageW
SystemParametersInfoA

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleDC
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetStockObject
CreateBitmap
GetDeviceCaps
BitBlt
CreateDIBSection
DeleteObject
GetObjectW
SelectObject
DeleteDC

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

comctl32

ord17

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
UrlUnescapeW
PathFindFileNameW

ole32

StringFromGUID2
CreateStreamOnHGlobal

oleaut32

VariantInit
VariantChangeType
VariantClear
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi

ws2_32

getsockname
connect
setsockopt
socket
send
shutdown
recv
WSACleanup
WSAStartup
htons
getservbyname
htonl
gethostbyname
WSAGetLastError
inet_addr
closesocket
ntohs
getservbyport
gethostbyaddr
inet_ntoa

wininet

HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetCloseHandle
HttpQueryInfoW
HttpAddRequestHeadersW
InternetSetOptionExW
InternetCanonicalizeUrlW
InternetCrackUrlW

gdiplus

GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipDisposeImage
GdipCloneImage

dbghelp

MakeSureDirectoryPathExists

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ZM_EnableLog
ZM_QueryBalanceA
ZM_QueryBalanceW
ZM_ReByBufferA
ZM_ReByBufferW
ZM_ReByFileA
ZM_ReByFileW
ZM_ReByScreenA
ZM_ReByScreenW
ZM_RechargeA
ZM_RechargeW
ZM_RegUserA
ZM_RegUserW
ZM_ReportErrorA
ZM_ReportErrorW
ZM_SetTimeout
ZM_UserInfoA
ZM_UserInfoW

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ԵqqȺ/ZMApi.ini
ԵqqȺ/ZMApiUpdate.exe
.exe windows x86

59cfc95720caffe9590634684a305ed2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
HeapAlloc
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
HeapFree
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
IsBadWritePtr
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExitProcess
RtlUnwind
GetStartupInfoW
GetTickCount
SetErrorMode
GetFileTime
GetFileAttributesW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
RaiseException
GlobalFlags
InterlockedIncrement
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
FindFirstFileW
FindNextFileW
FindClose
InterlockedDecrement
GlobalFindAtomW
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
GetVersionExA
SetLastError
MulDiv
WritePrivateProfileStringW
GlobalUnlock
GlobalFree
FreeResource
WaitForSingleObject
CloseHandle
CreateFileA
GlobalAddAtomW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageW
LocalFree
LocalAlloc
lstrcpynW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
GetCurrentThread
GetCurrentThreadId
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
GetLocaleInfoW
LoadLibraryW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetPrivateProfileIntW
GetPrivateProfileStringW
WideCharToMultiByte
MultiByteToWideChar
CreateThread
Sleep
CopyFileW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
TerminateThread
FindResourceW
LoadResource
LockResource
SizeofResource
CreateEventW
QueryPerformanceCounter
GetLastError

user32

PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
GetSysColorBrush
ReleaseCapture
LoadCursorW
SetCapture
CharUpperW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
PtInRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
wsprintfW
ReleaseDC
GetDC
CopyRect
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
RegisterClipboardFormatW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
MessageBoxW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetCursor
GetDesktopWindow
PostQuitMessage
PostMessageW
GetSystemMetrics
LoadIconW
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageW
DrawIcon

gdi32

GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
CreateBitmap
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateRectRgnIndirect

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteW

comctl32

ord17
ImageList_Destroy

shlwapi

UrlUnescapeW
PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CoRevokeClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

wininet

HttpOpenRequestW
InternetConnectW
FtpOpenFileW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetCanonicalizeUrlW
InternetCrackUrlW
DeleteUrlCacheEntryW

