120550fcc0d7eaf24bfdac08615b1bdad4d79ea0fd2bc0dac7048d0beb3b3a7d

Sharing

Copy URL

Twitter E-mail

General

Target

120550fcc0d7eaf24bfdac08615b1bdad4d79ea0fd2bc0dac7048d0beb3b3a7d
Size

2.3MB
MD5

ea39371d7754729d7b3064f072f648e8
SHA1

5da68a9f0a09592b63fe1f20a3179a736f6178b1
SHA256

120550fcc0d7eaf24bfdac08615b1bdad4d79ea0fd2bc0dac7048d0beb3b3a7d
SHA512

b826a10f0f1caa654264805a19022ef368088373d98b5cc66141ddf7bfdc862ba730b9809bf2924be315a2a9ef97e4c9dca2f7416c086885c470453c8584c96b
SSDEEP

49152:/+aAZ3kI52oJayxjR+j2W1xU0h48oyWF9XbICaz0ay7I878+oet6hrt:/+a+3F2oJayFRwTU0hpQ+CawaKIZ/B

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/Interop.ADQX.dll	vmprotect

Files

120550fcc0d7eaf24bfdac08615b1bdad4d79ea0fd2bc0dac7048d0beb3b3a7d
.zip
FastVerCode.dll
.dll windows x86

27e7e1e624350fc9412adeceda4f8d53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2818
ord540
ord858
ord939
ord2915
ord3584
ord543
ord803
ord3922
ord801
ord541
ord941
ord4129
ord2764
ord860
ord690
ord1988
ord5808
ord1074
ord1075
ord1116
ord3229
ord389
ord665
ord1979
ord5186
ord354
ord6663
ord5710
ord5683
ord4278
ord823
ord5442
ord3318
ord6283
ord6282
ord2614
ord4202
ord6662
ord6874
ord5207
ord5440
ord6383
ord5450
ord6394
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord535
ord940
ord825
ord800
ord537
ord1176
ord3663
ord5204

msvcrt

__CxxFrameHandler
_CxxThrowException
_mbscmp
rand
srand
time
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
_onexit
__dllonexit

kernel32

LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
GetComputerNameA
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree

shlwapi

StrToIntA

wininet

InternetSetOptionA

Exports

Exports

GetUserInfo
GetUserInfo_A
RecByte
RecByte_2
RecByte_A
RecByte_A_2
RecYZM
RecYZM_2
RecYZM_A
RecYZM_A_2
Reglz
ReportError

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ICSharpCode.SharpZipLib.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.ADODB.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.ADOX.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.ADQX.dll
.dll windows x86

217705e1e02e6d3b6c634d6849100e28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA

psapi

GetModuleInformation

iphlpapi

GetAdaptersInfo

kernel32

GetVersionExA
GetVersion
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetTopWindow

gdi32

ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegDeleteKeyA

comctl32

ord17

shlwapi

PathFindExtensionA

oleaut32

VariantInit

Exports

Exports

CheckRuntime
EncryptString
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
GetModuleBase
MainDLL
_CorExeMain

Sections

.text
Size: - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Interop.ADQX64.dll
.dll windows x64

68f10cbba5fb9bf38383210562853137

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

EnumProcessModules
GetModuleInformation

iphlpapi

GetAdaptersInfo

kernel32

DeleteCriticalSection
TlsFree
SetErrorMode
WritePrivateProfileStringA
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
FlsSetValue
GetCommandLineA
GetProcessHeap
RaiseException
RtlPcToFileHeader
ExitProcess
LocalReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
FlsGetValue
FlsFree
FlsAlloc
Sleep
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetThreadLocale
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GetSystemTime
ResumeThread
GetCurrentThreadId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenThread
SuspendThread
WriteProcessMemory
VirtualProtectEx
SetFilePointer
ReadFile
GetVersionExA
GetCurrentProcess
SetPriorityClass
CreateFileA
DeviceIoControl
GetCurrentProcessId
OpenProcess
GetModuleFileNameA
CloseHandle
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
TerminateProcess
GetModuleHandleA
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion

user32

DestroyMenu
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
AdjustWindowRectEx
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
GetSystemMetrics
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetTimer
MessageBoxA
CharUpperA
GetWindow

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenEventLogA
ReportEventA
CloseEventLog

