eaab3c3ba755d54b6b4f10b5127580956d8f51c729c3dbc19dc1deb5285ce3d3

Sharing

Copy URL Twitter E-mail

General

Target

eaab3c3ba755d54b6b4f10b5127580956d8f51c729c3dbc19dc1deb5285ce3d3
Size

7.0MB
MD5

f7e6ae3f136e2326c2188cd16be88fbc
SHA1

fb4f0f99abf535b395a83789ae33407f7d6da2db
SHA256

eaab3c3ba755d54b6b4f10b5127580956d8f51c729c3dbc19dc1deb5285ce3d3
SHA512

30f432f6f6c4f28e6c3a78b39e7ba0c7f583f8b6fe6983bf7af10f5892f2f203442f6734ff0f8e2854eabab923eb11ad01990472e87b6fdd3d607265fcf56557
SSDEEP

98304:lg7OsvLdH8gd876hMhKR1PHT/mozU7A+6RV/HoF6TMElbohFodRhlp0pMwRd1xjB:lg6Y5CIR1Lmoz66RhoEIEJsq3Ytv1xK+

Score

N/A

Malware Config

Signatures

Files

eaab3c3ba755d54b6b4f10b5127580956d8f51c729c3dbc19dc1deb5285ce3d3
.rar
DeathByCaptcha.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FastVerCode.dll
.dll windows x86

017785871c1f37a427a9fc5babf86964

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameA
GetProcessVersion
GetFileAttributesA
GetFileSize
GetFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetTimeZoneInformation
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
GetACP
HeapSize
HeapReAlloc
SetStdHandle
GetFileType
GlobalAddAtomA
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFindAtomA
GetModuleHandleA
WritePrivateProfileStringA
GlobalFlags
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
FindFirstFileA
FindClose
LoadLibraryA
LocalAlloc
lstrcpyA
lstrcpynA
GetLastError
SetLastError
FreeLibrary
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
CloseHandle
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
InitializeCriticalSection

user32

RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetSystemMetrics
CharUpperA
wsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
PeekMessageA
PostQuitMessage
PostMessageA
SendMessageA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetMapMode
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetTextColor
RestoreDC
SetBkColor
GetStockObject
SaveDC
DeleteDC
CreateBitmap
DeleteObject
SelectObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

wininet

InternetGetLastResponseInfoA
InternetSetOptionA
InternetOpenA
InternetCloseHandle
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA

shlwapi

StrToIntA

Exports

Exports

GetUserInfo
GetUserInfo_A
RecByte
RecByte_A
RecYZM
RecYZM_A
Reglz
ReportError

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.Microrui.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ManyQQ.exe
.exe windows x86

67fdc237b514ec9fab9c4500917eb60f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc

Sections

Size: 72KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eanhsbmm
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hmxrngco
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Microrui.dll
.dll regsvr32 windows x86

6b070756e4dc7f07221bc74d3c190636

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord518
ord662
ord593
ord594
ord595
ord598
ord631
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord569
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord716
ord717
ProcCallEngine
ord535
ord644
ord570
ord648
ord571
ord573
ord578
ord685
ord101
ord102
ord103
ord104
ord610
ord105
ord612
ord617
ord619
ord546

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUWiseHelper.dll
.dll windows x86

c2797390603dd35723e9f16b17b123dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
WideCharToMultiByte
Sleep
MultiByteToWideChar
DeleteFileA
HeapFree
GetProcessHeap
GetLastError
CreateFileA
GetFileSize
SetFilePointer
WriteFile
ReadFile
IsDBCSLeadByteEx
CloseHandle
HeapAlloc
SetLastError
SetEndOfFile
LoadLibraryA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetConsoleCP
GetConsoleMode
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
GetACP

ole32

CoTaskMemFree
CoCreateGuid

shlwapi

PathFileExistsA

wininet

HttpOpenRequestA
InternetWriteFile
HttpSendRequestA
HttpEndRequestA
InternetReadFile
InternetConnectA
HttpSendRequestExA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
InternetSetOptionA

urlmon

FindMimeFromData

Exports

Exports

ScreenCaptureJPGFile
ScreenCaptureJPGStream
getResult
getScore
login
pay
recognizeByByte
recognizeByCodeTypeAndBytes
recognizeByCodeTypeAndPath
recognizeByPath
recognizeByStream
recognizeImgFile
recognizeImgStream
recognizeWithIdByByte
recognizeWithIdByPath
recognizeWithIdByStream
regUser
reportError
setSoftInfo
setTimeOut
uploadByPicChars
uploadByPicPath

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 20KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 788B

.reloc Size: 512B - Virtual size: 12B

017785871c1f37a427a9fc5babf86964

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

wininet

shlwapi

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 108KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 16KB - Virtual size: 15KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 512B - Virtual size: 12B

67fdc237b514ec9fab9c4500917eb60f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

Size: 72KB - Virtual size: 148KB

.rsrc Size: 3.5MB - Virtual size: 3.5MB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 3.4MB

eanhsbmm Size: 3.3MB - Virtual size: 3.3MB

hmxrngco Size: 512B - Virtual size: 4KB

6b070756e4dc7f07221bc74d3c190636

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.data Size: - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

c2797390603dd35723e9f16b17b123dd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

shlwapi

wininet

urlmon

.text
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 788B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

.idata
Size: 512B - Virtual size: 4KB

eanhsbmm
Size: 3.3MB - Virtual size: 3.3MB

hmxrngco
Size: 512B - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 41KB

.data
Size: - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 10KB - Virtual size: 10KB