1284396c6f7a5d88d4d3eddfe28d751c54fa8763554c669e83c05d927702b053

Sharing

Copy URL

Twitter E-mail

General

Target

1284396c6f7a5d88d4d3eddfe28d751c54fa8763554c669e83c05d927702b053
Size

1.4MB
MD5

b03b4f57a6bdf05014451e1617cbf239
SHA1

db8f7e03badf16ca01c932ef22cd2826cb56eccd
SHA256

1284396c6f7a5d88d4d3eddfe28d751c54fa8763554c669e83c05d927702b053
SHA512

c93b05745c6f62ef661216bcc8b0519a0777ab54053af6dd7c4d788814430b6e9aa4eaec8a730250c0c927181a2946dbd856ed8da3ecb770ca70a6822367723d
SSDEEP

24576:ONmzn1kA00pbVXEbRLk4VzLgj7V8Fq/MpPpwT6MbuLrt7+6uk+yqS+mu26AgE34m:L9pZMVXgj7eF5phwT6MKt7+/vYvu26z6

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/QQ群批量拉人软件2.1/PC协议批量拉人.exe	vmprotect

Files

1284396c6f7a5d88d4d3eddfe28d751c54fa8763554c669e83c05d927702b053
.rar
QQ群批量拉人软件2.1/PC协议批量拉人.exe
.exe windows x86

8f80baf79aab45fdf71fa961489cc7f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

winmm

waveOutUnprepareHeader

ws2_32

recv

rasapi32

RasDialA

kernel32

GetVersion
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

WaitForInputIdle
MessageBoxA

gdi32

PtVisible

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

DragQueryFileA

ole32

CLSIDFromProgID

oleaut32

SafeArrayAccessData

comctl32

ImageList_GetImageCount

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 862KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQ群批量拉人软件2.1/UUWisehelper.dll
.dll windows x86

8993d476b2080c54468f99bd1fb566ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
CreateFileW
ReadFile
GetFileSize
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
Sleep
lstrlenW
GlobalUnlock
GlobalLock
GlobalSize
lstrcatW
lstrcpyW
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
lstrlenA
MultiByteToWideChar
CreateEventW
WaitForSingleObject
CreateThread
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpynW
IsBadWritePtr
SetEvent
IsBadReadPtr
lstrcpyA
lstrcpynA
FlushFileBuffers
FindResourceExW
WriteConsoleW
GetConsoleOutputCP
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
WriteConsoleA
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
VirtualAlloc
CreateFileA
GetTickCount
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringW
HeapCreate
VirtualFree

user32

GetDC
ReleaseDC
wsprintfA
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
CoTaskMemFree

oleaut32

SafeArrayGetLBound
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SysAllocStringLen
SysFreeString
VariantClear
SysAllocString
SafeArrayCreateVector

shlwapi

StrStrIW

urlmon

FindMimeFromData

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdipSaveImageToStream

iphlpapi

GetAdaptersInfo

Exports

Exports

uu_AsyncRecognizeByCodeTypeAndPathA
uu_CloseAsyncRecognizeHandle
uu_GetAsyncRecognizeResultA
uu_UploadFileA
uu_UploadFileW
uu_UploadScreen
uu_getResultA
uu_getResultW
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_payA
uu_payW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_recognizeByCodeTypeAndUrlA
uu_recognizeByCodeTypeAndUrlW
uu_recognizeScreenByCodeTypeA
uu_recognizeScreenByCodeTypeW
uu_reguserA
uu_reguserW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQ群批量拉人软件2.1/下载说明.txt
QQ群批量拉人软件2.1/信封QQ格式.txt
QQ群批量拉人软件2.1/数码资源网.url
.url
QQ群批量拉人软件2.1/群主QQ格式.txt

Sharing

General

Malware Config

Signatures

Files

8f80baf79aab45fdf71fa961489cc7f2

Headers

File Characteristics

Imports

iphlpapi

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 862KB

.rdata Size: - Virtual size: 1.0MB

.data Size: - Virtual size: 327KB

.rsrc Size: 12KB - Virtual size: 23KB

.vmp0 Size: - Virtual size: 180KB

.vmp1 Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 4KB - Virtual size: 188B

8993d476b2080c54468f99bd1fb566ab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

shlwapi

urlmon

gdiplus

iphlpapi

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: - Virtual size: 862KB

.rdata
Size: - Virtual size: 1.0MB

.data
Size: - Virtual size: 327KB

.rsrc
Size: 12KB - Virtual size: 23KB

.vmp0
Size: - Virtual size: 180KB

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 4KB - Virtual size: 188B

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB