3ds[.]7z[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

3ds.7z.zip
Size

6.6MB
MD5

ba035eca3c4e1d2d8287417ba47a9159
SHA1

6eee757e6d285aacb0c6f38958e45b4ac2d87c3c
SHA256

06a98e51da2f3f3abe6dae6029a1a9a53b9c3ba975cb1423a30aa15876d8afc8
SHA512

36dca23201c456bfaf298c8156bdbf348161965ed32e69045822650b565cf6f4ef4a8456d9d6f220968c7896a52b846ed4516169b010a7f7f449300b458c3e31
SSDEEP

98304:/WX4dUiSneHShV9J/88Tr+v07/Edwjwdd6NC4VyRMe9CER5aN3dq7JFvZWV:eIduoSL9cM7Meud6JY9CER5aN3dWjxWV

Score

1^/10

Malware Config

Signatures

Files

3ds.7z.zip
.zip

Password: infected
3ds.7z
.7z
VirusShare_07045e09817700b37ecc8dd6c56053d3.zip
.zip

Password: infected
ed7a1d6eb5005d7d438527b25ce50214e7c0707bf3e06e977ea2751a410324ba
.rar
终结者好哇刷钻吧白金版(带超强DDOS功能)/好哇刷钻吧专版/SkinH.dll
.dll windows x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2f:5d:74:43:33:a7:45:08:62:ac:fd:3a:82:b4:14:5c:f0:35:53:60
Signer

Actual PE Digest

2f:5d:74:43:33:a7:45:08:62:ac:fd:3a:82:b4:14:5c:f0:35:53:60

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

26/10/2009, 12:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
终结者好哇刷钻吧白金版(带超强DDOS功能)/好哇刷钻吧专版/update/svchost.dat
.exe windows x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pmfvtvlw
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ryhpvhpq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
终结者好哇刷钻吧白金版(带超强DDOS功能)/好哇刷钻吧专版/好哇刷钻吧&温顺密斯免杀更新.exe
.exe windows x86

50dd7a830c1c925bde9099ded1af60a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHAutoComplete

winmm

waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
PlaySoundA
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveInPrepareHeader

kernel32

HeapCreate
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringW
SetEnvironmentVariableA
GetEnvironmentVariableA
HeapSize
GetFileType
SetStdHandle
HeapReAlloc
GetACP
GetProfileStringA
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
DeleteFileA
WriteFile
lstrcpyA
ReadFile
GetFileSize
CreateFileA
GetFileAttributesA
lstrcatA
GetModuleFileNameA
GetTickCount
GetLocalTime
SetFilePointer
CreateDirectoryA
GetLastError
GetDiskFreeSpaceExA
GetVolumeInformationA
lstrlenA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
RemoveDirectoryA
MoveFileA
GetPrivateProfileStringA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetSystemTime
GetTimeZoneInformation
ExitThread
RaiseException
HeapAlloc
HeapFree
RtlUnwind
SetErrorMode
GetProcessVersion
GlobalFlags
SystemTimeToFileTime
LocalFileTimeToFileTime
GetProfileIntA
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetCurrentThread
LocalLock
LocalUnlock
SetLastError
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
VirtualQuery
VirtualProtect
FormatMessageA
GetCurrentDirectoryA
CompareStringA
CopyFileA
GetTempFileNameA
GetPrivateProfileSectionNamesA
lstrcmpA
GetExitCodeThread
SetThreadPriority
ResetEvent
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
SizeofResource
FindResourceA
LoadResource
LockResource
GetCurrentProcessId
FreeLibrary
SetFileAttributesA
GetCurrentThreadId
MulDiv
GetModuleHandleA
ReleaseMutex
LoadLibraryA
GetProcAddress
GetVersion
CreateFileMappingA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
SetEndOfFile
LocalReAlloc
LocalSize
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetTempPathA
ExitProcess
DeleteCriticalSection
CancelIo
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
EnterCriticalSection
PostQueuedCompletionStatus
LeaveCriticalSection
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileIntA
HeapDestroy

