5436b335e7bd94178d6ba6a9d3e1b0d1d65ac84a5d36410792dd808e9691aa9d

Sharing

Copy URL

Twitter E-mail

General

Target

5436b335e7bd94178d6ba6a9d3e1b0d1d65ac84a5d36410792dd808e9691aa9d
Size

7.6MB
MD5

39aab3a79e72523c8c259a751a3ff277
SHA1

a40b2c38a291b5046092cd27d8c8db35eafdf9a7
SHA256

5436b335e7bd94178d6ba6a9d3e1b0d1d65ac84a5d36410792dd808e9691aa9d
SHA512

068a6e4cc149b2918a53b99e6aedb97b4e8455052e56e85806cc9ccfff3285f65a8b08526e44628508831e22d744992082999191adefb66689d56c24e36d0d7d
SSDEEP

196608:RtL1Y+UdSVX5O67Qmnxy7lE968KGftHFjfl1gF8/NJ9BKoEH4N1QUe+e:Rx1Kk5MI58UD3gCz9BHEHoe+e

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CKC210/KuaiShouCookie.exe
unpack001/CKC210/localFliter.exe

Files

5436b335e7bd94178d6ba6a9d3e1b0d1d65ac84a5d36410792dd808e9691aa9d
.zip
CKC210/KuaiShouCookie.exe
.exe windows x86

24388713e59e77869056eef7eba5805e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW

kernel32

BeginUpdateResourceW
CloseHandle
CompareStringW
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
DeleteFileW
EndUpdateResourceW
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceExW
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetComputerNameW
GetConsoleCP
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
K32EnumProcessModules
K32GetModuleBaseNameW
K32GetModuleFileNameExW
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MoveFileW
MulDiv
MultiByteToWideChar
OpenProcess
OutputDebugStringW
Process32FirstW
Process32NextW
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
RemoveDirectoryW
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
UpdateResourceW
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
_lclose
_lcreat
_llseek
_lopen
_lread
_lwrite
lstrcmpW
lstrlenW

lz32

GetExpandedNameA
LZClose
LZCopy
LZOpenFileA

netapi32

NetApiBufferFree
NetWkstaGetInfo
Netbios

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
ord203
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitializeFlatSB
_TrackMouseEvent

comdlg32

FindTextW

gdi32

AbortDoc
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePen
CreatePenIndirect
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDCPenColor
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderLocation

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawStateW
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
NotifyWinEvent
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
ValidateRect
WaitMessage
WindowFromPoint
wsprintfA

