a1a1cefa0b6c2e29f546fee629b9503416e5a631f554e759f9e8a1fa25737573

Sharing

Copy URL Twitter E-mail

General

Target

a1a1cefa0b6c2e29f546fee629b9503416e5a631f554e759f9e8a1fa25737573
Size

12.4MB
MD5

00755c34730209aa7e811098b0d3a4b3
SHA1

737b9f38b9c8c5b9711e8e62e0c01aa564688e5e
SHA256

a1a1cefa0b6c2e29f546fee629b9503416e5a631f554e759f9e8a1fa25737573
SHA512

8408bbbcdd9e73b0ae838d513243e16dc78042d9a755df836391e075045333397be0b7b1cd14679d297d1c982fe3cea0e4d42aeb9b7b538538a5000fca7f3eda
SSDEEP

393216:pvKP7OBCsBtNK0rngEBUMuhcMwMK34cbj:5Kj+tIygEe3NKVbj

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Ӱ1.4Ѱ/DCckoLf.dll	vmprotect
static1/unpack001/Ӱ1.4Ѱ/wdq.dll	vmprotect

Files

a1a1cefa0b6c2e29f546fee629b9503416e5a631f554e759f9e8a1fa25737573
.zip
Ӱ1.4Ѱ/BkjjgGzzZ.dll
.dll windows x86

b76b999878aa3ba769f750a7212b9800

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
VirtualQuery
GetProcessHeap
Sleep
lstrcpyA
GetLastError
CloseHandle
WritePrivateProfileStringA
lstrcmpA
GetPrivateProfileStringA
CreateRemoteThread
GetModuleFileNameA
lstrcatA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
VirtualProtect
DeleteFileA
CreateMutexA
GetTickCount
GetVersionExA
GetWindowsDirectoryA
OpenProcess
GetProcAddress
lstrlenA
TerminateProcess
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
GetModuleHandleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
ReleaseMutex
WaitForSingleObject
VirtualProtectEx
ReadProcessMemory
GetCurrentProcess
LCMapStringW
MultiByteToWideChar
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
RaiseException
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CallNextHookEx
GetKeyState
DialogBoxParamA
SetWindowsHookExA
CreateDialogParamA
ShowWindow
KillTimer
SetWindowTextA
MessageBoxA
SetTimer
SetDlgItemTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
GetDlgItem
EnableWindow
SendDlgItemMessageA
GetDlgItemTextA
CheckDlgButton
GetDlgItemInt
MessageBoxA

comctl32

ord17

shlwapi

StrStrA

Exports

Exports

EncrytData_2
GetGame
GetLoginProcess
GetLoginText
GetLoginThread
GetMirText
SetGameWndAndThread
_EncrytData_2@12
_GetGame@12
_GetLoginProcess@12
_GetLoginText@12
_GetLoginThread@20
_GetMirText@12
_SetGameWndAndThread@12
��7#.��j�P1�1�oO��G��,�逞�4rH��6J6��q�6` 1�[6��a9�r�(��;K�8��R̸Q'�Mc��gi%'p �o,6kk�T��7h�O�[��07�A��m-f?��ר�ĎRac�W��%��6�݅��I!�D�N7r��h��i�Y�hU�L�� ]s� \�- rW��I+d�[�#Ge36}<�x�T��tٷQY]�a�,��PJ�"�X��fM+ w��#uq�b�q3^�pᐏ��ץ�2��FYC�tHv��Y��?�o�峩��A�k�G�J�D�N��p��:�C�^m E��?�� 0�I�'�j Q�o�+ūe�I�u��2��V��H-?8 �_2�zf��ZDv�`��B%S�o�U~��m�ыAsN�f.�o��9.|90�/�J�Vߓt/+%��nW:�A��X��6�� ԍL5Ve�]�Z6�Ҽw~z��zr;� ��W�PyjI�5�t1�G�=��B��#u��4{�gV�f�� M��,$�Р.�5J��#�]�癋Z��1o��Zm��",@��_��A��Yh��14j�q*i#��)-t��* �9��Ī��n��!��fZ��G�љ��)z�2��i� $��]�v��':˞=��b�1�Z�s��FwZ�i��ʦF�*c�'��bx��:�f%��9�ˑd�BRl�M��c`*j�:��L�K�b�r��L@H��rn3�؜lC�yPY�_F�KvC-5{�>1�mz��+��פ쟋'��?^&rv��_OF�a�O��ҋo��t��ǯ 48�s�6��y�P��Э�\��R��{��9�?u]��~�g�g�ɼFj=�Ь'y$ᡠ/��a��ZV��0=�(��H��r�vpmcɓ��w&j$�Fҋy}a��M�.lmz��k�� ]O�"�H��K�`r��l9��9+��E�}��{Y`��N��'+��c��V��Ԏ��%OQ��>G�l4h��ܬ��V��N%+DCz��S��JJ8��O�r��e�5mD�޵h�,��b��h#�G�3�{��>[��F�_��M4B[�{O��v��ߜ_r�'�؃��9��o��B�">��4��O��X@z�O� 0�L�!?��tԛ��a�mQ�6�Ϭo��\4j|�d�r�0 ��N��m��v��)ߕZ�Jd��vx��#m�g��!(��!M^�)��7��߯f4��!��b��) c J��^��v)�Ra7":h�j��4��E��A�^_ujP߫P�Hp~��7�:��u2.+��ԙ!�s��?��K��ڔ}�C�%��Ě�["�I�e��(��D�)��X9ZSJ�WV�ŏ{F(q��Ar��^p~@p�J�͓[u~�!��ǫ�?�nz_�ڡk��.��5py/�(\�Էע�t�B��z��b��$1p�,��y��x�Z�yl]X�*?*��5��S�G,N�,N"N��K��$+�s��*+�w�[d�y�ύ#�.ѿo6bZ�i�|�m��G$Sg��$b��,}��C��ߚ��b��h��?�� @NtH��P;��Y��ڄP�ho�S��Q?�EX��L#��s�}gy�X��oI޵�C ?��2>g�^��i��. kZj[�J��|��tց��2܉Ϋ��%~?77LQ��Ԣ;��Ӕ`bu�F��Vp�#��UuX�_��u�d�l�_�!�x�9�e'*z��A�\�2*��g�͆9|ǈ/�k=�ӵuA�x�?�f��T\:��g�pv}��7e'�v[3��"�vA�S�KIÓ�ކ�� Y�y��wG=ȨS��!j-��űuR�4��%64 Ӭ��\�P�m�s��Nz��t�xh`4�t�.C0�5�Y!?.Q>�v$�4�7��ZS�z �~* %��y.3��آd��ΰ��E$ηk|̿�l��􁚮YNdq�BqqH��*��/�OH]/K�R�ۻG��_y�ȧvp+��X�� Ց~ST0�d8DK+q�ɟk��Bpy��L��zUV��!v��G�+�eE��:�{s^��0p5�~��w��b�p��ߍ4��o�Ֆ��x�9�Z�گqӖZ�Seޤ�m�� Ns�y%�n��E�2 wYu@�s(�%�*X��m~�@�7�3bQ�G��A-.9'D+?��O��?�A37�ˇA�X� �x<)��~S��&��{��\v(2�Ge��цd 1�|�>1ZX��V��]��˰�^��F��O�N�4*��ȏ��P)8�p�T�\BZsP��,aj�� d��.��bOJ�*Ѳ�Xl�gup�f�q�%|�(w�ǚj�@:f�UT+c2f?��;��a�ן[\�Y��R��A~[�q��u�)�YCqR��ƺl�_��+R񄡉��m�)��xI^(.]=�[^��9�gd�@B�zF��&��/8b��`I�/�� Ds��nE�C$��7q�(.�i�� !U݊"x�(��W��2�l@�E۵Q��$�\䱜'��r�<sC&v��}��@�׌xs�1 @�-D1�C��X��F�VM�-Ty�}� ៬�lAN��ӹ�5��V��u�2�g}��7!�dئ/U|Dc0��6�� (P-E��P�1��}Q+Z[�ڙ5��$� �*�V��4�D#2�O�s�E#17�ޡL�0��H��K�ia��<Ѧ��38[S)�ow�>cM}dGv� $��Z�=�Z`H�s;��eD�� _��^�vA��&|��.�Y��*=��_�N��[yG��z�ilX��+��Y�!/l��Q��k)6�^a�ie��[0��"�]9��s�Ǽ�h��TFd ��Brn