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
MainDLL

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.JPO.dll
.dll windows x86

b8a6eae64d86678cb66465e7a223e2b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptImportKey
CryptSetKeyParam
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptDecrypt
CryptAcquireContextA

ole32

CoTaskMemAlloc

kernel32

CreateFileW
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
EncodePointer
HeapAlloc
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
CloseHandle
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetModuleFileNameW
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
IsProcessorFeaturePresent
FlushFileBuffers
HeapReAlloc
LoadLibraryW
WriteConsoleW

Exports

Exports

DataSec
DeDesCBC
DesCBC
DesDeEncry
DesEncry
JS_start
MD5xxx
desInit
jiami

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.JRO.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LZConfig.ini
UUWiseHelper.dll
.dll windows x86

9894069603e9ee2c6b8236a442edd823

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileW
ReadFile
GetFileSize
GetProcAddress
LoadLibraryW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
lstrlenW
GlobalUnlock
GlobalLock
GlobalSize
lstrcatW
lstrcpyW
IsBadReadPtr
InitializeCriticalSection
DeleteCriticalSection
SetFilePointer
WriteFile
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetPrivateProfileIntW
FreeLibrary
DisableThreadLibraryCalls
LocalFree
LocalAlloc
lstrlenA
MultiByteToWideChar
WaitForSingleObject
CreateThread
lstrcpynW
IsBadWritePtr
SetEvent
lstrcpyA
lstrcpynA
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringA
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
GetTickCount
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringW

user32

GetDC
ReleaseDC
wsprintfA
GetWindowDC
wsprintfW

gdi32

CreateCompatibleBitmap
GetObjectW
GetDIBits
CreateCompatibleDC
DeleteObject
SelectObject
BitBlt
DeleteDC

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
CoTaskMemFree

oleaut32

SysFreeString
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SysAllocString
SafeArrayCreateVector
VariantClear