Sections

.text
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ԵqqȺ/ZMConnect.ini
ԵqqȺ/config.dat
ԵqqȺ/data.dat
ԵqqȺ/data/LY/ALCATEL SpeedTouch511e.ini
ԵqqȺ/data/LY/ALPHA A8.ini
ԵqqȺ/data/LY/ALPHA AFW-GR55 mini.ini
ԵqqȺ/data/LY/ALPHA K3.ini
ԵqqȺ/data/LY/ALPHA V4.ini
ԵqqȺ/data/LY/ALPHA VCE.ini
ԵqqȺ/data/LY/ASUS RX3041X.ini
ԵqqȺ/data/LY/ASUS WL530g 2.ini
ԵqqȺ/data/LY/ASUS WL530g.ini
ԵqqȺ/data/LY/AboveCable ACRT2010-11.ini
ԵqqȺ/data/LY/Alpha GR50.ini
ԵqqȺ/data/LY/Aolynk BR104.ini
ԵqqȺ/data/LY/Boc R460.ini
ԵqqȺ/data/LY/D-Link DI-504.ini
ԵqqȺ/data/LY/D-Link DI-524.ini
ԵqqȺ/data/LY/D-Link DI-524M.ini
ԵqqȺ/data/LY/D-Link DI-604+.ini
ԵqqȺ/data/LY/D-Link DI-604.ini
ԵqqȺ/data/LY/D-Link DI-614+.ini
ԵqqȺ/data/LY/D-Link DI-624+A.ini
ԵqqȺ/data/LY/D-Link DI-624.ini
ԵqqȺ/data/LY/D-Link DI-808HV.ini
ԵqqȺ/data/LY/D-Link DIR-100.ini
ԵqqȺ/data/LY/D-Link DIR-300.ini
ԵqqȺ/data/LY/D-Link DIR-600.ini
ԵqqȺ/data/LY/D-Link DIR-615 A1 1.10.ini
ԵqqȺ/data/LY/D-Link DIR-615.ini
ԵqqȺ/data/LY/FAST FR40.ini
ԵqqȺ/data/LY/FAST FR402.ini
ԵqqȺ/data/LY/HL-RT700.ini
ԵqqȺ/data/LY/Hi-Spider Hotel_V3.ini
ԵqqȺ/data/LY/HuaWei 3COM BR104.ini
ԵqqȺ/data/LY/HuaWei 3COM BR204+.ini
ԵqqȺ/data/LY/HuaWei HG520.ini
ԵqqȺ/data/LY/HuaWei WBR204G+.ini
ԵqqȺ/data/LY/HuaWei WBR204G.ini
ԵqqȺ/data/LY/IP-Com 11N.ini
ԵqqȺ/data/LY/IP-Com Soho 2.ini
ԵqqȺ/data/LY/IP-Com Soho 3.ini
ԵqqȺ/data/LY/IP-Com Soho.ini
ԵqqȺ/data/LY/IPTime G100R.ini
ԵqqȺ/data/LY/IPTime N300R.ini
ԵqqȺ/data/LY/KINGNET 3.1.ini
ԵqqȺ/data/LY/KINGNET 3.2.ini
ԵqqȺ/data/LY/KINGNET KN-S1060.ini
ԵqqȺ/data/LY/KINGNET KN-S10602.ini
ԵqqȺ/data/LY/KINGNET KN-S1060T.ini
ԵqqȺ/data/LY/KINGNET KN-WR710H.ini
ԵqqȺ/data/LY/LINKSYS WRT54G.ini
ԵqqȺ/data/LY/LINKSYS WRT54GC.ini
ԵqqȺ/data/LY/LinkSYS 2.00.20.ini
ԵqqȺ/data/LY/LinkSYS BEFSR41.ini
ԵqqȺ/data/LY/LinkSYS BEFW11S4.ini
ԵqqȺ/data/LY/LinkSYS WRK54G(2).ini
ԵqqȺ/data/LY/LinkSYS WRK54G.ini
ԵqqȺ/data/LY/LinkSYS WRV200.ini
ԵqqȺ/data/LY/Mercury MW54R.ini
ԵqqȺ/data/LY/Mercury Soho MR804(2).ini
ԵqqȺ/data/LY/Mercury Soho MR804.ini
ԵqqȺ/data/LY/Motorola G.ini
ԵqqȺ/data/LY/NetCore 2105+NR.ini
ԵqqȺ/data/LY/NetCore 2305NR.ini
ԵqqȺ/data/LY/NetCore 2505+NR.ini
ԵqqȺ/data/LY/NetCore 2805NR.ini
ԵqqȺ/data/LY/NetCore 54M2.ini
ԵqqȺ/data/LY/NetCore 605GR.ini
ԵqqȺ/data/LY/NetCore NR+205.ini
ԵqqȺ/data/LY/NetCore NW715P.ini
ԵqqȺ/data/LY/NetShare R-1200.ini
ԵqqȺ/data/LY/NetShare R-1800.ini
ԵqqȺ/data/LY/NetShare V1.005.ini
ԵqqȺ/data/LY/Netgear WGR614.ini
ԵqqȺ/data/LY/SMC SMC7004VBR.ini
ԵqqȺ/data/LY/TP-LINK TL-WR841N.ini
ԵqqȺ/data/LY/TP-Link 402M.ini
ԵqqȺ/data/LY/TP-Link R4148.ini
ԵqqȺ/data/LY/TP-Link TD-8810.ini
ԵqqȺ/data/LY/TP-Link TD-8820.ini
ԵqqȺ/data/LY/TP-Link TL-R402M.ini
ԵqqȺ/data/LY/TP-Link TL-R410.ini
ԵqqȺ/data/LY/TP-Link TL-R460.ini
ԵqqȺ/data/LY/TP-Link TL-R860 860M.ini
ԵqqȺ/data/LY/TP-Link TL-R860+.ini
ԵqqȺ/data/LY/TP-Link TL-WR340G V5.ini
ԵqqȺ/data/LY/TP-Link TL-WR340G.ini
ԵqqȺ/data/LY/TP-Link TL-WR641G 642G.ini
ԵqqȺ/data/LY/TP-Link TL-WR740N.ini
ԵqqȺ/data/LY/TP-Link TL-WR941N TL-WR942N.ini
ԵqqȺ/data/LY/Tenda NAT Router.ini
ԵqqȺ/data/LY/Tenda R01-029.ini
ԵqqȺ/data/LY/Tenda Soho(2).ini
ԵqqȺ/data/LY/Tenda Soho.ini
ԵqqȺ/data/LY/Tenda TEI168SK.ini
ԵqqȺ/data/LY/Tenda TEI402.ini
ԵqqȺ/data/LY/Tenda TEI402M.ini
ԵqqȺ/data/LY/Tenda TEI480T+.ini
ԵqqȺ/data/LY/Tenda TEI6606.ini
ԵqqȺ/data/LY/Tenda TEI6608.ini
ԵqqȺ/data/LY/Tenda TEI6608S 2.ini
ԵqqȺ/data/LY/Tenda TEI6608S.ini
ԵqqȺ/data/LY/Tenda TEI6611S.ini
ԵqqȺ/data/LY/Tenda W311R.ini
ԵqqȺ/data/LY/Tenda W541R.ini
ԵqqȺ/data/LY/UCOM URS-983(2).ini
ԵqqȺ/data/LY/UCOM URS-983.ini
ԵqqȺ/data/LY/Vigor 2901.ini
ԵqqȺ/data/LY/Wealnet R-2804P.ini
ԵqqȺ/data/LY/Wealnet R-2808M.ini
ԵqqȺ/do.dll
.exe windows x86

71a5ac3a6f1e0ba2e046d6214857d51f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

socket

rasapi32

RasEnumEntriesA

kernel32

MultiByteToWideChar

user32

ScreenToClient

gdi32

GetViewportExtEx

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

ShellExecuteA

ole32

CLSIDFromProgID

oleaut32

VariantChangeType

comctl32

ImageList_GetIcon

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseFontA

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ԵqqȺ/˺ʾĵ.txt
ԵqqȺ/Ƶ̳.url
.url
ԵqqȺ/ԵQQȺѰ.exe
.exe windows x86

cca0616ecfe0b1a3da2e7efded525b7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
CreateSemaphoreA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
InterlockedIncrement

user32

OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
GetClipboardData
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
CloseClipboard
wsprintfA
EqualRect
GetWindowRect
SetForegroundWindow
WaitForInputIdle
IsWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
UnregisterClassA
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture

gdi32

SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
CreateRectRgnIndirect
SetBkColor
CreatePen
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleUninitialize
CLSIDFromString
OleInitialize

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

comctl32

ImageList_Destroy
ord17

ws2_32

recv
getpeername
accept
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket
WSACleanup
inet_ntoa

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Sections

.text
Size: 396KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ԵqqȺ/Ե.url
.url
˵.htm
.html .js

Sharing

General

Malware Config

Signatures

Files

7e7d89e0156061bb052824ba9d8ca9f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

dbghelp

gdiplus

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

2602dd552bd947a775daabdea0765381

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

ws2_32

wininet

gdiplus

dbghelp

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 8KB - Virtual size: 192KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 36KB - Virtual size: 35KB

59cfc95720caffe9590634684a305ed2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

Sections

.text Size: 208KB - Virtual size: 206KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 12KB - Virtual size: 53KB

.rsrc Size: 20KB - Virtual size: 19KB

71a5ac3a6f1e0ba2e046d6214857d51f

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 8KB - Virtual size: 192KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 36KB - Virtual size: 35KB

.text
Size: 208KB - Virtual size: 206KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 12KB - Virtual size: 53KB

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.sedata
Size: 1.1MB - Virtual size: 1.1MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.sedata
Size: 4KB - Virtual size: 4KB

.text
Size: 396KB - Virtual size: 394KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 60KB - Virtual size: 121KB

.rsrc
Size: 32KB - Virtual size: 28KB