user32

GetNextDlgGroupItem
PostThreadMessageA
TranslateMDISysAccel
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
ValidateRect
UnpackDDElParam
ReuseDDElParam
TranslateAcceleratorA
DestroyMenu
LoadStringA
wvsprintfA
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
SetWindowTextA
SetDlgItemTextA
GetDlgItemTextA
SendDlgItemMessageA
ScrollWindow
GetScrollRange
SetScrollRange
GetScrollPos
WinHelpA
GetClassInfoA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetClipboardFormatNameA
GetTabbedTextExtentA
CreateWindowExA
GetWindowDC
TrackPopupMenuEx
DrawMenuBar
AdjustWindowRect
RegisterClassW
RegisterClassA
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
EnableScrollBar
SetScrollInfo
SetScrollPos
GetSysColorBrush
EnumWindows
GetWindowThreadProcessId
EndPaint
BeginPaint
DeferWindowPos
GetMenu
SendMessageTimeoutA
CallWindowProcA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
UnionRect
GetActiveWindow
DrawEdge
GetScrollInfo
GetDoubleClickTime
SetCursorPos
GetClassLongA
GetWindowRgn
HideCaret
ShowCaret
IsMenu
GetMenuDefaultItem
GetMenuItemInfoA
GetDlgItem
AdjustWindowRectEx
SetWindowRgn
GetCursor
GetMenuStringW
LookupIconIdFromDirectoryEx
CopyIcon
CreateIconIndirect
CreateIconFromResourceEx
RegisterClipboardFormatA
GetNextDlgTabItem
EqualRect
IsDialogMessageA
IsClipboardFormatAvailable
CharUpperA
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
IsWindowEnabled
IsIconic
LoadAcceleratorsA
CopyAcceleratorTableA
GrayStringA
TabbedTextOutA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
GetForegroundWindow
GetLastActivePopup
LockWindowUpdate
GetDCEx
InvertRect
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
UnregisterClassA
ExcludeUpdateRgn
DispatchMessageA
TranslateMessage
GetMessageA
SendMessageA
EnableWindow
RegisterWindowMessageA
SetRect
MessageBoxA
wsprintfA
GetWindow
GetClientRect
SetCapture
WaitMessage
MapVirtualKeyA
GetTopWindow
BeginDeferWindowPos
EndDeferWindowPos
ShowWindow
IsChild
SetFocus
MoveWindow
DrawFocusRect
SetActiveWindow
DrawAnimatedRects
SetParent
FindWindowA
EnumChildWindows
SystemParametersInfoA
GetClassNameA
CreatePopupMenu
InsertMenuA
BringWindowToTop
LoadBitmapA
DestroyIcon
GetMenuStringA
IsZoomed
PeekMessageA
IsRectEmpty
DrawStateA
SetRectEmpty
SetMenuDefaultItem
SetForegroundWindow
TrackPopupMenu
GetMenuItemID
IsWindow
PtInRect
GetMessagePos
KillTimer
GetCapture
MapWindowPoints
SetTimer
DrawFrameControl
CopyRect
GetSysColor
FillRect
GetKeyState
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawTextA
CheckMenuItem
GetMenuState
ShowScrollBar
DrawIconEx
IntersectRect
GetSystemMenu
AppendMenuA
CheckMenuRadioItem
GetIconInfo
SetClassLongA
DestroyCursor
LoadCursorA
SetCursor
ScreenToClient
UpdateWindow
WindowFromPoint
ClientToScreen
ReleaseCapture
GetParent
IsWindowVisible
SetWindowPos
GetDlgCtrlID
GetFocus
GetCursorPos
EnableMenuItem
GetMenuItemCount
DeleteMenu
GetSubMenu
LoadMenuA
CharNextA
OffsetRect
GetSystemMetrics
LoadIconA
InflateRect
MessageBeep
SetMenu
GetDesktopWindow
PostMessageA
RedrawWindow
AnimateWindow
ReleaseDC
GetDC
InvalidateRect
GetWindowRect
SetWindowLongA
GetWindowLongA
LoadImageA

gdi32

EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetTextExtentPoint32W
ExtTextOutW
GetCharWidthA
GetCurrentPositionEx
ExtFloodFill
LPtoDP
DPtoLP
StartDocA
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
SetTextAlign
CreateBitmap
StrokeAndFillPath
GetMapMode
SetRectRgn
CopyMetaFileA
CreateDCA
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DeleteDC
GetWindowOrgEx
GetObjectType
GetTextAlign
Escape
RectVisible
PtVisible
EnumFontFamiliesExA
PatBlt
CreateRectRgnIndirect
GetDeviceCaps
GetStockObject
GetTextColor
GetCurrentObject
GetPixel
SetBkMode
SetPixel
TextOutA
GetObjectA
Rectangle
CreateCompatibleBitmap
CreatePen
SetBkColor
SetTextColor
ExtTextOutA
BitBlt
StretchDIBits
CreateCompatibleDC
CreateDIBSection
SelectObject
FillPath
StrokePath
Ellipse
GetWindowExtEx
GetViewportExtEx
SelectPalette
CreateDIBitmap
CreatePalette
GetClipBox
SetBrushOrgEx
RoundRect
CreatePolygonRgn
GetRgnBox
GetClipRgn
IntersectClipRect
ExtSelectClipRgn
OffsetRgn
GetTextCharsetInfo
GetBkColor
CreatePatternBrush
GetViewportOrgEx
CombineRgn
Polyline
CreateFontA
PtInRegion
CreateRectRgn
ExtCreateRegion
GetBitmapBits
GetDIBits
SetStretchBltMode
DeleteObject
GetTextMetricsA
GetTextExtentPointA
CreateFontIndirectA
CreateSolidBrush
Polygon
StretchBlt
GetTextExtentPoint32A
SetBitmapBits

comdlg32

FindTextA
ReplaceTextA
ChooseColorA
CommDlgExtendedError
GetFileTitleA
PrintDlgA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyA
RegQueryValueExA
RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegCloseKey
RegQueryValueA
RegOpenKeyA

shell32

ShellExecuteA
Shell_NotifyIconA
SHAppBarMessage
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ord71
DragFinish
DragQueryFileA
ExtractIconA
SHGetFileInfoA
SHGetMalloc

comctl32

ImageList_LoadImageA
ord17
ImageList_Remove
ImageList_DrawIndirect
ImageList_GetBkColor
FlatSB_GetScrollProp
ImageList_GetImageInfo
ImageList_Add
ImageList_Destroy
ImageList_Create
ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_AddMasked
ImageList_DrawEx
ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetIconSize

oledlg

ord8
ord1

ole32

CoDisconnectObject
CoCreateInstance
OleInitialize
CoUninitialize
CoInitialize
CLSIDFromProgID
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoTaskMemFree
ReleaseStgMedium
OleGetClipboard
CoTaskMemAlloc
OleDuplicateData
CoRevokeClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
CLSIDFromString
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleUninitialize

olepro32

ord253

oleaut32

VariantCopy
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarDateFromStr
VarBstrFromDate
SafeArrayGetDim
SysAllocStringLen
VariantTimeToSystemTime
SysStringLen
LoadTypeLi
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeTypeEx
VariantClear
SysFreeString
OleLoadPicturePath
SysAllocString

ws2_32

inet_ntoa
getpeername
closesocket
gethostname
gethostbyname
WSACloseEvent
WSASend
WSARecv
socket
accept
WSAGetLastError
setsockopt
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAEventSelect
htons
bind
listen
WSACleanup
WSAStartup

pdh

PdhAddCounterA
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery

avifil32

AVIFileInit
AVIStreamRelease
AVIFileExit
AVIFileCreateStreamA
AVIFileOpenA
AVIStreamWrite
AVIStreamSetFormat
AVIFileRelease

msvfw32

DrawDibDraw
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICDecompress
DrawDibOpen
DrawDibClose