shlwapi

PathRemoveFileSpecW
PathAppendW
StrStrIW

urlmon

FindMimeFromData

gdiplus

GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage

iphlpapi

GetAdaptersInfo

Exports

Exports

gifAddBitmap
gifAddScreen
gifAppendMultiScreen
gifClear
gifClose
gifCreate
gifGetStream2
gifSaveToFileA
gifSaveToFileW
uu_AsyncRecognizeByCodeTypeAndPathA
uu_AsyncRecognizeByCodeTypeAndPathW
uu_CloseAsyncRecognizeHandle
uu_GetAsyncRecognizeResultA
uu_GetAsyncRecognizeResultW
uu_SysCallOneParam
uu_UploadFileA
uu_UploadFileW
uu_UploadScreen
uu_getResultA
uu_getResultW
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_payA
uu_payW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_recognizeByCodeTypeAndUrlA
uu_recognizeByCodeTypeAndUrlW
uu_recognizeGifByCodeTypeA
uu_recognizeGifByCodeTypeW
uu_recognizeScreenByCodeTypeA
uu_recognizeScreenByCodeTypeW
uu_reguserA
uu_reguserW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/account.mdb
data/backup/20140503/account.mdb
dl.dll
img/logo128.ico
irisskin2.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.textxc
Size: 532KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datax
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
luyou/ALCATEL SpeedTouch511e.ini
luyou/ALPHA A8.ini
luyou/ALPHA AFW-GR55 mini.ini
luyou/ALPHA K3.ini
luyou/ALPHA V4.ini
luyou/ALPHA VCE.ini
luyou/ASUS RX3041X.ini
luyou/ASUS WL530g 2.ini
luyou/ASUS WL530g.ini
luyou/AboveCable ACRT2010-11.ini
luyou/Alpha GR50.ini
luyou/Aolynk BR104.ini
luyou/Boc R460.ini
luyou/D-Link DI-504.ini
luyou/D-Link DI-524.ini
luyou/D-Link DI-524M.ini
luyou/D-Link DI-604+.ini
luyou/D-Link DI-604.ini
luyou/D-Link DI-614+.ini
luyou/D-Link DI-624+A.ini
luyou/D-Link DI-624.ini
luyou/D-Link DI-808HV.ini
luyou/D-Link DIR-100.ini
luyou/D-Link DIR-300.ini
luyou/D-Link DIR-600.ini
luyou/D-Link DIR-615 A1 1.10.ini
luyou/D-Link DIR-615.ini
luyou/FAST FR40.ini
luyou/FAST FR402.ini
luyou/HL-RT700.ini
luyou/Hi-Spider Hotel_V3.ini
luyou/HuaWei 3COM BR104.ini
luyou/HuaWei 3COM BR204+.ini
luyou/HuaWei HG520.ini
luyou/HuaWei WBR204G+.ini
luyou/HuaWei WBR204G.ini
luyou/IP-Com 11N.ini
luyou/IP-Com Soho 2.ini
luyou/IP-Com Soho 3.ini
luyou/IP-Com Soho.ini
luyou/IPTime G100R.ini
luyou/IPTime N300R.ini
luyou/KINGNET 3.1.ini
luyou/KINGNET 3.2.ini
luyou/KINGNET KN-S1060.ini
luyou/KINGNET KN-S10602.ini
luyou/KINGNET KN-S1060T.ini
luyou/KINGNET KN-WR710H.ini
luyou/LINKSYS WRT54G.ini
luyou/LINKSYS WRT54GC.ini
luyou/LinkSYS 2.00.20.ini
luyou/LinkSYS BEFSR41.ini
luyou/LinkSYS BEFW11S4.ini
luyou/LinkSYS WRK54G(2).ini
luyou/LinkSYS WRK54G.ini
luyou/Mercury MW54R.ini
luyou/Mercury Soho MR804(2).ini
luyou/Mercury Soho MR804.ini
luyou/Motorola G.ini
luyou/NetCore 2105+NR.ini
luyou/NetCore 2305NR.ini
luyou/NetCore 2505+NR.ini
luyou/NetCore 2805NR.ini
luyou/NetCore 54M2.ini
luyou/NetCore 605GR.ini
luyou/NetCore NR+205.ini
luyou/NetShare R-1200.ini
luyou/NetShare R-1800.ini
luyou/NetShare V1.005.ini
luyou/Netgear WGR614.ini
luyou/SMC SMC7004VBR.ini
luyou/TP-Link 402M.ini
luyou/TP-Link R4148.ini
luyou/TP-Link TD-8810.ini
luyou/TP-Link TD-8820.ini
luyou/TP-Link TL-R402M.ini
luyou/TP-Link TL-R410.ini
luyou/TP-Link TL-R460.ini
luyou/TP-Link TL-R860 860M.ini
luyou/TP-Link TL-R860+.ini
luyou/TP-Link TL-WR340G V5.ini
luyou/TP-Link TL-WR340G.ini
luyou/TP-Link TL-WR641G 642G.ini
luyou/TP-Link TL-WR941N TL-WR942N.ini
luyou/Tenda NAT Router.ini
luyou/Tenda R01-029.ini
luyou/Tenda Soho(2).ini
luyou/Tenda Soho.ini
luyou/Tenda TEI402.ini
luyou/Tenda TEI402M.ini
luyou/Tenda TEI480T+.ini
luyou/Tenda TEI6606.ini
luyou/Tenda TEI6608.ini
luyou/Tenda TEI6608S 2.ini
luyou/Tenda TEI6608S.ini
luyou/Tenda TEI6611S.ini
luyou/Tenda W311R.ini
luyou/Tenda W541R.ini
luyou/UCOM URS-983(2).ini
luyou/UCOM URS-983.ini
luyou/Vigor 2901.ini
luyou/Wealnet R-2804P.ini
luyou/Wealnet R-2808M.ini
qq_post.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setting.ini
skin.ssk
QQȺӪ.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
˵.txt

Sharing

General

Malware Config

Signatures

Files

27e7e1e624350fc9412adeceda4f8d53

Headers

File Characteristics

Imports

netapi32

mfc42

msvcrt

kernel32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 976B

.reloc Size: 4KB - Virtual size: 3KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 184KB - Virtual size: 183KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 88KB - Virtual size: 84KB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 24KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 4KB - Virtual size: 12B

217705e1e02e6d3b6c634d6849100e28

Headers

File Characteristics

Imports

version

psapi

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 179KB

.rdata Size: - Virtual size: 33KB

.data Size: - Virtual size: 49KB

.vmp0 Size: - Virtual size: 922KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 4KB - Virtual size: 228B

.rsrc Size: 8KB - Virtual size: 16KB

68f10cbba5fb9bf38383210562853137

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 184KB - Virtual size: 183KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 88KB - Virtual size: 84KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: - Virtual size: 179KB

.rdata
Size: - Virtual size: 33KB

.data
Size: - Virtual size: 49KB

.vmp0
Size: - Virtual size: 922KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 228B

.rsrc
Size: 8KB - Virtual size: 16KB

.text
Size: 311KB - Virtual size: 310KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 14KB - Virtual size: 47KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB