da9e56c2024fe19b1c9cc48154fc21cb559a9af23523963cb5471ec612eab8e5

Sharing

Copy URL

Twitter E-mail

General

Target

da9e56c2024fe19b1c9cc48154fc21cb559a9af23523963cb5471ec612eab8e5
Size

739KB
MD5

e064641d44e060ada02230fae6cd3e0c
SHA1

6d4bb5f7acb81c1863a3aac4326b8242a9f3901e
SHA256

da9e56c2024fe19b1c9cc48154fc21cb559a9af23523963cb5471ec612eab8e5
SHA512

65b5d4e73c0c19225d294c9346048ce95b79bd09edd23b8c15e92983d22fbc9fa17d29a72c0148d4ce3f179ac5ac6b91238492bccc68f6e68e987297beea1936
SSDEEP

12288:qxaiOsMTO9CowyblvhU3J1iwd/ZrP6z+ilzgzXAVOKkNVGBYiTP2L:qxUst9CVkl5c1iwd/lctVVO3QxeL

Score

8^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
static1/unpack001/EChartBar.fne	aspack_v212_v242
static1/unpack001/TrayIcon.fne	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/yhzj.exe	upx

Files

da9e56c2024fe19b1c9cc48154fc21cb559a9af23523963cb5471ec612eab8e5
.rar
1001下载乐园.url
.url
EChartBar.fne
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetNewInf

Sections

.text
Size: 60KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TrayIcon.fne
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetNewInf

Sections

.text
Size: 43KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.beyond
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
eAPI.fne
.dll windows x86

2748fbb5bf9220029440732ff2c45774

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

SendARP
GetAdaptersInfo

shlwapi

PathAppendA
PathFileExistsA
SHDeleteValueA
SHDeleteKeyA

mpr

WNetAddConnection2A
WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
WNetCancelConnection2A

winmm

waveOutGetDevCapsA
mciSendStringA
waveOutGetNumDevs

ws2_32

inet_ntoa
gethostname
gethostbyname
inet_addr
WSAStartup
gethostbyaddr
WSACleanup
closesocket
connect
htons
socket
sendto

version

GetFileVersionInfoSizeA
VerLanguageNameA
VerQueryValueA
GetFileVersionInfoA

kernel32

lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GetModuleFileNameA
MulDiv
lstrcpynA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetFileTime
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GetCurrentThread
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTime
GetLocalTime
GetCommandLineA
ExitProcess
HeapSize
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentThreadId
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
WinExec
lstrcatA
WriteProfileStringA
SetLastError
GetProfileStringA
CreateDirectoryA
GetSystemDirectoryA
EnumResourceNamesA
CopyFileA
Sleep
GetWindowsDirectoryA
GetTempPathA
GlobalMemoryStatus
Module32First
Module32Next
OpenProcess
TerminateProcess
InterlockedExchange
GetDriveTypeA
GetVolumeInformationA
GetLastError
GetFileSize
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
FindNextFileA
FindClose
DeleteFileA
MultiByteToWideChar
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GlobalAlloc
LoadLibraryExA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcpyA
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
CreateToolhelp32Snapshot
Process32First
Process32Next
WriteFile
ReadFile
SetFilePointer
GetLocaleInfoA
GetSystemDefaultLangID
GetTimeZoneInformation
CreateFileA
DeviceIoControl
CloseHandle
lstrlenA
GetModuleHandleA
GetVersion
GetVersionExA
LoadLibraryA
GetProcAddress
GetCurrentProcess
FreeLibrary
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalHandle

user32

IsDialogMessageA
SetWindowPos
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
CharUpperA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
PeekMessageA
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
EnableWindow
SetCursor
PostMessageA
PostQuitMessage
WindowFromPoint
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
EnumWindows
IsWindow
FindWindowExA
IsRectEmpty
GetCursorPos
SetWindowLongA
GetDlgItem
ShowWindow
UpdateWindow
SystemParametersInfoA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SendMessageTimeoutA
SendMessageA
FindWindowA
GetWindowThreadProcessId
SetCursorPos
mouse_event
keybd_event
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClassNameA
GetWindowTextA
GetDesktopWindow
GetWindowRect
ReleaseCapture
SetCapture
GetSystemMetrics
LoadImageA
VkKeyScanExA
GetDC
ReleaseDC
GetKeyboardLayout
wsprintfA
SendDlgItemMessageA
GetMenuItemCount
SetWindowTextA
GetDlgCtrlID
LoadStringA
UnregisterClassA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
LoadBitmapA
DestroyWindow
GetKeyboardState

gdi32

Escape
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
GetObjectA
EnumFontFamiliesExA
AddFontResourceA
RemoveFontResourceA
GetDeviceCaps
GetPixel
CreateCompatibleBitmap
CreateDCA
GetDIBits
RealizePalette
SelectPalette
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
DeleteObject

comdlg32

PrintDlgA
GetFileTitleA

winspool.drv

GetPrinterA
DocumentPropertiesA
ClosePrinter
SetPrinterA
OpenPrinterA
EnumPrintersA

advapi32

RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
RegOpenKeyExA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AddAce
InitializeAcl
FreeSid
AllocateAndInitializeSid
RegGetKeySecurity
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA

shell32

SHGetSpecialFolderPathA
SHEmptyRecycleBinA
SHChangeNotify
ShellExecuteA

comctl32

ord17

ole32

CoCreateGuid
CoCreateInstance

wininet

InternetOpenUrlA
InternetCloseHandle
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
InternetGetConnectedState
InternetOpenA

Exports

Exports

GetNewInf

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
krnln.fnr
.dll windows x86

b7342edbc599dd0faf5343898f1df142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiOutUnprepareHeader
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
PlaySoundA

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
FormatMessageA
lstrcmpA
GetCurrentThread
ResumeThread
SetThreadPriority
SuspendThread
CreateMutexA
ReleaseMutex
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
ExitThread
GetACP
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetEnvironmentVariableW
SetEnvironmentVariableA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetStdHandle
GetFileTime
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetVersion
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpynA
SetLastError
SetCommTimeouts
SetCommMask
GetCommState
SetCommState
WriteFile
ReadFile
PurgeComm
WaitCommEvent
ClearCommError
GetLastError
WaitForMultipleObjects
GetOverlappedResult
GetCommModemStatus
SetEvent
GetProfileStringA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetComputerNameA
EscapeCommFunction
CreateEventA
ResetEvent
OutputDebugStringA
ExpandEnvironmentStringsA
GlobalAlloc
GetTempPathA
SetFileAttributesA
GetFileAttributesA
MoveFileA
CopyFileA
CreateDirectoryA
SetVolumeLabelA
GetDiskFreeSpaceA
SetLocalTime
GetCommandLineA
CreateProcessA
SetCurrentDirectoryA
GetCurrentThreadId
GetModuleHandleA
GlobalSize
GlobalLock
GlobalFree
lstrcatA
WinExec
lstrcpyA
GetCurrentDirectoryA
GetLogicalDriveStringsA
GetDriveTypeA
GetVolumeInformationA
GlobalUnlock
GlobalReAlloc
HeapFree
HeapReAlloc
ExitProcess
HeapAlloc
WaitForSingleObject
GetProcessHeap
FindResourceA
LoadResource
LockResource
CreateThread
GetModuleFileNameA
Sleep
MulDiv
DeleteFileA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
OpenFile
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
CloseHandle
DeviceIoControl
GetVersionExA
GetFullPathNameA
lstrlenW
lstrlenA
GetUserDefaultLCID
GetTickCount
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
HeapSize

