gh0strat | v9[.]5[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

v9.5.zip
Size

25.9MB
MD5

5d03d82d8d86aa33d2346eec28991f93
SHA1

09358da590d65bc257f269d5db1f4df860f4c0b3
SHA256

ddf1df18b1d2e12bf8e81c141aef4a9aa66248fb13bb0838cd29ce80ef1d1bbc
SHA512

1cd71233350298b41233ab8b75bacf1a8f1a43ef45f744f56ac9510a56764c405307d0ded503a153952095c04e433bdc5df2d9773d15eac672977e320b76fafc
SSDEEP

786432:iLDtyYd0J2OWU6lOm5bPrArCkYOSWqGhKgYyB:ADtyTJ2OelOmTmLqGhKXyB

Score

10^/10

upx gh0strat

Malware Config

Extracted

Family

gh0strat

www.baidu.com

Signatures

Gh0st RAT payload 4 IoCs

resource	yara_rule
sample	family_gh0strat
static1/unpack001/v9.5/Bin.exe	family_gh0strat
static1/unpack001/v9.5/Dat/dhl.dll	family_gh0strat
static1/unpack001/v9.5/Plugins/SERVICE.dll	family_gh0strat

Gh0strat family
gh0strat

ACProtect 1.3x - 1.4x DLL software 15 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/v9.5/Control/MSTSCAX.DLL	acprotect
static1/unpack001/v9.5/Plugins/CHAT.dll	acprotect
static1/unpack001/v9.5/Plugins/FILE.dll	acprotect
static1/unpack001/v9.5/Plugins/KEYLOG.dll	acprotect
static1/unpack001/v9.5/Plugins/LISTEN.dll	acprotect
static1/unpack001/v9.5/Plugins/PRANK.dll	acprotect
static1/unpack001/v9.5/Plugins/PROXY.dll	acprotect
static1/unpack001/v9.5/Plugins/PROXYMAP.dll	acprotect
static1/unpack001/v9.5/Plugins/REGEDIT.dll	acprotect
static1/unpack001/v9.5/Plugins/SCREEN.dll	acprotect
static1/unpack001/v9.5/Plugins/SCREEN1.dll	acprotect
static1/unpack001/v9.5/Plugins/SHELL.dll	acprotect
static1/unpack001/v9.5/Plugins/SYSTEM.dll	acprotect
static1/unpack001/v9.5/Plugins/VIDEO.dll	acprotect
static1/unpack001/v9.5/SkinH.dll	acprotect

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/v9.5/Control/MSTSCAX.DLL	upx
static1/unpack001/v9.5/Control/mstsc.exe	upx
static1/unpack001/v9.5/Control/upx.exe	upx
static1/unpack001/v9.5/Plugins/CHAT.dll	upx
static1/unpack001/v9.5/Plugins/FILE.dll	upx
static1/unpack001/v9.5/Plugins/KEYLOG.dll	upx
static1/unpack001/v9.5/Plugins/LISTEN.dll	upx
static1/unpack001/v9.5/Plugins/PRANK.dll	upx
static1/unpack001/v9.5/Plugins/PROXY.dll	upx
static1/unpack001/v9.5/Plugins/PROXYMAP.dll	upx
static1/unpack001/v9.5/Plugins/REGEDIT.dll	upx
static1/unpack001/v9.5/Plugins/SCREEN.dll	upx
static1/unpack001/v9.5/Plugins/SCREEN1.dll	upx
static1/unpack001/v9.5/Plugins/SHELL.dll	upx
static1/unpack001/v9.5/Plugins/SYSTEM.dll	upx
static1/unpack001/v9.5/Plugins/VIDEO.dll	upx
static1/unpack001/v9.5/Plugins/upx.exe	upx
static1/unpack001/v9.5/SkinH.dll	upx

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/v9.5/Bin.exe
unpack001/v9.5/Control/MSTSCAX.DLL
unpack001/v9.5/Control/mstsc.exe
unpack001/v9.5/Control/upx.exe
unpack001/v9.5/Dat/dhl.Dat
unpack001/v9.5/Dat/dhl.dll
unpack001/v9.5/Plugins/AnyFileToByte.exe
unpack001/v9.5/Plugins/CHAT.dll
unpack001/v9.5/Plugins/FILE.dll
unpack001/v9.5/Plugins/KEYLOG.dll
unpack001/v9.5/Plugins/LISTEN.dll
unpack001/v9.5/Plugins/PRANK.dll
unpack001/v9.5/Plugins/PROXY.dll
unpack001/v9.5/Plugins/PROXYMAP.dll
unpack001/v9.5/Plugins/REGEDIT.dll
unpack001/v9.5/Plugins/SCREEN.dll
unpack001/v9.5/Plugins/SCREEN1.dll
unpack001/v9.5/Plugins/SERVICE.dll
unpack001/v9.5/Plugins/SHELL.dll
unpack001/v9.5/Plugins/SYSTEM.dll
unpack001/v9.5/Plugins/VIDEO.dll
unpack001/v9.5/Plugins/upx.exe
unpack001/v9.5/SkinH.dll

Files

v9.5.zip
.zip
v9.5/Bin.exe
.exe windows x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v9.5/Control/MSTSCAX.DLL
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 428KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 248KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Control/QQwry.dat
v9.5/Control/mstsc.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Control/upx.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 258KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Dat/dhl.Dat
.exe windows x86

4879035e7de03f1ca9ec3aa132c5e034

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord2370
ord4234
ord4853
ord924
ord926
ord1200
ord6930
ord6334
ord3092
ord4710
ord825
ord858
ord6199
ord2884
ord922
ord941
ord537
ord1175
ord2243
ord3619
ord3626
ord3663
ord2414
ord823
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord674
ord529
ord366
ord796
ord6000
ord2117
ord4457
ord5252
ord3810
ord6639
ord2299
ord2814
ord2818
ord2301
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord4837
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord815
ord561
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord1134
ord2725
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1945
ord4273
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord5290
ord3748
ord1726
ord4432
ord693
ord795
ord813
ord560
ord5260
ord2116
ord4723
ord6907
ord3996
ord2100
ord3301
ord6270
ord835
ord4220
ord2584
ord3654
ord2438
ord2863
ord1644
ord1146
ord4299
ord2379
ord3402
ord3721
ord567
ord2582
ord4402
ord3370
ord3640
ord3998
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4376
ord2396
ord5265

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
memset
_CxxThrowException
__CxxFrameHandler
_mbscmp
memcpy
atof
wcslen

kernel32

InterlockedDecrement
GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree
FreeLibrary
GetModuleHandleA
GetStartupInfoA
lstrlenW
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
Sleep

user32

UpdateWindow
GetSubMenu
LoadMenuA
SendMessageA
EnableWindow
GetClientRect

shell32

ShellExecuteA

ole32

CoCreateInstance
OleRun
CoInitialize

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantCopy
SysFreeString
SysAllocString
VariantChangeType

urlmon

URLDownloadToFileA

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v9.5/Dat/dhl.dll
.dll windows x86

2221c0107b5e2205969c1e2018e65d34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
CopyFileA
GetModuleFileNameA
CreateProcessA
ExpandEnvironmentStringsA
lstrcpyA
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateThread
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
DeleteFileA
GetTickCount
LocalAlloc
ReadFile
HeapAlloc
GetProcessHeap
VirtualProtect
HeapFree
GetSystemInfo
lstrcmpiA
GetLocalTime
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
GetVersionExA
WinExec
GetFileAttributesA
CreateDirectoryA
ReleaseMutex
CreateMutexA
MoveFileExA
MoveFileA
SetFileAttributesA
Process32Next
Process32First
OutputDebugStringA
CreateThread
ExitProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemDirectoryA
GetFileSize
SetFilePointer
lstrlenA
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GlobalAlloc
GetLastError
LocalFree
SetLastError
CreateFileA
DeviceIoControl
WriteFile
CloseHandle
Sleep
GetVersion
GetCurrentProcess
FindFirstFileA
VirtualFree
FindNextFileA
GlobalLock
GlobalUnlock
VirtualAlloc
LoadLibraryW

user32

GetMessageA
EnumWindows
IsWindowVisible
SendMessageA
MessageBoxA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
PostThreadMessageA
GetInputState
GetLastInputInfo
SetClipboardData
CloseClipboard
GetClipboardData
OpenClipboard
ExitWindowsEx
EmptyClipboard
wsprintfA
GetWindowTextA

advapi32

OpenProcessToken
CloseEventLog
RegOpenKeyExA
RegSetValueExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
DeleteService
OpenServiceA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
ClearEventLogA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
SHChangeNotify

ole32

CoInitialize
CoUninitialize
CoCreateGuid

ws2_32

socket
getsockname
gethostname
send
WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
select
recv
closesocket

msvcrt

_strcmpi
_CxxThrowException
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_beginthreadex
_except_handler3
strncmp
sprintf
_stricmp
_snprintf
printf
strcspn
strncpy
atoi
_access
strrchr
malloc
free
realloc
rand
strstr
_strupr
??2@YAPAXI@Z
exit
__CxxFrameHandler
_ftol
??3@YAXPAX@Z

setupapi

SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA

iphlpapi

GetIfTable

urlmon

URLDownloadToFileA

Exports

Exports

fuckyou

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v9.5/Dat/dhl备份.rar
.rar
v9.5/ICO图标/01.ico
v9.5/ICO图标/02.ico
v9.5/ICO图标/03.ico
v9.5/ICO图标/04.ico
v9.5/ICO图标/05.ico
v9.5/ICO图标/06.ico
v9.5/ICO图标/07.ico
v9.5/ICO图标/08.ico
v9.5/ICO图标/09.ico
v9.5/ICO图标/10.ico
v9.5/ICO图标/11.ico
v9.5/ICO图标/12.ico
v9.5/ICO图标/13.ico
v9.5/ICO图标/14.ICO
v9.5/ICO图标/15.ico
v9.5/ICO图标/17.ICO
v9.5/ICO图标/18.ico
v9.5/ICO图标/24.ico
v9.5/ICO图标/28.ico
v9.5/ICO图标/29.ico
v9.5/ICO图标/30.ico
v9.5/ICO图标/32.ico
v9.5/ICO图标/36.ico
v9.5/ICO图标/39.ico
v9.5/Plugins/AnyFileToByte.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

MEW
Size: - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 316KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/CHAT.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/C_CHAT.h
v9.5/Plugins/C_C_SERVICE.h
v9.5/Plugins/C_FILE.h
v9.5/Plugins/C_GETQQ.h
v9.5/Plugins/C_KEYLOG.h
v9.5/Plugins/C_LISTEN.h
v9.5/Plugins/C_PRANK.h
v9.5/Plugins/C_PROXY.h
v9.5/Plugins/C_PROXYMAP.h
v9.5/Plugins/C_REGEDIT.h
v9.5/Plugins/C_SCREEN.h
v9.5/Plugins/C_SCREEN1.h
v9.5/Plugins/C_SERVICE.h
v9.5/Plugins/C_SHELL.h
v9.5/Plugins/C_SYSTEM.h
v9.5/Plugins/C_VIDEO.h
v9.5/Plugins/Example.Cpp
v9.5/Plugins/FILE.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/KEYLOG.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/LISTEN.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/PRANK.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/PROXY.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CloseProxy
OpenProxy

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/PROXYMAP.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/REGEDIT.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/SCREEN.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/SCREEN1.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 201KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/SERVICE.dll
.dll windows x86

5eb4b802cdb36a784fa60d6171f5e2a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
memmove
??3@YAXPAX@Z

ws2_32

send
closesocket
select
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup
recv

kernel32

lstrlenA
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
LocalReAlloc
GetCurrentProcess
lstrcmpiA
GetCurrentThreadId
LocalFree
LocalSize
GetLastError

user32

GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetThreadDesktop

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
ChangeServiceConfigA
LockServiceDatabase
OpenServiceA
OpenSCManagerA
DeleteService
ControlService
QueryServiceStatus
StartServiceA
QueryServiceConfig2A
UnlockServiceDatabase
EnumServicesStatusA
QueryServiceConfigA

Exports

Exports

PluginMe

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 970B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v9.5/Plugins/SHELL.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/SYSTEM.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/UPX压缩.bat
v9.5/Plugins/UpdateIP.ini
v9.5/Plugins/VIDEO.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 772KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/Plugins/upx.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 258KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/SkinH.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
v9.5/bin.ini
v9.5/使用说明.txt

Sharing

General

Malware Config

Extracted

Signatures

Files

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdiplus

Sections

.text Size: 197KB - Virtual size: 196KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 141KB

.didat Size: 512B - Virtual size: 392B

.rsrc Size: 260KB - Virtual size: 259KB

.reloc Size: 9KB - Virtual size: 8KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 428KB

UPX1 Size: 248KB - Virtual size: 252KB

.rsrc Size: 63KB - Virtual size: 64KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 300KB

UPX1 Size: 102KB - Virtual size: 104KB

.rsrc Size: 31KB - Virtual size: 32KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.0MB

UPX1 Size: 258KB - Virtual size: 260KB

.rsrc Size: 1KB - Virtual size: 4KB

4879035e7de03f1ca9ec3aa132c5e034

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

shell32

ole32

oleaut32

urlmon

Sections

.text Size: 136KB - Virtual size: 134KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 368KB - Virtual size: 367KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 20KB - Virtual size: 16KB

.reloc Size: 12KB - Virtual size: 10KB

2221c0107b5e2205969c1e2018e65d34

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

msvcrt

setupapi

iphlpapi

urlmon

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 10KB

.text
Size: 197KB - Virtual size: 196KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 141KB

.didat
Size: 512B - Virtual size: 392B

.rsrc
Size: 260KB - Virtual size: 259KB

.reloc
Size: 9KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 428KB

UPX1
Size: 248KB - Virtual size: 252KB

.rsrc
Size: 63KB - Virtual size: 64KB

UPX0
Size: - Virtual size: 300KB

UPX1
Size: 102KB - Virtual size: 104KB

.rsrc
Size: 31KB - Virtual size: 32KB

UPX0
Size: - Virtual size: 1.0MB

UPX1
Size: 258KB - Virtual size: 260KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 368KB - Virtual size: 367KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 20KB - Virtual size: 16KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB

MEW
Size: - Virtual size: 888KB

�uۊ��
Size: 316KB - Virtual size: 376KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 35KB - Virtual size: 36KB

UPX2
Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 7KB - Virtual size: 8KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 29KB - Virtual size: 32KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 20KB

UPX1
Size: 2KB - Virtual size: 4KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 20KB

UPX1
Size: 5KB - Virtual size: 8KB

UPX2
Size: 512B - Virtual size: 4KB