ca3a599904834364ef9800e27029d00a1650d519a6ec68d63da68097a4997ccc

Sharing

Copy URL

Twitter E-mail

General

Target

ca3a599904834364ef9800e27029d00a1650d519a6ec68d63da68097a4997ccc
Size

12.3MB
MD5

3d5d154b81f42b92cac8b3e69c02fcbf
SHA1

25a321041c9425235916c8c6e76683d710f531fc
SHA256

ca3a599904834364ef9800e27029d00a1650d519a6ec68d63da68097a4997ccc
SHA512

cdc3221379fddbcfd7347d7688a183ce2131d9be42d5ad121a101d64ec794585ace7d9dd7dfc09bcc82012f8243a634b726130d3b13c116fe2677c54dd49d7cc
SSDEEP

393216:OF3qNyErJerL0j0v88E6ENMGycxWaCbZXijIE+pf4Cr1Ei:OxzEVetE62MlcIHbZX6IJ5F

Score

7^/10

vmprotect upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca3a599904834364ef9800e27029d00a1650d519a6ec68d63da68097a4997ccc

Files

ca3a599904834364ef9800e27029d00a1650d519a6ec68d63da68097a4997ccc
.exe windows:5 windows x86

228a01261838dd3c7f2b72366a5c2570

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueA
RegEnumValueA
OpenProcessToken
LookupPrivilegeValueA
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegCloseKey

comctl32

_TrackMouseEvent
ImageList_GetIconSize

gdi32

GetObjectA
DeleteObject
GetStockObject
PatBlt
SelectObject
CreateFontA
StretchBlt
SetPixel
Arc
GetTextExtentPoint32A
CreatePen
CreateSolidBrush
Ellipse
BeginPath
EndPath
StrokeAndFillPath
CreateDIBSection
DeleteDC
CreateDCA
CreateEllipticRgn
FillRgn
Polyline
LineTo
MoveToEx
CreateFontIndirectA
GetTextMetricsA
Rectangle
PtInRegion
CreateBitmapIndirect
GetBitmapBits
CombineRgn
OffsetRgn
GetBkMode
CreateBitmap
CreatePalette
ExtCreateRegion
RealizePalette
RoundRect
SetStretchBltMode
CreateDIBitmap
GetPixel
CreateHatchBrush
CreateRectRgnIndirect
GetNearestColor
SelectClipRgn
Pie
CreatePolygonRgn
FrameRgn
FillPath
PolyBezier
SetBitmapBits
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgn
GetDeviceCaps

imm32

ImmSimulateHotKey
ImmIsIME

kernel32

GlobalDeleteAtom
GlobalSize
GetCurrentDirectoryA
LockResource
RemoveDirectoryA
GlobalAddAtomA
ReadFile
GetFileSize
CreateFileA
ResetEvent
CreateEventA
GlobalFree
GlobalReAlloc
WaitForMultipleObjects
GetExitCodeThread
InterlockedExchangeAdd
SetEvent
lstrcpynA
FreeLibrary
GetVersionExA
GetCurrentProcess
TerminateProcess
OpenProcess
GetLogicalDriveStringsA
QueryDosDeviceA
GlobalMemoryStatusEx
IsDebuggerPresent
lstrcpyA
lstrcatA
WritePrivateProfileStructA
GetPrivateProfileStructA
GetCurrentProcessId
CreateProcessA
WinExec
GetLocalTime
CreateToolhelp32Snapshot
Process32First
FormatMessageA
GetModuleFileNameA
GetVersion
GetSystemInfo
lstrlenW
WideCharToMultiByte
FindResourceA
SizeofResource
LoadResource
FreeResource
lstrlenA
MultiByteToWideChar
IsDBCSLeadByte
DeleteFileA
GetEnvironmentVariableA
SetEnvironmentVariableA
SetCurrentDirectoryA
LoadLibraryExA
FindFirstFileA
FindNextFileA
FindClose
InterlockedDecrement
InterlockedIncrement
ResumeThread
lstrcmpiA
GetTickCount
CopyFileA
CreateDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
Sleep
CreateMutexA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseMutex
InterlockedCompareExchange
GetCurrentThreadId
LocalFree
Process32Next
MulDiv
WaitForSingleObject
TerminateThread
CloseHandle
InterlockedExchange
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
LeaveCriticalSection
EnterCriticalSection
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
GetProcAddress
GetModuleHandleA
GlobalFindAtomA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
LocalAlloc
GetFileAttributesA
OutputDebugStringA
GetWindowsDirectoryA
GetSystemTime
LoadLibraryA
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

