General

Malware Config

Signatures

Files

• b994082bf085ff3d7766dfef6225609baff77932c65c75539c73e4782f68883f

  .rar
• LOLxzs/LOLPatch.exe

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Sections

  UPX0

  Size: - Virtual size: 104KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX1

  Size: 13KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 16KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• out.upx

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Sections

  .text

  Size: 36KB - Virtual size: 32KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 54KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 16KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• LOLxzs/当客软件园.url

  .url
• LOLxzs/英雄联盟小助手vip版.exe

  .exe windows x86

  c4bc84a352ef90a4404145aa97af768d

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvfw32

  DrawDibDraw

  avifil32

  AVIStreamGetFrame

  kernel32

  LCMapStringW

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  DispatchMessageA

  gdi32

  CombineRgn

  winmm

  waveOutGetNumDevs

  winspool.drv

  DocumentPropertiesA

  comdlg32

  ChooseColorA

  advapi32

  RegOpenKeyExA

  shell32

  ShellExecuteA

  ole32

  OleUninitialize

  oleaut32

  RegisterTypeLi

  comctl32

  ord17

  ws2_32

  accept

  Exports

  Exports

  εg#Ր�AoT�ǶQ8`�N�Ux�{el��W�!��p�=�N��L��bv5���%I�[З�ߙv^q�l��9b�5~�̜����+�OIxѤm���K*�"ܮ�Z������X��C�oޅ����9K���D͂N���H�=��٤��K4��5ՠ���My}�{�K! ,��rͽW�E�y�a[4e�]oNx��X�,@u��پ9�� ��6���
  �q��L[W�̷{�رJ ��n�L�a��Fc_��^�R�1�Ep��TY���Z����v���!��ЕqLs�>�.TX���WEϞlJ��>���[��1c��s��gڍ���&՝�Oqk���.;뮡{r�Xo��卐x�A�g�1$�j�]�`����,����Q�i(��W>�q%��o��@ʾ�����+�AE�㕦�kOD�o����8�<n$kU�fC�uk�[��z�<��[5��9��&��`b@rf��1r"c�\�lqU�C���C�h8 u0�@/ߥ6$���F���B�'>0��kV���T s�~¥��=34:�܈����ʣTT��%zJ����������2ɏ8��C_�����͋^����>�
  $N�Ņ��Xԩ^>U�usp���2bch�6���,~i��/(w�rC�V�1���d���<=����
  :F6V��A.=Xq8,���
  Ѩ3�G;VM����'�� �O�#���#$�+}�3��&�CA���l7��n0|y�{c̜uÛ�ۮ:'{��Ѥ�-�dQ|�ֽ!�W��_7(t�b�;�]���/ �R��U?��l�*���c�����f[aPs��c ^l��U���:��vo�ӻc�xyݰB�J��w�"�����E���S}�j�*8�ˑ̪���\�
  �B?�{�+�.�Ď� �kq'�`�'+E��8�q�FJ}�#�W �u1|�78„���o,󠏞�Eu.�.�o��"�x���]5������E]��uiB��K@�'�*������ B��鲖����; ��92�AC'�rA������م�����=Jw��x��B�� ���� ź��9#���*���}T; �@��K"F[ 7�g�3�i^֌�)��6��습l��s`���7G���w��U�)�9��V!�z� ��I�]l٠L|�����B�I���nY*ړ��
  ���5�.C�\7.���:�� �P�p��wqPEl�F3R,��Ϭ�i%�o8�lm�� Bng�V��_�Y͂��VP����!���W�`�Z3x�xH��N�� `��Բ_�&�+pF�1�Jz74�;��9�,��A���|�j ��]�Ѵ[��bjW5[y`='|ER���A�PA;�T]�cL��c}�}�k@����X�Äw���J��(�T�Ԁ�<��E^0�B3№r�db��0D[ҶL�K[]��/�}nxҔ&Wv9��gӑ�ܲ]�*�SX���d��Y�p1��K��o*��}#���/J �I��0���sj�F�*�� �$����e����yɆ ��=;L*���~T�t�;���W�F����'������L��،�SA���;�������|���*ct� 1��X6u�
  u�^L�������`Č8s��9��F+��a��Ϝ-Y�;7{�8.�A�of�:'�5W�ʌ��Ԯ�$�n�+�Ն��+'��NMa�R�C���!�-΀��e���(S�������05�������50C�A���S=,�zh�d��"z���xe! �9qz�Yo��qh�|7Ȋ�w.��S�Gx���.��^}�������&y�PQ[�o��&ޑ^�)��Tq(7e�K F�+��%����M�&#8`?����Ri�A�F)�r���,7�D�Г]�xxV�t�t)~"FR�1�����w���u$~͂����A<x��H���a]p��6[}�B9D�Z�sx�r/T<o�¶�sv׿�jJ �d6���FϤfڨ�҆u�i�TRp`�u��#S�����q������X]`#<����G�)cf4��}�~ ]���H'�Ģ�v�C]��g<//j�PM��ZށJ�չ8P��;o��QAk"�^��Y�9�L���EV��eS(8��hOa����>�*��6)�-f�e�tg�c^A���㏿���������΂�vjXKX�ϔ�Ϩ�[���|���3���x����/�n������w w�.�=��[����]�ܻ/�!fX�!S��"=�+#%��� �GP�51 ��Z�߅��`l���P�H$���S o@E�8BUkKS9E$�6��EЀ.~ݖ7;ÆYנ���=���&�8���@Z�w)i�Hy���x_ �\����1rQ{���(��W�$��t�f�^Ag�Gs�m
  �t:n���AX�ɑZ�J�w��9.g���d�a��}d�!C\p! "��C�,`Ȟ�M�y]�J���x��WVm�T�C$�%�w����E�D|�*��\d��h/M�fϸ��{w�?�,�^��% �{�+���r�ԡ��J�=N3e�"/���Kmti�l� ZÍ����Y߰ȟ�Y#��0�]�o�S�Tm� ���ҡ�m��ò���y�Q�!Zk��/c�s4;�-"N�>�s{7�E��S�dD\{�z���B8X �3Ia@]�� Ir���Za���K�ׇ$u7c����r6l�P��b ��$��aΕ���eq����~�a���5s�P7��W xsJ�5��+1��w��:�����1����ˉ����p��;'�Gs�s�ǮcQ��V�e�����iס� �I�
  ��5�����U��HӮ�t��*��X���x������ô
  +&q�]Y����}����o:\\�G@����Ïa���Xg� &�X�.J�V�3�Ɨ{8�����
  ��窔/����v��Nš�/�G\0$��t����C^����`���j{�#��֑¡zej���D}٫j�౵��ZA��v�D�yt-�R0�2�/X�z)�C�z�[-yJ���/�Ab1H>$L����8>Б��.��k;��4/������R)�49$�����nh+��(=tSk���z/���h|fy����׮�T�HK4m=

  Sections

  .text

  Size: - Virtual size: 575KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 1.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 228KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 825KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 4KB - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 2.7MB - Virtual size: 2.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 360KB - Virtual size: 357KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