winmm

sndPlaySoundW

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

oleacc

LresultFromObject

gdiplus

GdipAddPathArc
GdipAddPathBezier
GdipAddPathCurve2I
GdipAddPathCurve
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathLine2I
GdipAddPathLine
GdipAddPathPie
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathString
GdipCloneImageAttributes
GdipCloneMatrix
GdipCloneStringFormat
GdipClosePathFigure
GdipCombineRegionPath
GdipCombineRegionRegion
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMatrix
GdipCreatePath2
GdipCreatePath
GdipCreatePen1
GdipCreatePen2
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateSolidFill
GdipCreateStringFormat
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTexture
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePen
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawBezier
GdipDrawBeziers
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImageI
GdipDrawImageRect
GdipDrawImageRectRect
GdipDrawLine
GdipDrawPath
GdipDrawRectangle
GdipDrawString
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPolygon
GdipFillPolygonI
GdipFillRectangle
GdipFlush
GdipGetCompositingQuality
GdipGetDC
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetImageAttributesAdjustedPalette
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageWidth
GdipGetPathPoints
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPenBrushFill
GdipGetPenDashStyle
GdipGetPenFillType
GdipGetPointCount
GdipGetSmoothingMode
GdipGetStringFormatAlign
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatTrimming
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureWrapMode
GdipGraphicsClear
GdipImageRotateFlip
GdipInvertMatrix
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureString
GdipMultiplyMatrix
GdipMultiplyWorldTransform
GdipReleaseDC
GdipResetClip
GdipResetImageAttributes
GdipResetPath
GdipResetTextureTransform
GdipResetWorldTransform
GdipRotateMatrix
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAddImage
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleMatrix
GdipScaleTextureTransform
GdipScaleWorldTransform
GdipSetClipPath
GdipSetClipRect
GdipSetClipRegion
GdipSetCompositingQuality
GdipSetImageAttributesColorKeys
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesGamma
GdipSetImageAttributesNoOp
GdipSetImageAttributesOutputChannel
GdipSetImageAttributesOutputChannelColorProfile
GdipSetImageAttributesRemapTable
GdipSetImageAttributesThreshold
GdipSetImageAttributesToIdentity
GdipSetImageAttributesWrapMode
GdipSetLineGammaCorrection
GdipSetLinePresetBlend
GdipSetMatrixElements
GdipSetPenBrushFill
GdipSetPenDashStyle
GdipSetPenEndCap
GdipSetSmoothingMode
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipSetTextureWrapMode
GdipSetWorldTransform
GdipShearMatrix
GdipTransformMatrixPoints
GdipTransformMatrixPointsI
GdipTranslateMatrix
GdipTranslateTextureTransform
GdipTranslateWorldTransform
GdipVectorTransformMatrixPoints
GdipVectorTransformMatrixPointsI
GdiplusShutdown
GdiplusStartup
GdipGetMatrixElements

ws2_32

WSACleanup
WSAStartup
gethostbyname
gethostname
inet_ntoa

iphlpapi

GetAdaptersInfo

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertGetNameStringA
CertGetNameStringW
CertOpenStore

wininet

FtpFindFirstFileW
FtpOpenFileW
FtpSetCurrentDirectoryW
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetGetLastResponseInfoW
InternetOpenUrlW
InternetOpenW
InternetQueryOptionW
InternetReadFile
InternetSetOptionW

