General

Malware Config

Signatures

Files

• 7bbc2d8e8cc90974c6c8a8cd7e5caaa7690e23c7072d63bb10647a65d9b033f7

  .zip
• սVip/QQTNװ˵.txt
• սVip/QQ.url

  .url
• սVip/ͼ/עͼ.jpg

  .jpg
• սVip/ͼ/ֵͼ.jpg

  .jpg
• սVip/ͼ/ܽͼ.jpg

  .jpg
• սVip/ͼ/ͼ.jpg

  .jpg
• սVip/սVip.exe

  .exe windows x86

  c2486f6b98f0c804485c58f56ce71b75

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  SetFilePointer

  GetCurrentProcess

  DuplicateHandle

  lstrcpynA

  SetLastError

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  LocalFree

  MultiByteToWideChar

  WideCharToMultiByte

  InterlockedDecrement

  CreateSemaphoreA

  SetStdHandle

  IsBadCodePtr

  IsBadReadPtr

  CompareStringW

  CompareStringA

  SetUnhandledExceptionFilter

  GetStringTypeW

  GetStringTypeA

  IsBadWritePtr

  VirtualAlloc

  LCMapStringW

  LCMapStringA

  SetEnvironmentVariableA

  VirtualFree

  HeapCreate

  HeapDestroy

  GetEnvironmentVariableA

  GetFileType

  GetStdHandle

  SetHandleCount

  GetEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  UnhandledExceptionFilter

