gh0strat | f98858b9eb0141aaa48b49a15a299dcd2ad36426c7c3bbd123f0643d033de29f

Resubmissions

05/03/2023, 00:40

230305-a1eyfsef7t 10

27/11/2022, 22:15

221127-15979scf89 10

Sharing

Copy URL Twitter E-mail

General

Target

f98858b9eb0141aaa48b49a15a299dcd2ad36426c7c3bbd123f0643d033de29f
Size

5.4MB
MD5

97c5c09f03199ab548584ab00e5cadc0
SHA1

fcefcb51c3cf2b6880b39208c2d3c3afbd556522
SHA256

f98858b9eb0141aaa48b49a15a299dcd2ad36426c7c3bbd123f0643d033de29f
SHA512

f7d0d7601d3197e5c308b220f51527e3a3acf963694e32eadf9fc7037e91c87099f2bbb00750f2bd7a651cef46f5227961ba7b134da2679b87f87e74b0cb3a08
SSDEEP

98304:9z7jWvcTRk0otQcEV37nq/JDf2cF2FaZg5QuexPPva/QL13g:9z+vy2gcEVLsudFMpxPPrS

Score

10^/10

upx gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/Bin/Cache/Install.dat	family_gh0strat

Gh0strat family
gh0strat

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Bin/SkinH.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Bin/SkinH.dll	upx
static1/unpack001/Bin/upx.exe	upx

Files

f98858b9eb0141aaa48b49a15a299dcd2ad36426c7c3bbd123f0643d033de29f
.zip
Bin/Cache/Install.dat
.exe windows x86

f26918d860f792248e5624b4acf86e83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
TerminateThread
WinExec
OutputDebugStringA
GetModuleFileNameA
LocalSize
MultiByteToWideChar
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
GetTickCount
ExitProcess
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
CreateThread
SetFileAttributesA
MoveFileExA
DefineDosDeviceA
GetCurrentProcess
Process32Next
Process32First
lstrcmpiA
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
LoadLibraryA
GetProcAddress
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrcatA
CreateProcessA
lstrlenA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
CancelIo
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
Sleep
CopyFileA

user32

CharNextA
SetProcessWindowStation
EnumWindows
wsprintfA
OpenDesktopA
GetUserObjectInformationA
OpenWindowStationA
GetProcessWindowStation
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
CloseDesktop
SetThreadDesktop
OpenInputDesktop

advapi32

RegEnumValueA
OpenProcessToken
OpenEventLogA
ClearEventLogA
CloseEventLog
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
OpenServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
AdjustTokenPrivileges
LookupPrivilegeValueA
StartServiceCtrlDispatcherA
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
RegEnumKeyExA

shell32

ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderPathA

msvcrt

_strnicmp
_controlfp
_strcmpi
__set_app_type
__p__fmode
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
memmove
ceil
_ftol
strstr
??2@YAPAXI@Z
free
malloc
_except_handler3
strrchr
strncpy
exit
strncat
strchr
sprintf
mbstowcs
wcslen
wcstombs
atoi
wcscpy
realloc
rand
strncmp
_beginthreadex
calloc
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode

ws2_32

closesocket
recv
ntohs
socket
gethostbyname
select
send
gethostname
getsockname
htons
connect
setsockopt
WSAStartup
WSACleanup
WSAIoctl

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

netapi32

NetUserDel
NetUserSetInfo
NetUserGetLocalGroups
NetApiBufferFree
NetUserGetInfo
NetUserEnum
NetLocalGroupAddMembers
NetUserAdd

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

psapi

GetModuleFileNameExA
EnumProcessModules

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/Cache/Q.map
Bin/Control/mstsc.exe
.exe windows x86

25eca8b18ca9be457cf5115590166568

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
GetUserNameA

kernel32

FlushFileBuffers
ExitProcess
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
InterlockedExchange
RtlUnwind
IsBadWritePtr
HeapReAlloc
InitializeCriticalSection
GetCPInfo
GetOEMCP
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
Sleep
LCMapStringW
LCMapStringA
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
lstrcpynA
GetVersionExW
GetModuleFileNameA
GetStdHandle
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
ReadFile
WriteFile
WideCharToMultiByte
SetLastError
GetACP
CreateThread
SetEvent
LocalAlloc
lstrlenA
LoadResource
LockResource
LocalFree
CloseHandle
GetLastError
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetStartupInfoA
DebugBreak
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetProcAddress
GetVersionExA
GetModuleHandleA
GetModuleHandleW
DeviceIoControl
lstrlenW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
WaitForSingleObject
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindResourceA
FindResourceW
FormatMessageA
FormatMessageW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
LoadLibraryW