msimg32

AlphaBlend

msvcp100

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?width@ios_base@std@@QAE_J_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Xlength_error@std@@YAXPBD@Z
??1_Container_base12@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
??1_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Init@?$codecvt@DDH@std@@IAEXABV_Locinfo@2@@Z
??0_Container_base12@std@@QAE@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?denorm_min@?$numeric_limits@_J@std@@SA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?denorm_min@?$numeric_limits@F@std@@SAFXZ
?_Init@?$codecvt@DDH@std@@IAEXABV_Locinfo@2@@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

msvcr100

fseek
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
atof
_localtime64_s
_time64
_write
_chsize
_fileno
_memicmp
_strlwr
_setmbcp
fclose
fread
fopen
fwrite
strncmp
strrchr
strstr
qsort
memcpy
??1__non_rtti_object@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memset
_strnicmp
_stricmp
_unlink
_read
_lseek
_sopen
memmove
sprintf
strncpy
atol
_close
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
strpbrk
sprintf_s
setlocale
wcstombs
floor
_getdrive
_getdiskfree
_beginthreadex
wcsncpy
wcsstr
_mbscmp
strftime
_strupr_s
_mbsstr
srand
_vsnprintf
_CIexp
_snprintf
printf
_mbsnbicmp
sscanf
fputs
rand
_CIlog
_strupr
ftell
_findfirst64i32
_findnext64i32
_findclose
memmove_s
strchr
isprint
_mktime64
strtok
_CIpow
_CIsin
_CIcos
_CIsqrt
_CIlog10
_CIacos
_localtime64
malloc
isdigit
fflush
realloc
free
isalnum
rewind
feof
isalpha
atoi
_purecall
_fsopen
fgets
div
_atoi64
memcpy_s
__CxxFrameHandler

oleaut32

OleLoadPicture
VariantInit
SysAllocStringLen
SysFreeString

psapi

GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExA
GetProcessImageFileNameA

shell32

SHGetSpecialFolderPathA
SHBrowseForFolderA
Shell_NotifyIconA
SHGetFileInfoA
DragAcceptFiles
ShellExecuteA
SHChangeNotify
SHGetPathFromIDListA

tbeauty

DelTdxSkinTitle
TBeauty_CreateTdxTab
NewTdxSkinTitle
TBeauty_DeleteTdxTab

tcalc

??ACMainCalcInterface@@QAEPAUtag_INDEXINFO@@E@Z
?GetIndexInfo@CMainCalcInterface@@QAEPAUtag_INDEXINFO@@EJ@Z
?GetTypeName@CMainCalcInterface@@QAEPADJ@Z
?GetTypeNum@CMainCalcInterface@@QAEJXZ
?GetIndexNum@CMainCalcInterface@@QAEJE@Z
?GetIndexNo@CMainCalcInterface@@QAEJEPAD@Z
?PopupDlg@CMainCalcInterface@@QAEHPAUHWND__@@EJ@Z
?GetCharFromPos@CMainCalcInterface@@QAEHPADJ@Z
?DelOneCalc@CMainCalcInterface@@QAEXAAPAVCCalcBase@@@Z
?NewOneCalc@CMainCalcInterface@@QAEPAVCCalcBase@@HJ@Z
?InitMain@CMainCalcInterface@@QAEHPAD000@Z
?RegisterCallBackFunc@CMainCalcInterface@@QAEXP6GJPADFFPAXFUtag_NTime@@2EK@ZP6GJ0F0JFFK@ZP6GJH1H1AAHJ@Z@Z
?SetSysLimited@CMainCalcInterface@@QAEXHHJJPAD0@Z
??0CMainCalcInterface@@QAE@XZ
??1CMainCalcInterface@@UAE@XZ
?AutoImportExport@CMainCalcInterface@@QAEHHPBD0AAH1@Z
?TCalc_SendAsyCall@@YAHPAXHAAI@Z
?GetIndexDateInfo@CMainCalcInterface@@QAEPAUtagIndexDateInfo@@EPAD@Z
?PopupMainDlg@CMainCalcInterface@@QAEHPAUHWND__@@@Z
?StopAllCalc@CMainCalcInterface@@QAEXXZ
?GetTreeInfo@CMainCalcInterface@@QAEJPAXHH@Z
?CompileGSIndex@CMainCalcInterface@@QAEHPAUtag_INDEXINFO@@PADHHK@Z
?GetIndexInfo@CMainCalcInterface@@QAEPAUtag_INDEXINFO@@EPAD@Z