user32

GetClassNameA
GetDesktopWindow
UnregisterClassA
LoadStringA
GetSysColorBrush
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
GetNextDlgTabItem
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
ShowWindow
IsWindowEnabled
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
DeleteMenu
LoadIconA
CreateCursor
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
GetMessageA
SetRectEmpty
RegisterClipboardFormatA
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
SetCursor
InvertRect
ScrollDC
TrackPopupMenu
SetForegroundWindow
PostMessageA
LockWindowUpdate
MessageBeep
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
SetCursorPos
SetMenu
SetFocus
PeekMessageA
IsIconic
SetActiveWindow
DestroyMenu
SetWindowPos
GetActiveWindow
GetTopWindow
GetWindow
DestroyAcceleratorTable
DestroyCursor
SetWindowRgn
ScreenToClient
ChildWindowFromPointEx
WinHelpA
KillTimer
SetTimer
GetScrollRange
SetScrollRange
SetScrollPos
SetParent
IsWindowVisible
GetWindowLongA
SetWindowLongA
TranslateMessage
DispatchMessageA
UpdateWindow
GetDC
ReleaseDC
LoadImageA
MessageBoxA
LoadBitmapA
GetKeyState
DestroyIcon
IsChild
IsRectEmpty
GetFocus
IntersectRect
EqualRect
CharUpperA
EndDialog
CreateDialogIndirectParamA
TranslateAcceleratorA
WindowFromPoint
GetMenu
GetSubMenu
EnableMenuItem
AdjustWindowRect
LoadCursorA
GetCapture
ClientToScreen
wsprintfA
GetDlgCtrlID
InvalidateRect
ReleaseCapture
GetMessagePos
PtInRect
GetClientRect
GetCursorPos
SetCapture
SystemParametersInfoA
EnableWindow
SetRect
IsWindow
RedrawWindow
CopyRect
FillRect
GetSystemMetrics
DrawFrameControl
DrawEdge
InflateRect
OffsetRect
DrawFocusRect
GetWindowRect
GetParent
SendMessageA
GetSysColor
ValidateRect

gdi32

GetClipBox
SetTextColor
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
MoveToEx
LineTo
SetPixelV
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
LPtoDP
Pie
Chord
Arc
Polygon
EndDoc
StartPage
EndPage
DPtoLP
CreateBrushIndirect
CreateHatchBrush
CreatePatternBrush
Ellipse
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetSystemPaletteEntries
SelectPalette
GetDIBits
GetObjectA
GetDeviceCaps
RealizePalette
CreatePen
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
CreateDIBSection
ExtCreateRegion
CreateRectRgnIndirect
CreateDCA
StartDocA
Rectangle
RoundRect
FillRgn
GetCurrentObject
CombineRgn
CreateRectRgn
GetClipRgn
CreatePolygonRgn
SelectClipRgn
CreateDIBitmap
CreateCompatibleBitmap
CreateBitmap
SetBkColor
SelectObject
SetStretchBltMode
StretchBlt
DeleteDC
DeleteObject
GetWindowExtEx
PatBlt
CreateCompatibleDC
BitBlt
CreateSolidBrush
GetStockObject
GetPixel

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
ChooseColorA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ord17
ImageList_Destroy
ImageList_LoadImageA

ole32

OleRun
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
OleUninitialize
OleInitialize
CLSIDFromProgID

olepro32

ord253
ord252

oleaut32

VarDateFromStr
SafeArrayPutElement
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
UnRegisterTypeLi
SysAllocString
VariantCopyInd
VariantInit
VariantChangeType
VariantClear
GetActiveObject
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi

ws2_32

connect
listen
recvfrom
sendto
getpeername
accept
ioctlsocket
recv
WSACleanup
setsockopt
socket
htonl
bind
htons
WSAAsyncSelect
closesocket
send
select
gethostbyname
inet_ntoa
inet_addr
gethostbyaddr
gethostname
WSAStartup

Exports

Exports

GetNewInf
GetNewSock

Sections

.text
Size: 752KB - Virtual size: 750KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
main.dat
.exe windows x86