gdi32

CreateFontIndirectA
CreateFontIndirectW
GetObjectA
GetObjectW
GetDIBColorTable
UpdateColors
StretchBlt
CreatePalette
CreateCompatibleBitmap
CreateSolidBrush
SetTextColor
SetBkMode
SetMapMode
SelectPalette
RealizePalette
TranslateCharsetInfo
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
SetRectRgn
GetDCOrgEx
GetClipBox
CombineRgn
EqualRgn
GetStockObject

user32

IsDlgButtonChecked
BeginPaint
DrawIcon
EndPaint
EndDialog
MapWindowPoints
GetDesktopWindow
GetDC
ReleaseDC
GetDlgItem
SetRect
InvalidateRect
UpdateWindow
LockWindowUpdate
SetFocus
SetWindowPlacement
SetWindowPos
GetClientRect
MoveWindow
EqualRect
CopyRect
EnableWindow
IsWindowVisible
EnableMenuItem
ShowWindow
SetForegroundWindow
AdjustWindowRect
IsZoomed
SetCursor
GetSystemMenu
CreateMenu
IsWindow
PostQuitMessage
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetDlgItemTextA
GetDlgItemTextW
GetMessageA
GetMessageW
MessageBoxA
MessageBoxW
GetWindowLongA
GetWindowLongW
InsertMenuA
InsertMenuW
IsDialogMessageA
CheckDlgButton
LoadAcceleratorsA
LoadAcceleratorsW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadStringW
ModifyMenuA
ModifyMenuW
PostMessageA
PostMessageW
SendMessageTimeoutA
SendMessageA
SendMessageW
SetDlgItemTextA
SetDlgItemTextW
SetWindowLongA
SetWindowLongW
SetWindowTextA
SetWindowTextW
TranslateAcceleratorA
TranslateAcceleratorW
RegisterClassExA
RegisterClassExW
SendDlgItemMessageW
DestroyIcon
SetTimer
KillTimer
DestroyWindow
GetSystemMetrics
GetWindowRect
FillRect
GetWindow
MapDialogRect
GetWindowDC
TranslateMessage
IsDialogMessageW

shell32

ShellExecuteW
ExtractIconA
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ExtractIconW
ShellExecuteA

ole32

CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

SysFreeString

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_GetImageCount
ImageList_ReplaceIcon

wsock32

inet_addr
gethostbyaddr
gethostbyname

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameW

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/Control/mstscax.dll
.dll regsvr32 windows x86

ae2dc42a8a16adb699e614525e0040d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalMemoryStatus
GetLocalTime
lstrcatA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
HeapSize
InterlockedExchange
RtlUnwind
IsBadWritePtr
WriteFile
VirtualFree
HeapCreate
GetSystemDefaultLangID
SetEvent
DuplicateHandle
LockResource
GetVersion
LoadLibraryW
GetModuleHandleW
FreeResource
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
IsBadReadPtr
SetFilePointer
ReadFile
GlobalFree
GlobalHandle
MulDiv
Beep
GetEnvironmentStringsW
lstrcmpA
GetSystemTime
GetExitCodeThread
WaitForMultipleObjects
ReleaseSemaphore
GlobalSize
ResetEvent
CreateDirectoryA
DeleteFileA
GetTempFileNameA
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathA
QueryDosDeviceW
FindNextChangeNotification
FindCloseChangeNotification
GetFileInformationByHandle
SetFileTime
SetEndOfFile
LockFileEx
LockFile
UnlockFile
FreeLibraryAndExitThread
ResumeThread
CreateThread
GetComputerNameA
DebugBreak
WaitForMultipleObjectsEx
EscapeCommFunction
SetCommState
GetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
SetupComm
SetCommMask
PurgeComm
GetCommTimeouts
GetCommMask
GetCommModemStatus
ClearCommError
GetCommProperties
GetCommConfig
SetErrorMode
DeviceIoControl
GetOverlappedResult
FlushFileBuffers
FindClose
CompareFileTime
SystemTimeToFileTime
GetSystemDefaultLCID
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
FindResourceA
FindResourceW
lstrcmpiA
lstrcmpiW
FormatMessageA
FormatMessageW
GetFileAttributesA
GetSystemDirectoryA
GetSystemDirectoryW
SetFileAttributesA
SetFileAttributesW
FindNextFileA
FindNextFileW
GetFullPathNameA
GetFullPathNameW
GetProfileStringA
GetProfileStringW
LoadLibraryExA
LoadLibraryExW
MoveFileA
MoveFileW
OutputDebugStringW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexA
CreateMutexW
CreateSemaphoreA
CreateSemaphoreW
lstrcpyA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
GetVolumeInformationA
GetVolumeInformationW
GetComputerNameW
GetVersionExW
GetDefaultCommConfigA
GetDefaultCommConfigW
lstrcpynA
ExitThread
IsBadCodePtr
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
Sleep
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
ExitProcess
HeapReAlloc
GetModuleHandleA
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetLastError
GetTickCount
QueryPerformanceCounter
RaiseException
SetLastError
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
LoadResource
SizeofResource
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
HeapDestroy
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
CloseHandle
EnterCriticalSection
LeaveCriticalSection
LocalFree
lstrlenA
LocalAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
lstrlenW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyA
GetSecurityDescriptorLength
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
GetUserNameA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
SetFileSecurityW
SetFileSecurityA
GetFileSecurityW
GetFileSecurityA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA

user32

CreateIconIndirect
MsgWaitForMultipleObjects
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumClipboardFormats
CountClipboardFormats
SetClipboardViewer
ChangeClipboardChain
GetClipboardData
CallWindowProcA
CallWindowProcW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetClassInfoA
GetClassInfoW
GetClipboardFormatNameA
GetClipboardFormatNameW
GetMessageA
GetMessageW
MessageBoxA
MessageBoxW
GetWindowLongA
GetWindowLongW
GetWindowTextA
GetWindowTextW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
SetCapture
SendMessageTimeoutA
UnhookWindowsHookEx
SendMessageW
SetDlgItemTextA
SetDlgItemTextW
SetWindowLongA
SetWindowLongW
SetWindowsHookExA
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
UnregisterClassA
UnregisterClassW
wvsprintfA
wvsprintfW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
MapVirtualKeyA
MapVirtualKeyW
SendDlgItemMessageW
GetKeyboardType
IsWindowVisible
GetSysColor
GetCursorPos
SetScrollPos
LockWindowUpdate
ShowScrollBar
SetScrollInfo
AdjustWindowRect
SystemParametersInfoA
IsIconic
DestroyIcon
MapWindowPoints
DefDlgProcW
GetWindowPlacement
GetSystemMetrics
GetDesktopWindow
GetWindowRect
EnableWindow
SetParent
GetSystemMenu
EnableMenuItem
SetWindowPlacement
CloseWindow
FlashWindow
MessageBeep
GetForegroundWindow
GetAsyncKeyState
CallNextHookEx
GetWindowThreadProcessId
AttachThreadInput
CreateCursor
DestroyCursor
GetWindowDC
CopyRect
LoadStringA
SetRect
GetKeyboardLayout
DestroyWindow
TranslateMessage
SetFocus
GetClientRect
UpdateWindow
InvalidateRect
IsWindow
MoveWindow
ShowWindow
IsChild
GetFocus
DestroyAcceleratorTable
GetMessageExtraInfo
SendMessageA
ReleaseCapture
BringWindowToTop
InflateRect
GetSysColorBrush
FillRect
GetKeyboardState
ScreenToClient
ClientToScreen
SetCursorPos
keybd_event
SetCursor
RegisterClipboardFormatW
ActivateKeyboardLayout
GetParent
GetDlgItem
BeginPaint
EndPaint
GetKeyState
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
GetDC
ReleaseDC
SetTimer
KillTimer
EndDialog
wsprintfA

gdi32

LineTo
CreateCompatibleBitmap
CreateCompatibleDC
StretchDIBits
PatBlt
CreateSolidBrush
SetTextColor
SetBkMode
SetBkColor
CreatePolygonRgn
GetRgnBox
CombineRgn
StretchBlt
RealizePalette
SelectPalette
GetMapMode
SetRectRgn
DPtoLP
CreateBrushIndirect
MoveToEx
GetCurrentObject
SetDIBitsToDevice
CreatePalette
SetDIBColorTable
CreateDIBPatternBrushPt
CreatePatternBrush
SetBitmapBits
SetTextAlign
GetTextAlign
SetROP2
CreateDIBSection
CreateDIBitmap
GetBitmapBits
GdiFlush
GetPaletteEntries
DeleteObject
Polyline
Polygon
SetPolyFillMode
GetNearestPaletteIndex
CreatePen
UpdateColors
BitBlt
SetBrushOrgEx
SetStretchBltMode
SelectClipRgn
CreateBitmap
CreateRectRgn
CreateDCW
CreateDCA
GetTextExtentPointW
GetTextExtentPointA
CreateMetaFileW
CreateMetaFileA
SelectObject
GetStockObject
Rectangle
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
GetObjectW
GetObjectA
CreateFontIndirectW
CreateFontIndirectA
GetDIBits
SetMetaFileBitsEx
PlayMetaFile
GetMetaFileBitsEx
GetDIBColorTable
GetNearestColor
Ellipse

