82340cffd2574a529abea6e3c8cfc06b15fe95fdf9998c121e43dfa178d79652

Sharing

Copy URL

Twitter E-mail

General

Target

82340cffd2574a529abea6e3c8cfc06b15fe95fdf9998c121e43dfa178d79652
Size

1.2MB
MD5

776273961dee2cb7a02380ec1a9a5892
SHA1

43e4b9c3a35ca2ce37c100d6f130e121c5620749
SHA256

82340cffd2574a529abea6e3c8cfc06b15fe95fdf9998c121e43dfa178d79652
SHA512

4e65d24ff83a1e6a11bf542ca471444758c5536feae76000beeecd45f7ae3dd9f0e259a2aedd4d2a9acefae46ca037934e1096c88180e7fae11a089bbeee4edb
SSDEEP

24576:h0PZtfX/e2RXPxF8JZp1H2xWrows4hU590SixZ5SQsxjBnb9PiNxJg3P+:hmHfX5x78JZ7WxWFs4hmIcbBivJg/+

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/QQ空间访客提取器(超级版V2.0).exe	vmprotect

Files

82340cffd2574a529abea6e3c8cfc06b15fe95fdf9998c121e43dfa178d79652
.rar
QQ空间访客提取器(超级版V2.0).exe
.exe windows x86

2de939b60bc6a3cc18f5b59f87d5dc94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutRestart
waveOutOpen
waveOutUnprepareHeader
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader

ws2_32

recv
connect
getpeername
accept
ntohs
ntohl
ioctlsocket
recvfrom
socket
htons
inet_addr
WSAAsyncSelect
closesocket
send
select
WSACleanup
WSAStartup
gethostbyname
inet_ntoa

rasapi32

RasGetConnectStatusA
RasHangUpA

kernel32

CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
lstrlenW
lstrlenA
LoadLibraryA
FreeLibrary
GetUserDefaultLCID
HeapAlloc
CreateEventA
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
SetEvent
DeviceIoControl
CreateFileA
WaitForMultipleObjects
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
lstrcmpiA
GetVersion
FlushInstructionCache
GetCurrentProcess
GetWindowsDirectoryA
LoadLibraryExA
GetSystemDirectoryA
SetLastError
GetTimeZoneInformation
TerminateThread
GetTempFileNameA
CreateMutexA
ReleaseMutex
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
Beep
SuspendThread
Sleep
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
DeleteFileA
CopyFileA
SetCurrentDirectoryA
GetModuleHandleA
GetProcAddress
MulDiv
GetTickCount
WaitForSingleObject
CloseHandle
LocalFree
GetProcessHeap
GetStartupInfoA
LocalAlloc
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
SetRect
InflateRect
SetScrollPos
GetScrollRange
SetCapture
GetCapture
InvertRect
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
CreateIconIndirect
GetIconInfo
CopyIcon
GetDoubleClickTime
GetCursor
ClipCursor
FindWindowExA
GrayStringA
TabbedTextOutA
WindowFromDC
GetDesktopWindow
IsMenu
GetMenuItemID
GetMenuItemRect
DrawMenuBar
RemovePropA
GetPropA
SetPropA
GetMenuItemInfoA
GetMenuItemCount
GetWindowTextA
FrameRect
GetSysColorBrush
GetWindowDC
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
CallWindowProcA
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DefWindowProcA
GetClassInfoA
DeleteMenu
GetSystemMenu
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
LoadImageA
EnumDisplaySettingsA
ClientToScreen
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
DrawFocusRect
DrawEdge
DrawFrameControl
WindowFromPoint
TranslateMessage
SystemParametersInfoA
DrawTextA
SetWindowsHookExA
UnhookWindowsHookEx
EnumThreadWindows
GetWindowTextLengthA
GetClassNameA
EnumChildWindows
CallNextHookEx
MessageBoxA

gdi32

GetDeviceCaps
OffsetRgn
FrameRgn
SetBrushOrgEx
CreateFontA
AbortDoc
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
GetTextMetricsA
CreateEllipticRgnIndirect
SetTextColor
MoveToEx
LineTo
SetBkMode
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetPixel
ExtCreateRegion
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
Arc
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
SetPixelV
CreateCompatibleDC
GetPixel
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
CombineRgn
CreateRectRgn
FillRgn
PatBlt
CreatePen
SelectObject
CreatePatternBrush
CreateBitmap
GetTextExtentPoint32A

msimg32

TransparentBlt
AlphaBlend
GradientFill

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegOpenKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyA
RegQueryValueA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleUninitialize
CoCreateInstance
OleRun
OleInitialize
CLSIDFromString

oleaut32

VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi
SysFreeString

mfc42

ord6282
ord2527
ord4202
ord1247
ord763
ord4083
ord1862
ord1871
ord6928
ord4000
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2567
ord3920
ord2380
ord3652
ord3508
ord2603
ord5775
ord6012
ord5445
ord4179
ord6314
ord960
ord2805
ord1989
ord2918
ord1581
ord5467
ord4222
ord2830
ord3887
ord2107
ord2841
ord3301
ord3910
ord4243
ord693
ord3640
ord3370
ord4402
ord2582
ord2100
ord6696
ord4269
ord3914
ord2096
ord6905
ord6907
ord6007
ord3286
ord3302
ord3287
ord2754
ord2753
ord5791
ord293
ord2513
ord2122
ord1088
ord556
ord809
ord2089
ord2645
ord2814
ord5216
ord1795
ord2866
ord545
ord5603
ord3848
ord1229
ord5769
ord5786
ord472
ord6021
ord6130
ord6129
ord3756
ord3754
ord2061
ord2713
ord5873
ord5782
ord3692
ord536
ord4224
ord2450
ord483
ord4160
ord5821
ord3662
ord812
ord414
ord559
ord713
ord2809
ord2970
ord2393
ord6144
ord5053
ord1706
ord430
ord6311
ord4277
ord4171
ord404
ord3216
ord4042
ord2504
ord5903
ord5510
ord1652
ord429
ord3752
ord6128
ord2634
ord6141
ord2233
ord4045
ord3067
ord4333
ord3337
ord2820
ord3811
ord2652
ord1669
ord6379
ord4544
ord3274
ord3579
ord439
ord736
ord5685
ord4226
ord325
ord4476
ord5768
ord6778
ord6241
ord3876
ord6663
ord2370
ord6334
ord2362
ord2294
ord2688
ord3005
ord2135
ord1134
ord539
ord465
ord466
ord2241
ord1238
ord1601
ord6877
ord353
ord610
ord6289
ord6139
ord968
ord3470
ord3721
ord4853
ord4710
ord3092
ord4234
ord2302
ord324
ord3597
ord4425
ord5280
ord1775
ord6052
ord4998
ord4376
ord5265
ord6418
ord6222
ord455
ord287
ord1158
ord3755
ord1920
ord4204
ord5856
ord269
ord600
ord1578
ord1243
ord3318
ord2763
ord341
ord654
ord6140
ord5858
ord6194
ord2827
ord836
ord2818
ord6394
ord5450
ord859
ord940
ord2764
ord1110
ord1949
ord6389
ord2863
ord1232
ord1270
ord6467
ord6423
ord6142
ord3089
ord1175
ord4698
ord1651
ord2463
ord2867
ord2725
ord561
ord500
ord815
ord772
ord3738
ord4622
ord5714
ord5307
ord4079
ord5302
ord825
ord800
ord941
ord540
ord537
ord6779
ord6648
ord5933
ord3758
ord3408
ord3227
ord3054
ord3425
ord3880
ord932
ord3055
ord936
ord920
ord928
ord919
ord5934
ord3056
ord3810
ord1567
ord665
ord1979
ord6385
ord5186
ord354
ord268
ord823
ord403
ord613
ord289
ord858
ord4129
ord2614
ord860
ord641
ord2514
ord926
ord2864
ord5981
ord4299
ord6880
ord3797
ord535
ord3317
ord3803
ord5890
ord2937
ord3663
ord3626
ord640
ord2414
ord2557
ord283
ord4200
ord2860
ord4133
ord4297
ord5785
ord1640
ord323
ord2859
ord2405
ord2915
ord6199
ord3499
ord2515
ord355
ord3078
ord3517
ord1168
ord482
ord3874
ord939
ord1574
ord1099
ord5861
ord5608
ord3452
ord5710
ord6283
ord805
ord3030
ord801
ord541
ord2917
ord2803
ord958
ord6312
ord4177
ord1576
ord6010
ord5773
ord2601
ord3180
ord3183
ord3176
ord3507
ord3614
ord824
ord826
ord1155
ord2801
ord1259
ord5440
ord2740
ord6383
ord5442
ord786
ord603
ord2461
ord1969
ord273
ord519
ord703
ord1643
ord4284
ord4287
ord686
ord6615
ord2408
ord5443
ord384
ord1641
ord5572
ord2642
ord1137
ord6197
ord2152
ord5794
ord5789
ord4278
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3719
ord567
ord793
ord4275
ord3547
ord4123
ord3402
ord3610
ord3619
ord3573
ord656
ord2379
ord816
ord2714
ord562
ord6605
ord6453
ord6215
ord6143
ord1233
ord2454
ord4267
ord1176
ord5799
ord755
ord2971
ord470
ord3742
ord818
ord3706
ord6172
ord5875
ord5781
ord3693
ord5788
ord5787
ord2575
ord4396
ord3574
ord609
ord3698
ord765
ord6919
ord6910
ord6613
ord6766
ord6741
ord6508
ord2080
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord4271
ord2862
ord922
ord924
ord3303
ord4125
ord6008
ord3290
ord3297
ord2078
ord1146
ord3019
ord2516
ord361
ord3571
ord4225
ord4758
ord4734
ord4754
ord2452
ord6086
ord6157
ord6119
ord795
ord1200
ord6581
ord4274

msvcrt

_mbscmp
isspace
isdigit
atoi
atof
__CxxFrameHandler
rand
getenv
srand
_ftol
strncmp
_CIfmod
modf
_CIpow
_setmbcp
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_memicmp
_errno
atol
_CxxThrowException
??0exception@@QAE@ABV0@@Z
strtoul
time
_stricmp
_except_handler3
sprintf
fopen
fseek
ftell
fread
fclose
realloc
sscanf
longjmp
_setjmp3
_purecall
strtok
ldiv
_mbsrchr
strrchr
_mbsstr
strstr
strchr
malloc
free
strncpy
_mbsnbcmp
_atoi64
_i64toa
memmove
_mbsicmp

comctl32

_TrackMouseEvent
ImageList_GetIcon
ImageList_AddMasked
ImageList_Draw
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_GetImageInfo

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Sections

.text
Size: - Virtual size: 995KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
客服联系方式.txt
杀毒软件报毒解决方法.txt

Sharing

General

Malware Config

Signatures

Files

2de939b60bc6a3cc18f5b59f87d5dc94

Headers

File Characteristics

Imports

wininet

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

mfc42

msvcrt

comctl32

msvcp60

Sections

.text Size: - Virtual size: 995KB

.rdata Size: - Virtual size: 2.9MB

.data Size: - Virtual size: 619KB

.rsrc Size: 72KB - Virtual size: 94KB

.vmp0 Size: - Virtual size: 16KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 116B

.text
Size: - Virtual size: 995KB

.rdata
Size: - Virtual size: 2.9MB

.data
Size: - Virtual size: 619KB

.rsrc
Size: 72KB - Virtual size: 94KB

.vmp0
Size: - Virtual size: 16KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 116B