tcontrol

?GetInt@CIniFile@@QAEHPBDH0@Z
?InsertChildElem@CMarkup@@QAE_NUMCD_CSTR@@0H@Z
?SetAttrib@CMarkup@@QAE_NUMCD_CSTR@@0H@Z
?SetAttrib@CMarkup@@QAE_NUMCD_CSTR@@HH@Z
?AddChildElem@CMarkup@@QAE_NUMCD_CSTR@@0H@Z
?Save@CMarkup@@QAE_NUMCD_CSTR@@@Z
?PutInt@CIniFile@@QAEXHPBD0@Z
??0CIniFile@@QAE@XZ
?SetFileName@CIniFile@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?SetAppName@CIniFile@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?SetUnhandledException@@YAXPBD@Z
??1CIniFile@@UAE@XZ
?UnZipSomeFile_Detect@@YAHPBD0AAH11111111@Z
?FindElem@CMarkup@@QAE_NUMCD_CSTR@@@Z
?GetPrivateProfileStringA@CFastIni@@QAEKPBD00PADK0@Z
?GetPrivateProfileIntA@CFastIni@@QAEHPBD0H0@Z
??0CFastIni@@QAE@H@Z
?LoadIniFile@CFastIni@@QAEHPBD@Z
?WritePrivateProfileStringA@CFastIni@@QAEHPBD000@Z
??1CFastIni@@UAE@XZ
??0CMarkup@@QAE@XZ
?Load@CMarkup@@QAE_NUMCD_CSTR@@@Z
?x_SetPos@CMarkup@@IAEXHHH@Z
?FindChildElem@CMarkup@@QAE_NUMCD_CSTR@@@Z
?IntoElem@CMarkup@@QAE_NXZ
?GetAttrib@CMarkup@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@UMCD_CSTR@@@Z
?OutOfElem@CMarkup@@QAE_NXZ
??1CMarkup@@QAE@XZ
?GetString@CIniFile@@QAEXAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD11@Z
?InsertElem@CMarkup@@QAE_NUMCD_CSTR@@0H@Z

tgear

GetFriday
GetMonth1st
GetSeason1st
GetYear1st
TestFileExist_Ex
OpenTdxIni
CloseTdxIni
GetTDXProfileInt
GetTDXProfileString
TimeToLong
GetTdxPYStr
TestFileExist
tdx_filelength
MD5_Buffer
ListCtrl2Txt
AllTrimEx
LongToTime
ParseMessageStr
TrimString
RejustDateCtrlRange
AllTrim
AddLongTime
GetForwardDate
SubLongTime
IsValidFileName
GetCmdLine
GetBackDate
DeleteDirInfo
GetWeek
TDXBeep
AddLongTime_ExceptWeekend
RemoveReadOnlyStatus
Base64Encode
Tdx_OutputDebugString
CopyIt
FormatFloat_XS
IsRecentFile
GetFileMD5Str
DeleteMatchFile
MakeBuildNo
UrlDecode
SaveToBMPFile
SoftKey_Close
SoftKey_Switch
BufToDouble
GetNetCardStr
ClassXP
MD5_String