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
终结者好哇刷钻吧白金版(带超强DDOS功能)/好哇刷钻吧专版/好哇刷钻吧&温顺密斯免杀更新.ini
终结者好哇刷钻吧白金版(带超强DDOS功能)/好哇刷钻吧专版/插件/AUTOSTA.dll
.dll windows x86

d8b114cbcdc048e0216a9c433504ff9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
WinExec
CreateMutexA
lstrlenA
Process32Next
GetProcessHeap
HeapAlloc
GetLastError
HeapFree
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Sleep
OpenProcess
CloseHandle

advapi32

DuplicateTokenEx
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
BuildExplicitAccessWithNameA
GetKernelObjectSecurity
GetSecurityDescriptorDacl
SetEntriesInAclA
MakeAbsoluteSD
SetSecurityDescriptorDacl
SetKernelObjectSecurity
ImpersonateLoggedOnUser
CreateProcessAsUserA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

msvcrt

free
_initterm
malloc
_adjust_fdiv

psapi

GetModuleFileNameExA

shlwapi

SHCopyKeyA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
终结者好哇刷钻吧白金版(带超强DDOS功能)/好哇刷钻吧专版/插件/AUTOSTA.dll.log
终结者好哇刷钻吧白金版(带超强DDOS功能)/好哇刷钻吧专版/插件/AdvancedOptions.ini
终结者好哇刷钻吧白金版(带超强DDOS功能)/好哇刷钻吧专版/插件/以上文件请勿改文件名.txt
终结者好哇刷钻吧白金版(带超强DDOS功能)/好哇刷钻吧专版/更新免杀员提示.txt
VirusShare_4da15e8006f400ca43335206f60420b8.zip
.zip
VirusShare_8671e9ddbf7eea0a840d97b7519974f2.zip
.zip
VirusShare_90e6596018cfd7a613eddb422db87cf9.zip
.zip
VirusShare_dee7e86869c9ca9c925f9f7f7bc16fdb.zip
.zip
VirusShare_e31daca9be0e0cd773144a9e95f5278c.zip
.zip

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bfCertificate

Extended Key Usages

Key Usages

2f:5d:74:43:33:a7:45:08:62:ac:fd:3a:82:b4:14:5c:f0:35:53:60Signer

Signature Validations

Verification

26/10/2009, 12:34 Valid: false

Headers

File Characteristics

Sections

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 512B - Virtual size: 12B

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 89KB - Virtual size: 92KB

.idata Size: 512B - Virtual size: 4KB

pmfvtvlw Size: 1.0MB - Virtual size: 1.0MB

ryhpvhpq Size: 512B - Virtual size: 4KB

50dd7a830c1c925bde9099ded1af60a6

Headers

File Characteristics

Imports

shlwapi

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

ws2_32

pdh

avifil32

msvfw32

imagehlp

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rodata Size: 12KB - Virtual size: 10KB

.rdata Size: 312KB - Virtual size: 311KB

.data Size: 104KB - Virtual size: 610KB

.rsrc Size: 160KB - Virtual size: 158KB

d8b114cbcdc048e0216a9c433504ff9e

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

psapi

shlwapi

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

2f:5d:74:43:33:a7:45:08:62:ac:fd:3a:82:b4:14:5c:f0:35:53:60
Signer

26/10/2009, 12:34
Valid: false

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 89KB - Virtual size: 92KB

.idata
Size: 512B - Virtual size: 4KB

pmfvtvlw
Size: 1.0MB - Virtual size: 1.0MB

ryhpvhpq
Size: 512B - Virtual size: 4KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rodata
Size: 12KB - Virtual size: 10KB

.rdata
Size: 312KB - Virtual size: 311KB

.data
Size: 104KB - Virtual size: 610KB

.rsrc
Size: 160KB - Virtual size: 158KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 260B

.reloc
Size: 512B - Virtual size: 316B