aa1b0f3bd54945031a6b24a0fbf70ebe5e0f763201cadf5a79f5feed33cae1e3

Sharing

Copy URL Twitter E-mail

General

Target

aa1b0f3bd54945031a6b24a0fbf70ebe5e0f763201cadf5a79f5feed33cae1e3
Size

2.8MB
MD5

823f0881688be1b7c43c9bdca241359b
SHA1

91adb3ac3cdd10968f589fc0268ba88d94bfca8e
SHA256

aa1b0f3bd54945031a6b24a0fbf70ebe5e0f763201cadf5a79f5feed33cae1e3
SHA512

c34f630bbf6a51c6d1c8c06df08fcf5e88ffa308029f5b8e58b4a4e75550ca6dbaa9b71cff1207f53ed4fe3298b22951db2c94550a0e78e79546924d8d2b4fe3
SSDEEP

49152:V+DzGOe4osmmkJSgz4Jc7xe+ZP5W0MMpN/J0rRS/y3HAxa:+y4/24JEvZ/SI/yz

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/龙枪.exe	upx

Files

aa1b0f3bd54945031a6b24a0fbf70ebe5e0f763201cadf5a79f5feed33cae1e3
.zip
bass.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelFlags
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttribute
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelLock
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttribute
BASS_ChannelSetDSP
BASS_ChannelSetDevice
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttribute
BASS_ChannelStop
BASS_ChannelUpdate
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXReset
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetConfigPtr
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceInfo
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicLoad
BASS_Pause
BASS_PluginFree
BASS_PluginGetInfo
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceInfo
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetChannels
BASS_SampleGetData
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetData
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetConfigPtr
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamPutData
BASS_StreamPutFileData
BASS_Update
_

Sections

Size: 100KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dat_0.sz
dat_8384.sz
data_CHS.sz
data_ENG.sz
libogg.dll
.dll windows x86

79c83d46aed46a0ad70d9407308325aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr120

_lock
_unlock
_calloc_crt
__dllonexit
_initterm_e
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
memchr
realloc
malloc
free
_onexit
memmove
memcpy
memset

kernel32

IsDebuggerPresent
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
IsProcessorFeaturePresent

Exports

Exports

ogg_packet_clear
ogg_page_bos
ogg_page_checksum_set
ogg_page_continued
ogg_page_eos
ogg_page_granulepos
ogg_page_packets
ogg_page_pageno
ogg_page_serialno
ogg_page_version
ogg_stream_clear
ogg_stream_destroy
ogg_stream_eos
ogg_stream_flush
ogg_stream_init
ogg_stream_packetin
ogg_stream_packetout
ogg_stream_packetpeek
ogg_stream_pagein
ogg_stream_pageout
ogg_stream_reset
ogg_stream_reset_serialno
ogg_sync_buffer
ogg_sync_clear
ogg_sync_destroy
ogg_sync_init
ogg_sync_pageout
ogg_sync_pageseek
ogg_sync_reset
ogg_sync_wrote
oggpackB_adv
oggpackB_adv1
oggpackB_bits
oggpackB_bytes
oggpackB_get_buffer
oggpackB_look
oggpackB_look1
oggpackB_read
oggpackB_read1
oggpackB_readinit
oggpackB_reset
oggpackB_write
oggpackB_writealign
oggpackB_writeclear
oggpackB_writecopy
oggpackB_writeinit
oggpackB_writetrunc
oggpack_adv
oggpack_adv1
oggpack_bits
oggpack_bytes
oggpack_get_buffer
oggpack_look
oggpack_look1
oggpack_read
oggpack_read1
oggpack_readinit
oggpack_reset
oggpack_write
oggpack_writealign
oggpack_writeclear
oggpack_writecopy
oggpack_writeinit
oggpack_writetrunc

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
liboggz.dll
.dll windows x86

fd19433ef0f0cf5d6fca3f7efd735afd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libogg

ogg_stream_flush
ogg_stream_pageout
ogg_stream_packetin
ogg_stream_reset
ogg_sync_reset
ogg_page_serialno
ogg_page_granulepos
ogg_page_continued
ogg_stream_packetout
ogg_stream_pagein
ogg_sync_pageseek
ogg_sync_wrote
ogg_sync_buffer
ogg_sync_clear
ogg_sync_init
ogg_page_bos
ogg_stream_clear
ogg_stream_init

kernel32

GetOEMCP
SetEnvironmentVariableA
SetEndOfFile
CreateFileW
HeapSize
GetTimeZoneInformation
WriteConsoleW
LCMapStringW
CompareStringW
GetStringTypeW
OutputDebugStringW
LoadLibraryExW
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
HeapReAlloc
ReadFile
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileType
PeekNamedPipe
FileTimeToSystemTime
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetCurrentThreadId
GetProcessHeap
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
IsDebuggerPresent
IsProcessorFeaturePresent
CloseHandle
RtlUnwind
IsValidCodePage
GetACP
GetCPInfo
SetLastError
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
ReadConsoleW
SetFilePointerEx
GetStartupInfoW
SetStdHandle
RaiseException
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW

Exports

Exports

oggz_close
oggz_comment_add
oggz_comment_add_byname
oggz_comment_first
oggz_comment_first_byname
oggz_comment_get_vendor
oggz_comment_next
oggz_comment_next_byname
oggz_comment_remove
oggz_comment_remove_byname
oggz_comment_set_vendor
oggz_comments_copy
oggz_comments_generate
oggz_flush
oggz_get_bos
oggz_get_eos
oggz_get_granulerate
oggz_get_granuleshift
oggz_get_numtracks
oggz_io_get_flush_user_handle
oggz_io_get_read_user_handle
oggz_io_get_seek_user_handle
oggz_io_get_tell_user_handle
oggz_io_get_write_user_handle
oggz_io_set_flush
oggz_io_set_read
oggz_io_set_seek
oggz_io_set_tell
oggz_io_set_write
oggz_new
oggz_open
oggz_open_stdio
oggz_purge
oggz_read
oggz_read_input
oggz_run
oggz_run_set_blocksize
oggz_seek
oggz_seek_units
oggz_serialno_new
oggz_set_data_start
oggz_set_granulerate
oggz_set_granuleshift
oggz_set_metric
oggz_set_metric_linear
oggz_set_read_callback
oggz_set_read_page
oggz_stream_get_content
oggz_stream_get_content_type
oggz_stream_get_numheaders
oggz_table_delete
oggz_table_insert
oggz_table_lookup
oggz_table_new
oggz_table_nth
oggz_table_remove
oggz_table_size
oggz_tell
oggz_tell_granulepos
oggz_tell_units
oggz_write
oggz_write_feed
oggz_write_get_next_page_size
oggz_write_output
oggz_write_set_hungry_callback
ot_fprint_bytes
ot_fprint_granulepos
ot_fprint_time
ot_init
ot_page_identify
ot_print_bitrate
ot_print_short_options

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib1.dll
.dll windows x86

d9b9d7a2f1614a9d320d410ee337092f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr120

strerror
_vsnprintf
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__CppXcptFilter
_amsg_exit
_malloc_crt
memchr
_initterm_e
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_except_handler4_common
_errno
_wopen
_lseeki64
malloc
free
wcstombs
_snprintf
memset
_initterm
memcpy
_open
_close
_read
_write

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
DisableThreadLibraryCalls

Exports

Exports

adler32
adler32_combine
adler32_combine64
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明(1).txt
数码资源网.url
.url
真三国无双7DLC添加用辅助工具.exe
.exe windows x86

61e0222b57607a5c9d1a8ae2bd3c005f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

zlib1

uncompress

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

winmm

PlaySoundW

bass

BASS_SetConfig
BASS_Stop
BASS_StreamFree
BASS_Init
BASS_ChannelGetInfo
BASS_ChannelGetAttribute
BASS_ChannelGetLength
BASS_ChannelBytes2Seconds
BASS_ChannelSeconds2Bytes
BASS_ChannelSetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelFlags
BASS_ChannelRemoveSync
BASS_ChannelSetSync
BASS_ChannelPlay
BASS_ChannelPause
BASS_ChannelStop
BASS_GetVersion
BASS_StreamCreateFile
BASS_Free

libogg

ogg_page_bos

liboggz

ord1
ord43
ord44
ord5
ord47
ord100
ord45
ord63
ord48
ord49
ord102
ord46
ord51
ord62
ord52
ord61
ord16
ord11
ord10
ord12
ord9
ord58
ord68
ord3
ord2
ord18

kernel32

GetProfileIntW
Sleep
VirtualProtect
FindResourceExW
GetUserDefaultLCID
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
CreateThread
ExitThread
HeapQueryInformation
GetSystemTimeAsFileTime
GetSystemInfo
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeW
ReadConsoleW
OutputDebugStringW
IsValidLocale
EnumSystemLocalesW
LCMapStringW
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
GlobalFlags
VerifyVersionInfoW
VerSetConditionMask
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalGetAtomNameW
ResumeThread
GetTickCount
SetThreadPriority
WaitForSingleObject
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
GetCurrentThread
GetVersionExW
FileTimeToSystemTime
FindNextFileW
FileTimeToLocalFileTime
lstrcmpA
GetThreadLocale
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
GetCurrentThreadId
GetCurrentProcessId
GetProcAddress
GetModuleHandleW
GetModuleHandleA
FreeResource
OutputDebugStringA
SetLastError
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
DeleteFileW
CopyFileW
GetModuleFileNameW
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
GetLastError
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
ReadFile
CreateDirectoryW
WriteFile
SetFilePointerEx
CloseHandle
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
FreeLibrary
LoadLibraryW
SearchPathW
GetTempFileNameW
GetTempPathW
GetWindowsDirectoryW