821c455b475c3595aa1e4e6ad93e77fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
TerminateProcess
GetCommandLineA
GetProcessWorkingSetSize
SetProcessWorkingSetSize
OpenProcess
CloseHandle
VirtualAlloc
VirtualFree
GetLastError

msvcrt

strncpy
strrchr
toupper
strstr
_strdup
strncat
printf
strchr
isspace
isdigit
_strupr
malloc
_exit
_XcptFilter
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp
__set_app_type
_except_handler3
_c_exit
__p__fmode

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

user32

EnumDesktopsA
EnumWindows
GetWindowThreadProcessId
GetWindow
GetWindowLongA
GetWindowTextA
FindWindowExA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseDesktop
CloseWindowStation
EnumWindowStationsA

ntdll

NtSetSystemInformation
RtlUnicodeStringToAnsiString
NtQuerySystemInformation

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xplib.fne
.dll windows x86

5b7f843bf547147dbbc7560c3e69ffcf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
GetLastError
TlsGetValue
SetLastError
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetVersion
HeapFree
DeleteCriticalSection
GetProcessHeap
HeapAlloc
lstrcmpiA
FreeLibrary
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
TlsFree
TlsAlloc
InitializeCriticalSection
GetFileType
RtlUnwind
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TlsSetValue
GetStringTypeW

user32

GetSystemMetrics
DrawFocusRect
GetWindowTextA
OffsetRect
DrawTextA
CopyRect
GetSysColor
FrameRect
InflateRect
GetSysColorBrush
GetWindowRect
GetWindowDC
GetClientRect
CallWindowProcA
GetDC
ReleaseDC
DefWindowProcA
CallNextHookEx
EnumChildWindows
GetFocus
SetWindowLongA
RedrawWindow
FillRect
GetClassNameA
GetWindowLongA
SendMessageA
EnumThreadWindows
UnhookWindowsHookEx
SetWindowsHookExA
GetParent

gdi32

GetTextMetricsA
Ellipse
Arc
CreateEllipticRgnIndirect
SelectClipRgn
SetTextColor
LineTo
GetStockObject
CreatePen
SetPixel
DeleteObject
DeleteDC
CreateCompatibleDC
SetBkMode
SelectObject
CreateCompatibleBitmap
BitBlt
GetObjectA
CreateSolidBrush
MoveToEx

msimg32

GradientFill

comctl32

_TrackMouseEvent

Exports

Exports

GetNewInf

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yhzj.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.UPX1
Size: 512B - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 49KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
使用说明.txt
绿色.reg

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 136KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 76KB

.rsrc Size: 4KB - Virtual size: 12KB

.reloc Size: 7KB - Virtual size: 20KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 80KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 3KB - Virtual size: 72KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 16KB

.beyond Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

2748fbb5bf9220029440732ff2c45774

Headers

File Characteristics

Imports

iphlpapi

shlwapi

mpr

winmm

ws2_32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

wininet

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 44KB - Virtual size: 107KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 28KB - Virtual size: 25KB

b7342edbc599dd0faf5343898f1df142

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 752KB - Virtual size: 750KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 60KB - Virtual size: 121KB

.text
Size: 60KB - Virtual size: 136KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 76KB

.rsrc
Size: 4KB - Virtual size: 12KB

.reloc
Size: 7KB - Virtual size: 20KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 43KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 3KB - Virtual size: 72KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 16KB

.beyond
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 44KB - Virtual size: 107KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 28KB - Virtual size: 25KB

.text
Size: 752KB - Virtual size: 750KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 60KB - Virtual size: 121KB

.rsrc
Size: 60KB - Virtual size: 57KB

.reloc
Size: 68KB - Virtual size: 65KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 2.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.UPX1
Size: 512B - Virtual size: 100KB

.UPX1
Size: 49KB - Virtual size: 65KB