fb216ed616d2c2312c422dbf5ca4ab9d74705f5da53a37d8c40039d3faf7531f

Sharing

Copy URL Twitter E-mail

General

Target

fb216ed616d2c2312c422dbf5ca4ab9d74705f5da53a37d8c40039d3faf7531f
Size

10.6MB
MD5

8c45bf73dade99e2559e34cc113cd021
SHA1

70b44fb753607d10601626aa4a4c1517b4e8ec54
SHA256

fb216ed616d2c2312c422dbf5ca4ab9d74705f5da53a37d8c40039d3faf7531f
SHA512

906d403f54fd5a1f704f9e19154d579483f83118adba64cc850b74ac4cc150c895960f0c5c1d75b8623a1217eee0346b573a8d611d06a08b3b4c5278483a9621
SSDEEP

196608:3Qb/0hSKeY60V5pZD+rN/eZn7HwXzUEEreko5aat5k7MA4akhcsFi:3kcgKe5SN+RQn7uFb3tK7LkbQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LKT.exe

Files

fb216ed616d2c2312c422dbf5ca4ab9d74705f5da53a37d8c40039d3faf7531f
.zip
BUG反馈流程.txt
LKT.exe
.exe windows x64

b236efb7fd7f615b9d701ecef8e9735b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeGetTime

d3d9

Direct3DCreate9

winspool.drv

DocumentPropertiesW
ClosePrinter
DeviceCapabilitiesW
OpenPrinterW
GetPrinterW
SetPrinterW
GetDefaultPrinterW
EnumPrintersW

comdlg32

PageSetupDlgW
GetSaveFileNameW
GetOpenFileNameW
PrintDlgW

comctl32

InitCommonControls

shell32

ExtractIconW
DragQueryFileW
ShellExecuteW

psapi

EnumProcessModulesEx

user32

CreateWindowExW
SetMenuItemInfoW
GetMenuItemInfoW
PeekMessageW
MonitorFromWindow
GetUpdateRect
GetUpdateRgn
SetTimer
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
FillRect
DispatchMessageW
IsClipboardFormatAvailable
EnumWindows
GetClassInfoW
SetScrollPos
GetActiveWindow
SetActiveWindow
IsMenu
GetKeyboardLayoutList
DrawFocusRect
EnumChildWindows
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
MessageBoxIndirectW
CharLowerBuffW
GetSystemMetrics
PostMessageW
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
ClientToScreen
SetClipboardData
GetClipboardData
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetAsyncKeyState
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetFocus
GetDC
CloseWindow
SetFocus
EndPaint
ReleaseDC
TrackMouseEvent
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
GetPropW
MessageBoxW
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
UnregisterClassW
SendMessageW
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
ScreenToClient
GetWindowLongPtrW
SetWindowLongPtrW
GetWindowInfo
SendMessageTimeoutW
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
RemoveMenu
GetMenuItemCount
AppendMenuW
GetSysColorBrush
GetWindowDC
OpenClipboard
TranslateMessage
DrawTextExW
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
GetScrollInfo
SetWindowTextW
UpdateLayeredWindow
GetMessageExtraInfo
EnableScrollBar
GetSysColor
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetMenu
GetMenu
SetRect
GetKeyState
WINNLSEnableIME
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetWindowRect
KillTimer
WaitMessage
IsWindowEnabled
GetWindowPlacement
FindWindowW
GetKeyboardLayout
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType
VariantCopyInd

advapi32

CloseServiceHandle
RegSetValueExW
ControlService
RegConnectRegistryW
RegEnumKeyW
CreateServiceW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
DeleteService
StartServiceW
RegReplaceKeyW
GetTokenInformation
LookupAccountSidW
RegCreateKeyExW
OpenServiceW
RegLoadKeyW
RegEnumKeyExW
AdjustTokenPrivileges
RegDeleteKeyW
LookupPrivilegeValueW
OpenSCManagerW
RegOpenKeyExW
OpenProcessToken
RegDeleteValueW
RegFlushKey
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

kernel32

GetFileTime
RtlMoveMemory
RtlUnwindEx
QueryDosDeviceW
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
VirtualProtectEx
SizeofResource
VirtualProtect
ReadProcessMemory
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
GetLongPathNameW
WriteProcessMemory
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
DisconnectNamedPipe
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
GetUserDefaultLCID
CreateRemoteThread
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
lstrlenA
CreateThread
CompareStringW
CopyFileW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
ExpandEnvironmentStringsW
LoadLibraryExW
TerminateProcess
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetSystemInfo
GetCommandLineW
DuplicateHandle
LeaveCriticalSection
GetProcAddress
ResumeThread
VirtualAllocEx
WinExec
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetProcessTimes
DeviceIoControl
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
WaitForSingleObject
WriteFile
CreateNamedPipeW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
VirtualFreeEx
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
GetThreadLocale
SetThreadLocale
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shfolder

SHGetFolderPathW

wsock32

htons
ntohs
inet_addr
WSAAsyncSelect
gethostbyname
bind
gethostname
inet_ntoa
recv
socket

ole32

RevokeDragDrop
CoCreateInstance
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
IsEqualGUID
CreateStreamOnHGlobal
OleInitialize
OleRegEnumFormatEtc
CoGetClassObject
CoInitialize
CoTaskMemFree
OleDraw
CoTaskMemAlloc
DoDragDrop

iphlpapi

GetExtendedTcpTable

gdi32

Arc
Pie
SetBkMode
TextOutW
SelectPalette
CreateCompatibleBitmap
BeginPath
ExcludeClipRect
SetWindowOrgEx
MaskBlt
AngleArc
EndPage
EndPath
Chord
SetAbortProc
SetTextColor
SetDIBits
StretchBlt
CreateRectRgn
GetCharABCWidthsFloatW
RealizePalette
CreateFontW
SetDIBColorTable
GetDIBColorTable
RoundRect
GetTextMetricsW
GetWindowOrgEx
CreatePalette
CreateBrushIndirect
PatBlt
CreateDCW
CreateICW
PolyBezierTo
GetStockObject
Polygon
Rectangle
MoveToEx
DeleteDC
BitBlt
Ellipse
StartPage
GetDeviceCaps
GetBitmapBits
GetTextExtentPoint32W
GetClipBox
Polyline
StartDocW
AbortDoc
GetSystemPaletteEntries
CreateBitmap
CombineRgn
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
CreatePenIndirect
SetStretchBltMode
GetRegionData
GetDIBits
ExtCreateRegion
SetMapMode
CreateFontIndirectW
PolyBezier
LineTo
EnumFontsW
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
SetBkColor
CreateCompatibleDC
EndDoc
GetObjectA
GetObjectW
GetBrushOrgEx
GetCurrentPositionEx
SetROP2
SetTextAlign
ExtTextOutW
SetBrushOrgEx
GetPixel
ArcTo
GdiFlush
SetPixel
EnumFontFamiliesExW
GetPath
GetPaletteEntries

ntdll

NtQueryInformationProcess
ZwQuerySystemInformation

wtsapi32

WTSSendMessageW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 846KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 149B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 584B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 12.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
简单介绍(B站视频).txt

Sharing

General

Malware Config

Signatures

Files

b236efb7fd7f615b9d701ecef8e9735b

Headers

File Characteristics

Imports

winmm

d3d9

winspool.drv

comdlg32

comctl32

shell32

psapi

user32

version

oleaut32

advapi32

netapi32

msvcrt

kernel32

shfolder

wsock32

ole32

iphlpapi

gdi32

ntdll

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 9.7MB

.data Size: - Virtual size: 846KB

.bss Size: - Virtual size: 132KB

.idata Size: - Virtual size: 16KB

.didata Size: - Virtual size: 34KB

.edata Size: - Virtual size: 149B

.tls Size: - Virtual size: 584B

.rdata Size: - Virtual size: 109B

.vmp0 Size: - Virtual size: 578KB

.pdata Size: - Virtual size: 521KB

.vmp1 Size: - Virtual size: 12.9MB

.vmp2 Size: 11.1MB - Virtual size: 11.1MB

.rsrc Size: 71KB - Virtual size: 4.4MB

.text
Size: - Virtual size: 9.7MB

.data
Size: - Virtual size: 846KB

.bss
Size: - Virtual size: 132KB

.idata
Size: - Virtual size: 16KB

.didata
Size: - Virtual size: 34KB

.edata
Size: - Virtual size: 149B

.tls
Size: - Virtual size: 584B

.rdata
Size: - Virtual size: 109B

.vmp0
Size: - Virtual size: 578KB

.pdata
Size: - Virtual size: 521KB

.vmp1
Size: - Virtual size: 12.9MB

.vmp2
Size: 11.1MB - Virtual size: 11.1MB

.rsrc
Size: 71KB - Virtual size: 4.4MB