user32

LockWindowUpdate
GetDoubleClickTime
GetIconInfo
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
GetUpdateRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
LoadAcceleratorsW
CreateAcceleratorTableW
RegisterClipboardFormatW
CharUpperBuffW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
FrameRect
PostThreadMessageW
HideCaret
InvertRect
GetKeyNameTextW
SubtractRect
IsClipboardFormatAvailable
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
CreateMenu
DestroyCursor
GetWindowRgn
CreatePopupMenu
NotifyWinEvent
WindowFromPoint
MessageBeep
DeleteMenu
GetSystemMenu
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetAsyncKeyState
IsZoomed
TrackMouseEvent
IntersectRect
RealChildWindowFromPoint
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
SetLayeredWindowAttributes
LoadCursorW
SetCursor
ShowOwnedPopups
TranslateMessage
GetMessageW
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
SendDlgItemMessageA
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
LoadMenuW
CharUpperW
IsDialogMessageW
SetWindowTextW
IsDlgButtonChecked
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
BringWindowToTop
GetScrollInfo
SetScrollInfo
GetWindow
GetTopWindow
GetClassLongW
SetWindowLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
PtInRect
GetCursorPos
GetFocus
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxW
GetDesktopWindow
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
LoadBitmapW
GetClassNameW
FillRect
InvalidateRect
UpdateWindow
DrawStateW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
LoadIconW
UnregisterClassW
SetCursorPos
LoadImageW
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
GetNextDlgGroupItem
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
GetMenuItemInfoW
GetSysColor
GetWindowRect
CopyImage
MonitorFromPoint
UnionRect
EnableScrollBar
DestroyMenu
UpdateLayeredWindow
IsMenu
SetMenuDefaultItem
WinHelpW
GetMenuDefaultItem
EnableWindow
SendMessageW
GetParent
RemovePropW
WaitMessage

gdi32

CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
SetTextColor
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateHatchBrush
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
PatBlt
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
CreateCompatibleBitmap
CreateDIBitmap
CreateFontIndirectW
EnumFontFamiliesW
GetTextCharsetInfo
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
CreateDIBSection
GetRgnBox
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceW
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
CreateCompatibleDC
CreateBitmap
BitBlt
GetObjectW
GetStockObject
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateRectRgnIndirect
DeleteDC
SetBkMode
SetBkColor
SetTextAlign

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

shell32

DragFinish
SHGetPathFromIDListW
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
SHBrowseForFolderW
DragQueryFileW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
PathIsDirectoryW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

GetCurrentThemeName
DrawThemeParentBackground
DrawThemeText
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
DrawThemeBackground
CloseThemeData
OpenThemeData
IsAppThemed
GetThemeColor

ole32

OleDestroyMenuDescriptor
CoTaskMemFree
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoCreateInstance
OleTranslateAccelerator
CoRegisterMessageFilter
CoRevokeClassObject
IsAccelerator
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData

oleaut32

SysStringLen
VariantInit
VariantClear
VariantChangeType
SafeArrayDestroy
SystemTimeToVariantTime
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantTimeToSystemTime
SysAllocString
SysFreeString
SysAllocStringLen

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
龙枪.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 697KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 100KB - Virtual size: 288KB

.rsrc Size: 576B - Virtual size: 4KB

Size: - Virtual size: 8KB

Size: 4KB - Virtual size: 3KB

79c83d46aed46a0ad70d9407308325aa

Headers

DLL Characteristics

File Characteristics

Imports

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 852B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 400B

fd19433ef0f0cf5d6fca3f7efd735afd

Headers

DLL Characteristics

File Characteristics

Imports

libogg

kernel32

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

d9b9d7a2f1614a9d320d410ee337092f

Headers

DLL Characteristics

File Characteristics

Imports

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 936B

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 1KB - Virtual size: 1KB

61e0222b57607a5c9d1a8ae2bd3c005f

Headers

DLL Characteristics

File Characteristics

Imports

zlib1

d3d9

d3dx9_43

winmm

bass

libogg

liboggz

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

.rsrc
Size: 576B - Virtual size: 4KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 852B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 400B

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 936B

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 373KB - Virtual size: 372KB

.data
Size: 27KB - Virtual size: 70KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 143KB - Virtual size: 146KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 697KB - Virtual size: 700KB

.rsrc
Size: 20KB - Virtual size: 24KB