urlmon

ord129

Exports

Exports

@$xp$14Elaes@PInteger
@$xp$15Elaes@EAESError
@$xp$16Elaes@PAESBuffer
@$xp$16Elaes@PAESKey128
@$xp$16Elaes@PAESKey192
@$xp$16Elaes@PAESKey256
@$xp$16Elaes@TAESBuffer
@$xp$16Elaes@TAESKey128
@$xp$16Elaes@TAESKey192
@$xp$16Elaes@TAESKey256
@$xp$19Jdaesextend@TKeyBit
@$xp$21Jdaesextend@TalgoMode
@$xp$21System@%TArray__1$uc%
@$xp$22Jdaesextend@TArrayByte
@$xp$23Jdaesextend@TCipherType
@$xp$24Elaes@PAESExpandedKey128
@$xp$24Elaes@PAESExpandedKey192
@$xp$24Elaes@PAESExpandedKey256
@$xp$24Elaes@TAESExpandedKey128
@$xp$24Elaes@TAESExpandedKey192
@$xp$24Elaes@TAESExpandedKey256
@$xp$24Jdaesextend@TPaddingType
@$xp$25Jdaesextend@TArrayPadding
@@Config@Finalize
@@Config@Initialize
@@Exhttprequest@Finalize
@@Exhttprequest@Initialize
@@Unitindyhttprequestmodule@Finalize
@@Unitindyhttprequestmodule@Initialize
@@Unitmaindlgform@Finalize
@@Unitmaindlgform@Initialize
@@Unitmemload@Finalize
@@Unitmemload@Initialize
@@Unittool@Finalize
@@Unittool@Initialize
@@Unitupdate@Finalize
@@Unitupdate@Initialize
@@Unitupdateform@Finalize
@@Unitupdateform@Initialize
@Elaes@DecryptAES$qqrrx29System@%StaticArray$uci$i16$%rx29System@%StaticArray$uii$i44$%r29System@%StaticArray$uci$i16$%
@Elaes@DecryptAES$qqrrx29System@%StaticArray$uci$i16$%rx29System@%StaticArray$uii$i54$%r29System@%StaticArray$uci$i16$%
@Elaes@DecryptAES$qqrrx29System@%StaticArray$uci$i16$%rx29System@%StaticArray$uii$i64$%r29System@%StaticArray$uci$i16$%
@Elaes@DecryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i16$%t3t1
@Elaes@DecryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i24$%rx29System@%StaticArray$uci$i16$%t1
@Elaes@DecryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i32$%rx29System@%StaticArray$uci$i16$%t1
@Elaes@DecryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i44$%rx29System@%StaticArray$uci$i16$%t1
@Elaes@DecryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i54$%rx29System@%StaticArray$uci$i16$%t1
@Elaes@DecryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i64$%rx29System@%StaticArray$uci$i16$%t1
@Elaes@DecryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i16$%t1
@Elaes@DecryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i24$%t1
@Elaes@DecryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i32$%t1
@Elaes@DecryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i44$%t1
@Elaes@DecryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i54$%t1
@Elaes@DecryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i64$%t1
@Elaes@EAESError@
@Elaes@EncryptAES$qqrrx29System@%StaticArray$uci$i16$%rx29System@%StaticArray$uii$i44$%r29System@%StaticArray$uci$i16$%
@Elaes@EncryptAES$qqrrx29System@%StaticArray$uci$i16$%rx29System@%StaticArray$uii$i54$%r29System@%StaticArray$uci$i16$%
@Elaes@EncryptAES$qqrrx29System@%StaticArray$uci$i16$%rx29System@%StaticArray$uii$i64$%r29System@%StaticArray$uci$i16$%
@Elaes@EncryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i16$%t3t1
@Elaes@EncryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i24$%rx29System@%StaticArray$uci$i16$%t1
@Elaes@EncryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i32$%rx29System@%StaticArray$uci$i16$%t1
@Elaes@EncryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i44$%rx29System@%StaticArray$uci$i16$%t1
@Elaes@EncryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i54$%rx29System@%StaticArray$uci$i16$%t1
@Elaes@EncryptAESStreamCBC$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i64$%rx29System@%StaticArray$uci$i16$%t1
@Elaes@EncryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i16$%t1
@Elaes@EncryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i24$%t1
@Elaes@EncryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uci$i32$%t1
@Elaes@EncryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i44$%t1
@Elaes@EncryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i54$%t1
@Elaes@EncryptAESStreamECB$qqrp22System@Classes@TStreamuirx29System@%StaticArray$uii$i64$%t1
@Elaes@ExpandAESKeyForDecryption$qqrr29System@%StaticArray$uii$i44$%
@Elaes@ExpandAESKeyForDecryption$qqrr29System@%StaticArray$uii$i54$%
@Elaes@ExpandAESKeyForDecryption$qqrr29System@%StaticArray$uii$i64$%
@Elaes@ExpandAESKeyForDecryption$qqrrx29System@%StaticArray$uci$i16$%r29System@%StaticArray$uii$i44$%
@Elaes@ExpandAESKeyForDecryption$qqrrx29System@%StaticArray$uci$i24$%r29System@%StaticArray$uii$i54$%
@Elaes@ExpandAESKeyForDecryption$qqrrx29System@%StaticArray$uci$i32$%r29System@%StaticArray$uii$i64$%
@Elaes@ExpandAESKeyForEncryption$qqrrx29System@%StaticArray$uci$i16$%r29System@%StaticArray$uii$i44$%
@Elaes@ExpandAESKeyForEncryption$qqrrx29System@%StaticArray$uci$i24$%r29System@%StaticArray$uii$i54$%
@Elaes@ExpandAESKeyForEncryption$qqrrx29System@%StaticArray$uci$i32$%r29System@%StaticArray$uii$i64$%
@Elaes@Finalization$qqrv
@Elaes@_SInvalidInBufSize
@Elaes@_SReadError
@Elaes@_SWriteError
@Elaes@initialization$qqrv
@Jdaesextend@DecryptString$qqr27System@%AnsiStringT$us$i0$%t119Jdaesextend@TKeyBit21Jdaesextend@TalgoMode24Jdaesextend@TPaddingTypet123Jdaesextend@TCipherType
@Jdaesextend@EncryptString$qqr27System@%AnsiStringT$us$i0$%t119Jdaesextend@TKeyBit21Jdaesextend@TalgoMode24Jdaesextend@TPaddingTypet123Jdaesextend@TCipherType
@Jdaesextend@Finalization$qqrv
@Jdaesextend@initialization$qqrv
TMethodImplementationIntercept
_MainForm
_UpdateForm
__GetExceptDLLinfo
___CPPdebugHook
dbkFCallWrapperAddr

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 414KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 351KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CKC210/ar.txt
CKC210/localFliter.exe
.exe windows x64

91802a615b3a5c4bcc05bc5f66a5b219

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 281B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 56B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/99
Size: 682KB - Virtual size: 681KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/112
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 749KB - Virtual size: 749KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CKC210/localconfig.ini
CKC210/server.crt
CKC210/server.key

Sharing

General

Malware Config

Signatures

Files

24388713e59e77869056eef7eba5805e

Headers

File Characteristics

Imports

advapi32

kernel32

lz32

netapi32

version

winspool.drv

comctl32

comdlg32

gdi32

shell32

user32

winmm

ole32

oleaut32

oleacc

gdiplus

ws2_32

iphlpapi

crypt32

wininet

urlmon

Exports

Exports

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.data Size: 133KB - Virtual size: 200KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 22KB - Virtual size: 24KB

.didata Size: 3KB - Virtual size: 4KB

.edata Size: 7KB - Virtual size: 8KB

.rsrc Size: 414KB - Virtual size: 416KB

.reloc Size: 351KB - Virtual size: 352KB

91802a615b3a5c4bcc05bc5f66a5b219

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 4.4MB - Virtual size: 4.4MB

.data Size: 1.7MB - Virtual size: 1.9MB

/4 Size: 512B - Virtual size: 281B

/19 Size: 410KB - Virtual size: 410KB

/32 Size: 160KB - Virtual size: 160KB

/46 Size: 22KB - Virtual size: 22KB

/63 Size: 67KB - Virtual size: 66KB

/80 Size: 512B - Virtual size: 56B

/99 Size: 682KB - Virtual size: 681KB

/112 Size: 62KB - Virtual size: 61KB

/124 Size: 58KB - Virtual size: 58KB

.idata Size: 1KB - Virtual size: 1KB

.symtab Size: 749KB - Virtual size: 749KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 133KB - Virtual size: 200KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 22KB - Virtual size: 24KB

.didata
Size: 3KB - Virtual size: 4KB

.edata
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 414KB - Virtual size: 416KB

.reloc
Size: 351KB - Virtual size: 352KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 4.4MB - Virtual size: 4.4MB

.data
Size: 1.7MB - Virtual size: 1.9MB

/4
Size: 512B - Virtual size: 281B

/19
Size: 410KB - Virtual size: 410KB

/32
Size: 160KB - Virtual size: 160KB

/46
Size: 22KB - Virtual size: 22KB

/63
Size: 67KB - Virtual size: 66KB

/80
Size: 512B - Virtual size: 56B

/99
Size: 682KB - Virtual size: 681KB

/112
Size: 62KB - Virtual size: 61KB

/124
Size: 58KB - Virtual size: 58KB

.idata
Size: 1KB - Virtual size: 1KB

.symtab
Size: 749KB - Virtual size: 749KB