winspool.drv

GetPrinterW
EndDocPrinter
EnumPrintersW
EnumPrintersA
GetPrinterDriverW
GetPrinterDriverA
GetPrinterDataW
GetPrinterDataA
StartDocPrinterW
StartDocPrinterA
OpenPrinterW
OpenPrinterA
SetPrinterW
GetPrinterA
StartPagePrinter
WritePrinter
GetJobW
SetJobW
GetJobA
SetJobA
EndPagePrinter
ClosePrinter

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream
CoGetMalloc
OleSetClipboard
OleIsCurrentClipboard
OleUninitialize
OleInitialize
OleRegEnumVerbs

oleaut32

SysAllocString
OleCreatePropertyFrame
VariantChangeType
VarUI4FromStr
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString

crypt32

CryptDecodeObject
CertFindExtension
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateContext
CertCompareCertificate

winmm

waveOutSetVolume
waveOutGetVolume
waveOutOpen
waveOutClose
waveOutReset
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutGetPitch

wsock32

recvfrom
bind
WSAStartup
send
closesocket
socket
htons
connect
WSAAsyncSelect
WSACleanup
setsockopt
gethostbyname
gethostname
WSACancelAsyncRequest
WSAAsyncGetHostByName
ioctlsocket
shutdown
getsockname
inet_addr
recv
WSAGetLastError
sendto

shell32

ExtractIconW
ExtractIconA
SHFileOperationA
ord100

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 551KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Control/users.dat
Bin/QQWry.Dat
Bin/SkinH.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Bin/upx.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 258KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Bin/2.3.exe
.exe windows x86

a4fce784c9834c725ce68b6da991895b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapDestroy
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetEnvironmentVariableA
GetProfileStringA
HeapReAlloc
HeapSize
TerminateProcess
GetACP
GetTimeZoneInformation
RaiseException
ExitProcess
GetCommandLineA
GetStartupInfoA
ExitThread
HeapFree
HeapAlloc
RtlUnwind
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
GlobalAlloc
GetCurrentThread
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
FormatMessageA
GlobalFree
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
MultiByteToWideChar
WideCharToMultiByte
GlobalLock
GlobalUnlock
MulDiv
SetLastError
LockResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetCurrentDirectoryA
lstrcmpiA
GetVersion
GetVersionExA
FreeLibrary
LocalSize
DeleteCriticalSection
CancelIo
InterlockedExchange
SetEvent
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
EnterCriticalSection
PostQueuedCompletionStatus
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSection
CreateEventA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
FindResourceA
LoadResource
SizeofResource
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
lstrcpyA
CreateDirectoryA
GetLastError
MoveFileA
RemoveDirectoryA
Sleep
FindFirstFileA
FindNextFileA
FindClose
lstrcpynA
LocalAlloc
LocalFree
GetLogicalDriveStringsA
lstrlenA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetModuleFileNameA
lstrcatA
CopyFileA
SetFilePointer
GetFileAttributesA
DeleteFileA
CreateFileA
WriteFile
GetFileSize
ReadFile
GetTickCount
CreateThread
CloseHandle
VirtualAlloc
GetDriveTypeA
VirtualFree

user32

SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
SetActiveWindow
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetDlgItem
GetWindowTextLengthA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
IntersectRect
IsIconic
GetWindowPlacement
FindWindowExA
GetClassNameA
GetWindowTextA
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
IsWindow
LoadBitmapA
FindWindowA
SetForegroundWindow
MessageBeep
LoadIconA
GetSystemMetrics
DrawEdge
GetDesktopWindow
CharNextA
DeleteMenu
GetMenuItemCount
EnableMenuItem
GetCursorPos
GetFocus
MessageBoxA
GetDlgCtrlID
SetWindowPos
IsWindowVisible
ScreenToClient
GetWindow
TranslateMessage
GetMessageA
DispatchMessageA
CopyIcon
PtInRect
KillTimer
GetKeyState
ReleaseCapture
SetCapture
SetTimer
SetRect
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
DestroyMenu
SetRectEmpty
DrawFrameControl
GetCursor
GetClassInfoA
DefWindowProcA
LoadCursorA
wsprintfA
EnableWindow
LoadMenuA
GetDC
ReleaseDC
IsDialogMessageA
SetWindowTextA
PostThreadMessageA
SetParent
GetSysColor
FillRect
OffsetRect
GetClientRect
CopyRect
InflateRect
DrawFocusRect
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
ClientToScreen
WindowFromPoint
DestroyCursor
DestroyIcon
GetWindowLongA
SendMessageA
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
GetActiveWindow
RegisterClipboardFormatA
LockWindowUpdate
GetDCEx
GetNextDlgGroupItem
CopyAcceleratorTableA
GetSysColorBrush
UnionRect
IsRectEmpty
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetMenu
TranslateAcceleratorA
LoadAcceleratorsA
MapDialogRect
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
PostQuitMessage
IsZoomed
wvsprintfA
EndDialog
CreateDialogIndirectParamA
CharUpperA
LoadStringA
UpdateWindow
MoveWindow
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
IsWindowEnabled
SystemParametersInfoA
ShowWindow
GrayStringA

gdi32

SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
CreateRectRgn
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
ScaleViewportExtEx
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
PatBlt
SetRectRgn
CombineRgn
CreateRectRgnIndirect
DPtoLP
GetTextExtentPoint32A
GetTextMetricsA
StretchDIBits
GetTextColor
GetBkColor
LPtoDP
CreatePen
CreateSolidBrush
StretchBlt
PtInRegion
CreateFontIndirectA
Rectangle
PlgBlt
FillRgn
CreatePolygonRgn
GetObjectA
GetPixel
CreateBitmap
SelectObject
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
PtVisible
GetClipBox
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
CreateDIBitmap
GetTextExtentPointA
DeleteObject

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteValueA
RegCloseKey
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
RegSetValueA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

shell32

DragQueryFileA
SHGetFileInfoA
ord71
ShellExecuteA
Shell_NotifyIconA
ExtractIconA
ShellExecuteExA
DragFinish

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_ReplaceIcon
_TrackMouseEvent

oledlg

ord8

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject

olepro32

ord253

oleaut32

SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysAllocStringByteLen
SysStringLen

skinh

SkinH_AttachRes
SkinH_Attach
SkinH_AdjustHSV

shlwapi

SHAutoComplete

ws2_32

WSACloseEvent
WSASend
WSARecv
accept
WSAGetLastError
setsockopt
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAEventSelect
bind
listen
getpeername
WSAStartup
socket
ioctlsocket
htons
connect
inet_ntoa
gethostbyname
gethostname
WSACleanup
closesocket
select

pdh

PdhCollectQueryData
PdhGetFormattedCounterValue
PdhAddCounterA
PdhCloseQuery
PdhOpenQueryA

winmm

PlaySoundA

Sections

.text
Size: 348KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f26918d860f792248e5624b4acf86e83

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

ws2_32

msvcp60

netapi32

wininet

psapi

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 12KB - Virtual size: 11KB

25eca8b18ca9be457cf5115590166568

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

shell32

ole32

oleaut32

comctl32

wsock32

comdlg32

Sections

.text Size: 160KB - Virtual size: 159KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 224KB - Virtual size: 224KB

ae2dc42a8a16adb699e614525e0040d8

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

winspool.drv

ole32

oleaut32

crypt32

winmm

wsock32

shell32

Exports

Exports

Sections

.text Size: 551KB - Virtual size: 550KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 146KB - Virtual size: 145KB

.reloc Size: 27KB - Virtual size: 26KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 148KB

UPX1 Size: 81KB - Virtual size: 84KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.0MB

UPX1 Size: 258KB - Virtual size: 260KB

.rsrc Size: 1KB - Virtual size: 4KB

a4fce784c9834c725ce68b6da991895b

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 160KB - Virtual size: 159KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 224KB - Virtual size: 224KB

.text
Size: 551KB - Virtual size: 550KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 146KB - Virtual size: 145KB

.reloc
Size: 27KB - Virtual size: 26KB

UPX0
Size: - Virtual size: 148KB

UPX1
Size: 81KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.0MB

UPX1
Size: 258KB - Virtual size: 260KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 348KB - Virtual size: 346KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 28KB - Virtual size: 43KB

.rsrc
Size: 128KB - Virtual size: 124KB