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bmw
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fde0
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fde1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fde2
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ӱ1.4Ѱ/Config/Sky/1.blc
Ӱ1.4Ѱ/DCckoLf.dll
.dll windows x86

a652aeeaa7d04c703844261e0b03b46f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtectEx
VirtualProtect
lstrcpyA
GetModuleFileNameA
lstrcatA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
lstrcmpA
DeleteFileA
CreateRemoteThread
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetVersionExA
GetCurrentProcess
FlushFileBuffers
CreateFileA
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
InitializeCriticalSectionAndSpinCount
HeapReAlloc
VirtualAlloc
HeapAlloc
GetModuleHandleA
ExitThread
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CheckDlgButton
GetWindowTextA
KillTimer
SetTimer
GetDlgItemInt
IsDlgButtonChecked
MessageBoxA
GetDlgItemTextA
EnableWindow
SendDlgItemMessageA
SetDlgItemTextA
CallNextHookEx
CreateDialogParamA
SetWindowTextA
ShowWindow
GetDlgItem
SendMessageA
DialogBoxParamA
SetWindowsHookExA
MessageBoxA

comctl32

ord17

Exports

Exports

�'�� "p��~�H�k,�]ޥ�89ǜ��ݼH�Atd;�E3-b�!��;pV��%�ʍ�۪�ʖ';iH��+q;��v��mh08ۂuബ��skYY��>��o�'(\�1t��l_N�Ν� ��_e��"�!=�%�� E��UMZ�s��([��2�?�F�>)��3-�v��E#[�p�M��D�� u�;�$�8+�nD�2��2��R��'P��F<�!\��3�P��UL��N��+�X�~ 8��B��F�QyK�#IC��B��A�}��7 Ӻ*Q�0z�\%��P3��G3��ݙ1��c��|��{��ہ��;�҃�j��noL�.eY�^�bv�I8��K$tY��:,��*DΦ�=�tg��3��ү��?�uT$��Y69V�n{�B�,� �GL/c��D��d�x�� L�?�[/L,��ae�g�5u=X��r�;F��;�� 3�nJ_��;�n��^��\��ӻ"M1J6��B��;��BP��2�ڢ�h�;�2f��Y.��8�� 9h:��g ᨼDk5I#�� Pa«��č�0V��\C��C��f�r�5��L�5t��Bd�$��j�e��7��d��a�g�_��B��Abm�S��2�T�ej��"��)Rt��ts��i랛N�#��e/��~kׂď�p��ޫ��-37p��Z��.��䄖�x+rf�5��[�m2£��E��5�-��@b�+�-�Ԏ��y��Z�^�N2Oc(�7�!��c�B�6_DKca��*2B@Xl�'=_��ʬ�� m@Ś��3b/#�8;X� |��-�ˡ#�E�qP��k.��=r9�ǔ%�GA�1/�}��|��\�>�V��t�D��&�'h�m<⪣z��v�Pi%�0��m�8Ѫ�8&�Dr�@qV�}��%?�1#�ٗP�MB��߭hA��}x��zE��;|q� �s��~A��j(�2g�Z\�{7xϊA��M>�Z@K �\3��"�>�*l3Ս\E�uIe��kݬ��U�y��/��g,��BSU){��b=��)DUjj]J��DR9(�D��*ԵsT�~v��g��(Lw�;|J��K��L2�WX3�ع�Ab'��s�eU��|�RK iz�?��8ũ�j�� [cO-佶�8E�� "g� �*��E�N)ջ�|>�\�~�V�Ա� ؂��/��N5��V��@&�u��Dm|4�_��Lv�zB�GS� �q�NYRx�t��C�h��ąڏ��߃�Ǧ��}�G>�x��4R1�s��o�+Ty%�4]��Џ3��c>�t,ʴ�P�=��M�Ks�D�B��fY�$�G��м�Ț��]-�F�!__�� `W��-)D�ld"�d wul�y+�ȊI+)��* �D�$�T4�$�CLxY.��>��f�=�P��r��g��Y$I RD%�+�ե�.u��I�\��*��xF��.|��K�&��z4~��\Ta��>�m!!��B�?��`��@��){{��x�4(�:��.qaU�1w��'�_w:]u��r��Md�(9��Y��]��|J�OA�^��vP�/��|��% m�J2��PIK�y�b�>��pl��ֽ�>�/�K��7L�_��,��t�q��r��[�:ښ�.f�2��=!�޴�R�F�}��H��LH��H��=�c��= "��}��E9eIC��z��,6O��_��Fh��ܨ��W��1&�v�=e��L��W�� Pl�|��%����Ґ ��]�ǖ�`��Bla��#�&��^��}��G��JM�⾓��K�=�d#�2v�u� ��@<7��M�*�j��ɒ�#J�hT�8L:̧��L{�ĵmv�� >kҬ��>�^��/�f��͟?�Bm�&�lw��)�]�R�Հ)�n?ȑ5'%��GH7�� U0�.2��H��H��KwvIx��t,�a!��\�ldq��#��/@�y3�7M��L[�` �.6U��2OF�*��*}�&��՝�ጤ��K��HD�y��d��-��摉f��][��M+x�l�٦)��1��m`w\��*��Q�|>��Oƻ*p�,W��:TB}3�<��7��e��'��m�4`W��Y��MZ0ی8'b��3�D}�yF��:��ޓ��v��W�l�;�e.�pe�4%� / �>_`�{]��r_�v�E}'��]6�)�s�G%�OE0P��mҰ��/�Y�@��J�U¼y�K�h��`�G+_|�[ "WLQRZ��t�h?R�Ᏹr��$#�Rs�,�%�ݰd9L�I��c��Ω:M�� }.��l�!nD��ͯ#�?o#��b��VǒT4£��Nf��e��!�p��PJ�L]I�q��0}�qOp�7�_��E�d0�W�N�Q��9n��j�n?�4�F��e1NSX�T)/�%��t͡��.��{�so"��&�o�m��F"�8��5��)�� #'(@�4��B�W��Ā�<cK��cA�2z�s/"�mONP��C>�5(]պ��?��)��h�� B�Y�D��w�7�`39��m:s�<��k>Y=4�g<��4is�k()��^��Ѻ�=�}�W0��e��:��g��+��O�R� 9��X�4��9Gj�&��ts��D ��}��C+&�?��m�C��v�/=�Z��1 ��CS �r��K�$�,k��lZd�Jb
CheckLoginStart
GetGamePid
GetLoginTID
SetGameWindow
_CheckLoginStart@12
_GetGamePid@12
_GetLoginTID@12
_SetGameWindow@12

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tmd
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ӱ1.4Ѱ/NKT.dll
.dll windows x86

0a7711c0e412cc73550f2f8f30fbc495

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetTimeZoneInformation
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharNextA

advapi32

RegCloseKey

oleaut32

VariantInit

ole32

CoUninitialize

shell32

ShellExecuteA

iphlpapi

GetAdaptersInfo

Exports

Exports

ks_CheckKey
ks_GetData
ks_GetMsg
ks_advapi
ks_apidatafree
ks_destr
ks_edit
ks_exit
ks_prepaid
ks_reguser
ks_setExtVal
ks_setKVal
ks_setSoftVal
ks_setUVal
ks_setUpVal
ks_viewinfo

Sections

CODE
Size: - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 391B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 693KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ӱ1.4Ѱ/WS2HELP.dll
.dll windows x86

db111001b1244590f5322ec622db6241

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiOutUnprepareHeader
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
waveOutOpen
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs

ws2_32

WSAAsyncSelect
ioctlsocket
getpeername
closesocket
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
recv
recvfrom
gethostname
accept

kernel32

MultiByteToWideChar
SetLastError
GetTimeZoneInformation
GetVersion
IsBadReadPtr
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
CopyFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
IsBadCodePtr
SetStdHandle
InterlockedExchange
IsBadWritePtr

user32

IsZoomed
PostQuitMessage
CopyAcceleratorTableA
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
LoadIconA
TranslateMessage
SystemParametersInfoA
GetDesktopWindow
GetClassInfoA
DefWindowProcA
GetDlgCtrlID
GetDlgItem
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
GetKeyState
GetClassNameA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
SetRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
GetWindowTextA
GetSubMenu
GetSysColorBrush
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
UnregisterClassA
LoadStringA

gdi32

GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
ExcludeClipRect
SelectObject
CreatePen
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateRectRgnIndirect
SetBkColor
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
SetStretchBltMode
GetClipRgn

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
CLSIDFromProgID

oleaut32

UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SysAllocString
VariantInit
VariantCopyInd
VariantChangeType
VariantClear

comctl32

ord17
ImageList_Destroy

comdlg32

GetSaveFileNameA
ChooseColorA
GetFileTitleA
GetOpenFileNameA

Exports

Exports

DLL�ӿ�
WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahCloseSocketHandle
WahCloseThread
WahCompleteRequest
WahCreateHandleContextTable
WahCreateNotificationHandle
WahCreateSocketHandle
WahDestroyHandleContextTable
WahDisableNonIFSHandleSupport
WahEnableNonIFSHandleSupport
WahEnumerateHandleContexts
WahInsertHandleContext
WahNotifyAllProcesses
WahOpenApcHelper
WahOpenCurrentThread
WahOpenHandleHelper
WahOpenNotificationHandleHelper
WahQueueUserApc
WahReferenceContextByHandle
WahRemoveHandleContext
WahWaitForNotification
��ip��ַ

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ӱ1.4Ѱ/longying.dat
.exe windows x86

d519768f201ab30fbb4b5a744bafd6e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource

user32

SetDlgItemTextA

gdi32

DeleteDC

advapi32

RegSetValueExA

ole32

CLSIDFromString

oleaut32

SysAllocStringLen

psapi

GetModuleFileNameExA

shlwapi

StrStrIA

comctl32

ord17

version

GetFileVersionInfoSizeA

msvcrt

malloc

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdfeess
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdfeess
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ӱ1.4Ѱ/longying.ico
Ӱ1.4Ѱ/report.ini
Ӱ1.4Ѱ/vjPzDL.dll
.dll windows x86

b76b999878aa3ba769f750a7212b9800

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
VirtualQuery
GetProcessHeap
Sleep
lstrcpyA
GetLastError
CloseHandle
WritePrivateProfileStringA
lstrcmpA
GetPrivateProfileStringA
CreateRemoteThread
GetModuleFileNameA
lstrcatA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
VirtualProtect
DeleteFileA
CreateMutexA
GetTickCount
GetVersionExA
GetWindowsDirectoryA
OpenProcess
GetProcAddress
lstrlenA
TerminateProcess
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
GetModuleHandleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
ReleaseMutex
WaitForSingleObject
VirtualProtectEx
ReadProcessMemory
GetCurrentProcess
LCMapStringW
MultiByteToWideChar
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
RaiseException
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CallNextHookEx
GetKeyState
DialogBoxParamA
SetWindowsHookExA
CreateDialogParamA
ShowWindow
KillTimer
SetWindowTextA
MessageBoxA
SetTimer
SetDlgItemTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
GetDlgItem
EnableWindow
SendDlgItemMessageA
GetDlgItemTextA
CheckDlgButton
GetDlgItemInt
MessageBoxA

comctl32

ord17

shlwapi

StrStrA

Exports

Exports

EncrytData_2
GetGame
GetLoginProcess
GetLoginText
GetLoginThread
GetMirText
SetGameWndAndThread
_EncrytData_2@12
_GetGame@12
_GetLoginProcess@12
_GetLoginText@12
_GetLoginThread@20
_GetMirText@12
_SetGameWndAndThread@12
��7#.��j�P1�1�oO��G��,�逞�4rH��6J6��q�6` 1�[6��a9�r�(��;K�8��R̸Q'�Mc��gi%'p �o,6kk�T��7h�O�[��07�A��m-f?��ר�ĎRac�W��%��6�݅��I!�D�N7r��h��i�Y�hU�L�� ]s� \�- rW��I+d�[�#Ge36}<�x�T��tٷQY]�a�,��PJ�"�X��fM+ w��#uq�b�q3^�pᐏ��ץ�2��FYC�tHv��Y��?�o�峩��A�k�G�J�D�N��p��:�C�^m E��?�� 0�I�'�j Q�o�+ūe�I�u��2��V��H-?8 �_2�zf��ZDv�`��B%S�o�U~��m�ыAsN�f.�o��9.|90�/�J�Vߓt/+%��nW:�A��X��6�� ԍL5Ve�]�Z6�Ҽw~z��zr;� ��W�PyjI�5�t1�G�=��B��#u��4{�gV�f�� M��,$�Р.�5J��#�]�癋Z��1o��Zm��",@��_��A��Yh��14j�q*i#��)-t��* �9��Ī��n��!��fZ��G�љ��)z�2��i� $��]�v��':˞=��b�1�Z�s��FwZ�i��ʦF�*c�'��bx��:�f%��9�ˑd�BRl�M��c`*j�:��L�K�b�r��L@H��rn3�؜lC�yPY�_F�KvC-5{�>1�mz��+��פ쟋'��?^&rv��_OF�a�O��ҋo��t��ǯ 48�s�6��y�P��Э�\��R��{��9�?u]��~�g�g�ɼFj=�Ь'y$ᡠ/��a��ZV��0=�(��H��r�vpmcɓ��w&j$�Fҋy}a��M�.lmz��k�� ]O�"�H��K�`r��l9��9+��E�}��{Y`��N��'+��c��V��Ԏ��%OQ��>G�l4h��ܬ��V��N%+DCz��S��JJ8��O�r��e�5mD�޵h�,��b��h#�G�3�{��>[��F�_��M4B[�{O��v��ߜ_r�'�؃��9��o��B�">��4��O��X@z�O� 0�L�!?��tԛ��a�mQ�6�Ϭo��\4j|�d�r�0 ��N��m��v��)ߕZ�Jd��vx��#m�g��!(��!M^�)��7��߯f4��!��b��) c J��^��v)�Ra7":h�j��4��E��A�^_ujP߫P�Hp~��7�:��u2.+��ԙ!�s��?��K��ڔ}�C�%��Ě�["�I�e��(��D�)��X9ZSJ�WV�ŏ{F(q��Ar��^p~@p�J�͓[u~�!��ǫ�?�nz_�ڡk��.��5py/�(\�Էע�t�B��z��b��$1p�,��y��x�Z�yl]X�*?*��5��S�G,N�,N"N��K��$+�s��*+�w�[d�y�ύ#�.ѿo6bZ�i�|�m��G$Sg��$b��,}��C��ߚ��b��h��?�� @NtH��P;��Y��ڄP�ho�S��Q?�EX��L#��s�}gy�X��oI޵�C ?��2>g�^��i��. kZj[�J��|��tց��2܉Ϋ��%~?77LQ��Ԣ;��Ӕ`bu�F��Vp�#��UuX�_��u�d�l�_�!�x�9�e'*z��A�\�2*��g�͆9|ǈ/�k=�ӵuA�x�?�f��T\:��g�pv}��7e'�v[3��"�vA�S�KIÓ�ކ�� Y�y��wG=ȨS��!j-��űuR�4��%64 Ӭ��\�P�m�s��Nz��t�xh`4�t�.C0�5�Y!?.Q>�v$�4�7��ZS�z �~* %��y.3��آd��ΰ��E$ηk|̿�l��􁚮YNdq�BqqH��*��/�OH]/K�R�ۻG��_y�ȧvp+��X�� Ց~ST0�d8DK+q�ɟk��Bpy��L��zUV��!v��G�+�eE��:�{s^��0p5�~��w��b�p��ߍ4��o�Ֆ��x�9�Z�گqӖZ�Seޤ�m�� Ns�y%�n��E�2 wYu@�s(�%�*X��m~�@�7�3bQ�G��A-.9'D+?��O��?�A37�ˇA�X� �x<)��~S��&��{��\v(2�Ge��цd 1�|�>1ZX��V��]��˰�^��F��O�N�4*��ȏ��P)8�p�T�\BZsP��,aj�� d��.��bOJ�*Ѳ�Xl�gup�f�q�%|�(w�ǚj�@:f�UT+c2f?��;��a�ן[\�Y��R��A~[�q��u�)�YCqR��ƺl�_��+R񄡉��m�)��xI^(.]=�[^��9�gd�@B�zF��&��/8b��`I�/�� Ds��nE�C$��7q�(.�i�� !U݊"x�(��W��2�l@�E۵Q��$�\䱜'��r�<sC&v��}��@�׌xs�1 @�-D1�C��X��F�VM�-Ty�}� ៬�lAN��ӹ�5��V��u�2�g}��7!�dئ/U|Dc0��6�� (P-E��P�1��}Q+Z[�ڙ5��$� �*�V��4�D#2�O�s�E#17�ޡL�0��H��K�ia��<Ѧ��38[S)�ow�>cM}dGv� $��Z�=�Z`H�s;��eD�� _��^�vA��&|��.�Y��*=��_�N��[yG��z�ilX��+��Y�!/l��Q��k)6�^a�ie��[0��"�]9��s�Ǽ�h��TFd ��Brn

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bmw
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fde0
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fde1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fde2
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ӱ1.4Ѱ/wdq.dll
.dll windows x86

4361198fb72f8ea7fc38ec587a3f52a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
TerminateProcess
GetCurrentProcess
WriteProcessMemory
VirtualProtect
OpenProcess
GetProcAddress
GetLastError
GetModuleHandleA
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
MessageBoxA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

Exports

Exports

�$��X��(�6{�O�5!j޶9�\�Sþ��n,�YC��E��)=�9�#��C5�3:�*!��w��lg��%�j'!�h�w��"� AV��e[A4�]ܑ��*h�z��$��ыm��˺� ��+GҞ��^=��*ٞ2`��>��o��_֙<�$�u!��]R��v��e��̟�(��NH_��3�}�z��{��oJ3��E��+=ւ�p��W�6SeB`~|��e2��nx RL��d�� A��q6�BX>t�~��n�t>��r��Fg �\��NT1�� 3}��IS��)U��f/�bo�Q��[��F�O��ؘ4KC��L|��7޲|[�P�됓/��H�DpX��7N�� +��G<!��O"!S�!�سr>N�e�� zY�)*�n�i��a�Zi�<9E��n��mB(~�6(�E�y��,.9��bJ�[��D-�zO�çƁ� �7�A;i��V=��w~�)}f9��צIK�xA (~O�Ty /VԹgyˢ�ؽx'��<x]�:��8n�3|��P��H�n�1��aSI�iu,k�X��rh��O�V 1�L�P㱕��n�\5�ח��k큀�˔n��8�`yp5��Z11Q �0�L��/��4S��{�c\��r�b��u�L��%��9�z ��hF�Jp��QŘ�qIB��7�W��m*�� .�x��(!/#��/( m��x�aity\{7#a�3:��2A(N|�J��i��.-��BY��~��)��V��~��m��qka�^w�_��\V:��b`��Ö2�ȷ�'��pۺ�� V��6��9�gK�>�\�=�?�+K�ޘ��r��&�2�'�.^�8'h��y��B}��T��`�X ��Բkϳ�w�|\,W��h/��͗3�ɠ�h�Hq[��$��*h� ��c�Bk��08�E��4ŒZ��Q�ׄ6��=og��A�0<.v�LŤ=�_�t��q��J��Y�&��o��<�U74U��K��n��9 ׄ��;�D��g{�/��Է�0�o3� *��tui6m��3L��MU��ʅv��+j�|�̩y-�P23�l&�I��1��"w��Z�d��3Q��>��"��'Ι��η�<�ͲF�|:�Ʒs�$��Mq�k��U7,�;Y_�:�}��K�g(s�28$`=�$q]3GWCi��p�4��܅:w��|�v�<ٹ�BF��y��l��"c�@��>�ן�oޥё��D��i�T��h)��a��6~��s;�7�ðb���a O�qo2�. }f�� Z�(��1��t��$f ��"�g�[^]e�Є��3��pZ�dݽ5��C� ��V=��E;�z{��{��+<�1��^�;��V½��ᬯ�T�X��;��IX��;��k��U��Y�y��o�9"��}�Phk��$��J`��n�B�Sx�K49�1nF�eo]�uk��M��w��S2W�I��i`l��'Wy�b��O��}V�u|(��N�oL1��gRk}U��Q2��ְ�:�.Q�0#��=�qAt��8��(�`P��@|n�ovz�˹h��P�q��< �l�"뭮l�";6�OlF�!9��\.�H� �"�0Osw�X�b��׊ &��b��X��Lȭt�S��ό"��<}�S�>o�2I��f�*~�V��# �߾.��G�`�Hx��uɔ{��4 UG��T�c��߲yim�z9�Dn��!� ~44��?P7K�� 5�jA͖F�h�Q~��Y��N1蜔�C4��@P�$��p#d+k��b��w��u��W�\;�w�� ״��*�e�I�+�9:Q��id��Q�4M��5��~-h� "��+Y�M7G9W��xN:\dwV � E�*J�0��} t ײ��5�{�Ie��0Ԏ��q��݇��Q��8�Ї�Z��-OOH�(wi �g��<�]ѣ�?�3U��_;��7��D��6-��Q%��;�G|��1_R�(D}��S1��nhz�`~,�U/P�WM��I,mO�C�tDH� ғNe�{m�A�#�罪��F��eu�� q��[_P#x��"��^�$H"�9��ݰ��,�!35e,ܗU>܏��ܔ�Y0��v�{��gڈ�GA�P�2��H��}d��c� �'5��!�0�Q��sc� �c�iI�G�z�1�E��8��g�p��f��v�z��2E�g��]�v��*��1�|֔��T�@ӝmw��"�}��~KQ��e��O��T7��Z3��;�@ML�7�F�![�G.a2�^l�I=Y��G��7�#�?��ѓg;��,�v��A>�n�$��M�;�M�F�D0O!�P��yם�a]I|��D�dߣ��9��ۼ��|�aX�m*,n|��5�F�pS"�u�0�!Ђ��V i�B�~�*mJ��Sc�U��=�T�#D(�m��fH��]5F�,lbwN��VF�'gg�݅ڰ(�Ot�:L��΀��}Q$�9�X!x ��'>U��Z�v?��@��_�8g;��Ў�qS�N��e��uÈ��c�.%OC�u��,5�'%��}�o��2t�z��g��q��#q��K�M�O��@*��h)6�r��/l�$Cu9��%��_��/۱�S$q�\��<��R�L�R��4fh��H�گPｊ�^49ߥ�w��k�q ps��VqY��9��. #790@ �g�j�PK ľ�*�W�iD��VE��"��k
FindWeDlq
WeDlqOk
_FindWeDlq@12
_WeDlqOk@12
_connectHookFun@4
connectHookFun

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

chi
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ӱ1.4Ѱ/Ӱ1.4Ѱ.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: - Virtual size: 996KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 402KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b76b999878aa3ba769f750a7212b9800

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

shlwapi

Exports

Exports

Sections

.text Size: 186KB - Virtual size: 186KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 5KB - Virtual size: 17KB

bmw Size: 512B - Virtual size: 48B

.rsrc Size: 17KB - Virtual size: 17KB

.fde0 Size: 20KB - Virtual size: 19KB

.fde1 Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 24B

.fde2 Size: 42KB - Virtual size: 42KB

.reloc Size: 18KB - Virtual size: 18KB

a652aeeaa7d04c703844261e0b03b46f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 11KB

tmd Size: 512B - Virtual size: 16B

.rsrc Size: 15KB - Virtual size: 15KB

.vmp0 Size: 6KB - Virtual size: 6KB

.vmp1 Size: 11KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 43KB - Virtual size: 43KB

.reloc Size: 5KB - Virtual size: 4KB

0a7711c0e412cc73550f2f8f30fbc495

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ole32

shell32

iphlpapi

Exports

Exports

Sections

CODE Size: - Virtual size: 155KB

DATA Size: - Virtual size: 4KB

BSS Size: - Virtual size: 12KB

.idata Size: - Virtual size: 3KB

.edata Size: - Virtual size: 391B

.vmp0 Size: - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 7KB

.vmp1 Size: - Virtual size: 583KB

.vmp2 Size: 693KB - Virtual size: 692KB

.reloc Size: 512B - Virtual size: 212B

db111001b1244590f5322ec622db6241

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

.text
Size: 186KB - Virtual size: 186KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 17KB

bmw
Size: 512B - Virtual size: 48B

.rsrc
Size: 17KB - Virtual size: 17KB

.fde0
Size: 20KB - Virtual size: 19KB

.fde1
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 24B

.fde2
Size: 42KB - Virtual size: 42KB

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 11KB

tmd
Size: 512B - Virtual size: 16B

.rsrc
Size: 15KB - Virtual size: 15KB

.vmp0
Size: 6KB - Virtual size: 6KB

.vmp1
Size: 11KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 43KB - Virtual size: 43KB

.reloc
Size: 5KB - Virtual size: 4KB

CODE
Size: - Virtual size: 155KB

DATA
Size: - Virtual size: 4KB

BSS
Size: - Virtual size: 12KB

.idata
Size: - Virtual size: 3KB

.edata
Size: - Virtual size: 391B

.vmp0
Size: - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 7KB

.vmp1
Size: - Virtual size: 583KB

.vmp2
Size: 693KB - Virtual size: 692KB

.reloc
Size: 512B - Virtual size: 212B

.text
Size: 428KB - Virtual size: 425KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 60KB - Virtual size: 182KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 76KB - Virtual size: 74KB

.text
Size: 9.7MB - Virtual size: 9.7MB

.sdfeess
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 8KB

.sdfeess
Size: 4KB - Virtual size: 4KB

.text
Size: 186KB - Virtual size: 186KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 17KB

bmw
Size: 512B - Virtual size: 48B

.rsrc
Size: 17KB - Virtual size: 17KB

.fde0
Size: 20KB - Virtual size: 19KB

.fde1
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 24B

.fde2
Size: 42KB - Virtual size: 42KB

.reloc
Size: 18KB - Virtual size: 18KB