DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer
General
-
Target
大灰狼企业【vip】9.5版.zip
-
Size
23.0MB
-
MD5
bc476325859f667e23cf7a318d7c64f9
-
SHA1
1845549e2316236618115137a8d0fb19a2c8b5e6
-
SHA256
8a17e87cc0209361982e2a01a92febc35f28b134da9c8946560a9a390f03c84e
-
SHA512
98afdc377783403895f1accddcb0e0265506b296b218746fd52bbc06383ce71dfc2184666cbe667b70d8f6153bc2bd8564bab1140e10eff925a6832dc570ec7e
-
SSDEEP
393216:zmMuQVcUn6kpCig2KMFia8lwjd3K5lwyK5lw1EmK5lw6X1ebpVbl9ZAySeGMbcKz:6pXUn6kpCipEa8wBaHwNHw1EpHwhpH9d
Score
10/10
Malware Config
Extracted
Family
gh0strat
C2
www.lqwljs.top
Signatures
-
Gh0st RAT payload 2 IoCs
-
Gh0strat family
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
UPX packed file 16 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 24 IoCs
Checks for missing Authenticode signature.
Files
-
大灰狼企业【vip】9.5版.zip
-
Bin/Control/MSTSCAX.DLL
Headers
Exports
Sections
-
Bin/Control/QQwry.dat
-
Bin/Control/hfs.exe
e5190c5e183d406cdd77111381b80c0e
Headers
Imports
Sections
-
Bin/Control/mstsc.exe
e5190c5e183d406cdd77111381b80c0e
Headers
Imports
Sections
-
Bin/Control/upx.exe
e5190c5e183d406cdd77111381b80c0e
Headers
Imports
Sections
-
Bin/Dat/dhl.Dat
148b729ad9191825f3a92dbd39b6920d
Headers
Imports
Sections
-
Bin/Dat/dhl.dll
1ae82a4d4caa410fb57bfdd08dc07755
Headers
Imports
Exports
Sections
-
Bin/ICO图标/01.ico
-
Bin/ICO图标/02.ico
-
Bin/ICO图标/03.ico
-
Bin/ICO图标/04.ico
-
Bin/ICO图标/05.ico
-
Bin/ICO图标/06.ico
-
Bin/ICO图标/07.ico
-
Bin/ICO图标/08.ico
-
Bin/ICO图标/09.ico
-
Bin/ICO图标/10.ico
-
Bin/ICO图标/11.ico
-
Bin/ICO图标/12.ico
-
Bin/ICO图标/13.ico
-
Bin/ICO图标/14.ICO
-
Bin/ICO图标/15.ico
-
Bin/ICO图标/17.ICO
-
Bin/ICO图标/18.ico
-
Bin/ICO图标/24.ico
-
Bin/ICO图标/28.ico
-
Bin/ICO图标/29.ico
-
Bin/ICO图标/30.ico
-
Bin/ICO图标/32.ico
-
Bin/ICO图标/36.ico
-
Bin/ICO图标/39.ico
-
Bin/Plugins/AnyFileToByte.exe
e5190c5e183d406cdd77111381b80c0e
Headers
Imports
Sections
-
Bin/Plugins/CHAT.dll
Headers
Exports
Sections
-
Bin/Plugins/C_CHAT.h
-
Bin/Plugins/C_FILE.h
-
Bin/Plugins/C_KEYLOG.h
-
Bin/Plugins/C_LISTEN.h
-
Bin/Plugins/C_PRANK.h
-
Bin/Plugins/C_PROXY.h
-
Bin/Plugins/C_PROXYMAP.h
-
Bin/Plugins/C_REGEDIT.h
-
Bin/Plugins/C_SCREEN.h
-
Bin/Plugins/C_SCREEN1.h
-
Bin/Plugins/C_SERVICE.h
-
Bin/Plugins/C_SHELL.h
-
Bin/Plugins/C_SYSTEM.h
-
Bin/Plugins/C_Server.h
-
Bin/Plugins/C_VIDEO.h
-
Bin/Plugins/Example.Cpp
-
Bin/Plugins/FILE.dll
Headers
Exports
Sections
-
Bin/Plugins/KEYLOG.dll
Headers
Exports
Sections
-
Bin/Plugins/LISTEN.dll
Headers
Exports
Sections
-
Bin/Plugins/PRANK.dll
Headers
Exports
Sections
-
Bin/Plugins/PROXY.dll
Headers
Exports
Sections
-
Bin/Plugins/PROXYMAP.dll
Headers
Exports
Sections
-
Bin/Plugins/Plugins.rar
-
Bin/Plugins/REGEDIT.dll
Headers
Exports
Sections
-
Bin/Plugins/SCREEN.dll
Headers
Exports
Sections
-
Bin/Plugins/SCREEN1.dll
Headers
Exports
Sections
-
Bin/Plugins/SERVICE.dll
Headers
Exports
Sections
-
Bin/Plugins/SHELL.dll
Headers
Exports
Sections
-
Bin/Plugins/SHELT.dll
1ae82a4d4caa410fb57bfdd08dc07755
Headers
Imports
Exports
Sections
-
Bin/Plugins/SYSTEM.dll
Headers
Exports
Sections
-
Bin/Plugins/UPX压缩.bat
-
Bin/Plugins/UpdateIP.ini
-
Bin/Plugins/VIDEO.dll
Headers
Exports
Sections
-
Bin/Plugins/upx.exe
e5190c5e183d406cdd77111381b80c0e
Headers
Imports
Sections
-
Bin/SkinH.dll
Code Sign
Headers
Exports
Sections
-
Bin/使用说明.txt
-
Bin/大灰狼企业【vip】9.5版.exe
64de9f75da499b422948e3ade1ad0faf
Headers
Imports
Sections
-
Bin/大灰狼企业【vip】9.5版.ini