  GetACP

  HeapSize

  ResumeThread

  ReleaseSemaphore

  EnterCriticalSection

  LeaveCriticalSection

  GetProfileStringA

  WriteFile

  ReadFile

  GetLastError

  WaitForMultipleObjects

  CreateFileA

  SetEvent

  FindResourceA

  LoadResource

  LockResource

  GetModuleFileNameA

  GetCurrentThreadId

  ExitProcess

  GlobalSize

  GlobalFree

  DeleteCriticalSection

  InitializeCriticalSection

  lstrcatA

  WinExec

  lstrcpyA

  FindNextFileA

  GlobalReAlloc

  HeapFree

  HeapReAlloc

  GetProcessHeap

  HeapAlloc

  GetUserDefaultLCID

  GetFullPathNameA

  FreeLibrary

  LoadLibraryA

  lstrlenA

  lstrlenW

  GetVersionExA

  WritePrivateProfileStringA

  CreateThread

  CreateEventA

  Sleep

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  FindFirstFileA

  FindClose

  TerminateProcess

  GetLocalTime

  GetSystemTime

  GetTimeZoneInformation

  RaiseException

  RtlUnwind

  GetStartupInfoA

  GetOEMCP

  GetCPInfo

  GetProcessVersion

  SetErrorMode

  GlobalFlags

  GetCurrentThread

  GetFileTime

  GetFileSize

  TlsGetValue

  LocalReAlloc

  TlsSetValue

  TlsFree

  GlobalHandle

  GetFileAttributesA

  SetCurrentDirectoryA

  GetVolumeInformationA

  TlsAlloc

  LocalAlloc

  lstrcmpA

  GetVersion

  GlobalGetAtomNameA

  GlobalAddAtomA

  GlobalFindAtomA

  GlobalDeleteAtom

  lstrcmpiA

  GetModuleHandleA

  GetProcAddress

  MulDiv

  GetCommandLineA

  GetTickCount

  WaitForSingleObject

  CloseHandle

  InterlockedIncrement

  LoadLibraryA

  VirtualProtect

  GetModuleFileNameA

  ExitProcess

  user32

  OpenClipboard

  SetClipboardData

  EmptyClipboard

  GetSystemMetrics

  GetCursorPos

  MessageBoxA

  SetWindowPos

  SendMessageA

  DestroyCursor

  SetParent

  GetClipboardData

  PostMessageA

  GetTopWindow

  GetParent

  GetFocus

  GetClientRect

  InvalidateRect

  ValidateRect

  UpdateWindow

  CloseClipboard

  wsprintfA

  EqualRect

  GetWindowRect

  SetForegroundWindow

  IsWindow

  DestroyMenu

  IsChild

  ReleaseDC

  IsRectEmpty

  FillRect

  GetDC

  SetCursor

  LoadCursorA

  SetCursorPos

  SetActiveWindow

  GetSysColor

  SetWindowLongA

  GetWindowLongA

  RedrawWindow

  EnableWindow

  IsWindowVisible

  OffsetRect

  PtInRect

  DestroyIcon

  IntersectRect

  SetRect

  InflateRect

  SetScrollPos

  SetScrollRange

  GetScrollRange

  SetCapture

  SystemParametersInfoA

  TranslateMessage

  LoadIconA

  DrawFrameControl

  DrawEdge

  DrawFocusRect

  WindowFromPoint

  GetMessageA

  DispatchMessageA

  SetRectEmpty

  RegisterClipboardFormatA

  CreateIconFromResourceEx

  CreateIconFromResource

  DrawIconEx

  CreatePopupMenu

  AppendMenuA

  ModifyMenuA

  CreateMenu

  CreateAcceleratorTableA

  GetDlgCtrlID

  GetSubMenu

  EnableMenuItem

  ClientToScreen

  EnumDisplaySettingsA

  LoadImageA

  ShowWindow

  IsWindowEnabled

  TranslateAcceleratorA

  GetKeyState

  CopyAcceleratorTableA

  PostQuitMessage

  IsZoomed

  GetSystemMenu

  GetWindowTextA

  GetWindowTextLengthA

  CharUpperA

  GetWindowDC

  BeginPaint

  EndPaint

  TabbedTextOutA

  DrawTextA

  GrayStringA

  GetDlgItem

  DestroyWindow

  CreateDialogIndirectParamA

  EndDialog

  GetNextDlgTabItem

  GetWindowPlacement

  RegisterWindowMessageA

  GetForegroundWindow

  GetLastActivePopup

  GetMessageTime

  RemovePropA

  CallWindowProcA

  GetPropA

  UnhookWindowsHookEx

  SetPropA

  GetClassLongA

  CallNextHookEx

  SetWindowsHookExA

  CreateWindowExA

  GetMenuItemID

  GetMenuItemCount

  RegisterClassA

  GetScrollPos

  UnregisterClassA

  AdjustWindowRectEx

  MapWindowPoints

  SendDlgItemMessageA

  ScrollWindowEx

  IsDialogMessageA

  SetWindowTextA

  MoveWindow

  CheckMenuItem

  SetMenuItemBitmaps

  GetMenuState

  GetMenuCheckMarkDimensions

  GetClassNameA

  GetDesktopWindow

  LoadStringA

  GetSysColorBrush

  DeleteMenu

  GetClassInfoA

  DefWindowProcA

  GetMenu

  SetMenu

  PeekMessageA

  IsIconic

  SetFocus

  GetActiveWindow

  GetWindow

  DestroyAcceleratorTable

  SetWindowRgn

  GetMessagePos

  ScreenToClient

  ChildWindowFromPointEx

  CopyRect

  LoadBitmapA

  WinHelpA

  KillTimer

  SetTimer

  ReleaseCapture

  GetCapture

  MessageBoxA

  gdi32

  SetStretchBltMode

  GetClipRgn

  CreatePolygonRgn

  SelectClipRgn

  DeleteObject

  CreateDIBitmap

  GetSystemPaletteEntries

  CreatePalette

  StretchBlt

  SelectPalette

  RealizePalette

  GetDIBits

  GetWindowExtEx

  GetViewportOrgEx

  GetWindowOrgEx

  BeginPath

  EndPath

  PathToRegion

  CreateEllipticRgn

  CreateRoundRectRgn

  GetTextColor

  GetBkMode

  GetBkColor

  GetROP2

  GetStretchBltMode

  GetPolyFillMode

  CreateCompatibleBitmap

  CreateDCA

  CreateBitmap

  SelectObject

  CreatePen

  FillRgn

  CreateRectRgn

  CombineRgn

  CreateSolidBrush

  CreateFontIndirectA

  GetStockObject

  GetObjectA

  EndPage

  EndDoc

  DeleteDC

  StartDocA

  StartPage

  BitBlt

  CreateCompatibleDC

  Ellipse

  Rectangle

  LPtoDP

  DPtoLP

  GetCurrentObject

  RoundRect

  GetTextExtentPoint32A

  GetDeviceCaps

  SaveDC

  RestoreDC

  SetBkMode

  SetPolyFillMode

  SetROP2

  SetTextColor

  SetMapMode

  SetViewportOrgEx

  OffsetViewportOrgEx

  SetViewportExtEx

  ScaleViewportExtEx

  SetWindowOrgEx

  SetWindowExtEx

  ScaleWindowExtEx

  GetClipBox

  ExcludeClipRect

  MoveToEx

  LineTo

  CreateRectRgnIndirect

  SetBkColor

  PatBlt

  GetTextMetricsA

  Escape

  ExtTextOutA

  TextOutA

  RectVisible

  PtVisible

  GetViewportExtEx

  ExtSelectClipRgn

  winmm

  midiStreamRestart

  midiStreamClose

  midiOutReset

  midiStreamStop

  midiStreamOut

  midiOutPrepareHeader

  midiStreamProperty

  midiStreamOpen

  midiOutUnprepareHeader

  waveOutOpen

  waveOutGetNumDevs

  waveOutClose

  waveOutReset

  waveOutPause

  waveOutWrite

  waveOutPrepareHeader

  waveOutUnprepareHeader

  winspool.drv

  ClosePrinter

  DocumentPropertiesA

  OpenPrinterA

  advapi32

  RegCloseKey

  RegOpenKeyExA

  RegSetValueExA

  RegQueryValueA

  RegCreateKeyExA

  shell32

  ShellExecuteA

  Shell_NotifyIconA

  ole32

  CLSIDFromProgID

  CLSIDFromString

  CoCreateInstance

  OleRun

  OleInitialize

  OleUninitialize

  oleaut32

  SysAllocString

  RegisterTypeLi

  LHashValOfNameSys

  LoadTypeLi

  UnRegisterTypeLi

  VariantCopyInd

  SafeArrayGetElement

  SafeArrayAccessData

  SafeArrayUnaccessData

  SafeArrayGetDim

  SafeArrayGetLBound

  SafeArrayGetUBound

  VariantChangeType

  VariantClear

  VariantInit

  comctl32

  ImageList_Destroy

  ord17

  ws2_32

  recv

  getpeername

  accept

  ioctlsocket

  recvfrom

  WSAAsyncSelect

  closesocket

  WSACleanup

  inet_ntoa

  comdlg32

  GetFileTitleA

  GetSaveFileNameA

  GetOpenFileNameA

  ChooseColorA

  Exports

  Exports

  ����db a��� �5��Gת��:��v�����^�so�6�ܘ�.e�⅀I�1Tu���{%L"P���Am����ԑ<�ĩd-��f� 1[/PܕaE0.�I���W�����EZš^H�?� ����VF�;%�1��-��8����m{H�{4�)w����x�89���CGt�� �u/b!m{�ϥ����]c�!.�]�#PN��)���k��:���A��&����ߺV�����x[��~���c����n� ,�7�e�>��c��������S�������Z�'C�x�+ĸ��*|�M/jM�ș_J2�����6����e9�����������}Å��6�z ��^�т5��CI쑛YGZ�=#b���sŖ��,*���9��m�Z�z�������=���G�n �T�q�D-8�h�$`���ךS@�5���Ծ"�;�ؘt^+�B��B�.�RQO�3�{¢͕j�Po��C+���2�$��!� n���������Nӂ[I���y��OˤOix ��
  D�h�C,׺���z�Ń�9Ǖ�T�2�`�z��-� �o����jg�}Ӈ�0鵴��Ս\��Ff�~%LI*�AyX=����چ�IB�,�7�-k)�s�+8��r4(@���sNr?
  :�\�tJ
  � ��q4r���WI����N*��vk�Nh6E7$����.��mk��}��A���A����ņ�;��*����\��NF��o��k���H!|�.��;��V�`2P6p�s՜�3A"�V�>kB5��~��b�?�1���p,�q�xo�_���V%��BV1�;�ڴ��tpm�� 5�;C���q��z1��a� ��L&��g���-�xײ �C�g��s������;�_�S����D�ކSY�t9�8S���0=�J�r� ~��p^w�����lεo�Y��Y}��F=�K*tC1FF~ȖەC��#��Z�.���=Y�O���e��X�~-�;ҍ��ß�
  T1����z�ڲo&{���ΐi�qK�X���B���;�ldE���n@O4�,�X���}4��*��Q������p�� ����; �L�B��u�qP�
  "��/������T��Ȭ;�|:~�c8,AX�hM�rv+ն�������3Wy�=fn|(}���T�Y�����X���n�\f����fZM��a)�+���k�1�M�F۴~���  Ϯ����s�R����B��u��}�Jzff#NL�m�Q���VP���$dME�I!*�&·�wC� 4�T�gR�73F��&�XM>��RÈo�N۔��! 6Ӳ��֙��B����杮Yc�F����=D�a@N#XYH����S �rr�
   �E7�&K�6�h#��q��Z�i� (�<u�R�C����(V��cQN�&Jݢ_CΕ����� Q�Q��@��t6���F��[��K� ��
  (:��)���h��&Dy�W �Nnf1�u|[�����D/����ށ`s��&�SBJ٭��}��J�b�G�۱�����08#�s݅fCy2#r7m����]��t�ޡ�YPÜN��y���[~ \�=���Z���W�K���)�����9R��������X��p�!=�#�jx��:E���c�@?�1����/#|���yC���~#�ـ��R.eY���0bPD�S��� �B���
  +���N��Bx����SCUM��7 ���kl��c�TR#a|�{#\xQ �������[y�_5��`�����UΘ�����k��œ�!�4�{z�:}C�M�Ӿ 'I�!�H�f�79�x����sQ�Z��sUAGF�3�Tt)0��æR*��Ú�Wt��~2� ��V�Թ���C��� ����$�G{ld���ӫ�j%g����_ی�Gz`����������Dj���%�� zէ
  ��#��K���1cC�8O,�5��$�V`Lr�*�0�G7�7+�/��
  ����_���@)�h��RI�����P��Ҳ���o;{��l�:����X/����wUD�[7�D~ͨ��/�b�� O�1������"G
  A�:�!@i�s)�`J�s���Y�^<N'�m��jq%�ԛUxDM��5���Λ����l��V�K﶐ް'�ڪ5tc�Q+�ֳ�n�f( �X�+ٳ!|@���'����Muژ�
  �/�6MܺX�P�)Dk�}��_�sۭ�s<9�^���aP^� �5���q����5��$1Vٓ��:z�>S���N^��m����dIM���]���$E��ɲ�[��ТՑ���z\��\n|�����(ղ�#^
  #s�5��+�R���kY7�1_�] �ws�Q������cv�S�h����4���#ڀ���ߓDtqT�"!�(08�k�6' ���������:���� K�XG9)7F��&�Z���>��o���F�D���r{�;��(�0}���8(J=�~�utx�xB;���'��� "̹!0����t��� ĸ65��}�d���6)��i��y��(X�\n1p͇)���z�Aa�˫�W̄�A��h7�^$3C��sV I��4L�NN�:�ÉM�̧�a-��I����4>" l���c��\�YRj,t $v��+G.��?3��; ��1@~�xc{%�aoF@f�AV�D�ꁅ[�h�@F������}���_\���]J�Ù ��}�`�V�$R�� ���<�"/���w�U�����y��<,�F{�y�a, T���h���I�����k�xJ�r :@��ܔE���p�N���s������[��C����iBf�W�-^V�6�Un_��������NF�D�d,
  ���QΔ����k��_P��<�3�O�] �����U�t\����#W�X�����&��'�\�gg�+p��k[�\DJ��zd�8�]�!5O����5�7OLo�2E�ǤgʣU{_�d��9�~D(E�k��E��j�1��>����Q����_�&:oӣb���m�g�2����(�^���%��|������o}U,��#&��(����'����1���+�_pL3�� �RҶ�!b�� �Z1���'#�\�ܬ&����{���fJ*.�

  Sections

  .text

  Size: - Virtual size: 445KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 121KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 8KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 12KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .tls

  Size: 4KB - Virtual size: 24B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 1004KB - Virtual size: 1003KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 4KB - Virtual size: 144B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