tjyaid

GetWtDefInfoFromETradeXML_More

tmarquee

NewMarquee
DelMarquee

tqqcalc

TQQCalc_Lsbdl
TQQCalc_Yhbdl
TQQCalc_Index

tdxasiocomm

?DelUserCommModule@@YAXAAPAVVUserComm@@@Z
?MakeUserCommModule@@YAPAVVUserComm@@XZ

user32

SetRectEmpty
LoadBitmapA
SetWindowRgn
InvalidateRect
LoadCursorW
CreatePopupMenu
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
IsIconic
SetTimer
GetParent
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
SetCursor
KillTimer
SetRect
ReleaseDC
AppendMenuA
GetSubMenu
LoadMenuW
GetFocus
OffsetRect
GetWindowDC
SetCapture
GetCursorPos
ReleaseCapture
GetSystemMetrics
GetWindowLongA
GetWindow
IsChild
GetSystemMenu
MenuItemFromPoint
SetWindowLongA
GetWindowRect
InflateRect
LoadIconA
PtInRect
GetDC
GetClientRect
EnableWindow
SendMessageA
SetCaretPos
SetWindowPos
SetCursorPos
SetClassLongA
SetActiveWindow
EnableMenuItem
GetKeyboardLayout
DestroyCaret
IsClipboardFormatAvailable
ShowCaret
HideCaret
PostMessageA
GetCaretPos
CreateCaret
ValidateRect
RegisterClassA
GetNextDlgTabItem
SetWindowsHookExA
CallNextHookEx
SetPropA
CallWindowProcA
GetMessagePos
GetPropA
RemovePropA
UnhookWindowsHookEx
WindowFromDC
GetIconInfo
GetMenuState
DeleteMenu
DrawEdge
DestroyMenu
LoadMenuA
IsMenu
DrawStateA
DestroyCursor
ShowScrollBar
GetWindowRgn
EnumDisplayMonitors
GetMonitorInfoA
RegisterHotKey
ClipCursor
GetPriorityClipboardFormat
GetClipboardData
GetClassInfoA
AdjustWindowRect
GetMenuItemRect
UnregisterHotKey
GetActiveWindow
SetClipboardViewer
ChangeClipboardChain
keybd_event
EnumWindows
ShowWindow
IntersectRect
RemoveMenu
InsertMenuA
PostQuitMessage
DrawFocusRect
LoadBitmapW
MessageBeep
WindowFromPoint
GetMenu
IsZoomed
UpdateWindow
SetWindowTextW
SystemParametersInfoA
GetDesktopWindow
FindWindowA
IsRectEmpty
GetLastActivePopup
ToAsciiEx
GetForegroundWindow
GetWindowThreadProcessId
PeekMessageA
TranslateMessage
DispatchMessageA
RegisterClipboardFormatA
FlashWindow
GetMenuItemInfoA
SetMenuItemInfoA
GetClassNameA
MessageBoxA
LoadImageA
BringWindowToTop
DrawIcon
GetAsyncKeyState
EndPaint
BeginPaint
wsprintfA
GetMenuStringA
GetMenuItemID
GetMenuItemCount
FrameRect
SetFocus
IsWindow
ModifyMenuA
EqualRect
ScreenToClient
CheckMenuItem
GetSysColorBrush
DefWindowProcA
LoadCursorA
RedrawWindow
LockWindowUpdate
GetDCEx
IsWindowVisible
ClientToScreen
FillRect
DrawIconEx
CopyRect
GetSysColor
LoadIconW
SetForegroundWindow
GetKeyState
CharUpperBuffW

viewthem

?INFO_ReqGGCjzx@@YAHFFPADFF@Z
?INFO_GetMineNum@@YAHXZ
?INFO_GetMineTitle@@YAHFPAUext_info_title@@@Z
?INFO_AskMineTitle@@YAHFPADFQAJ1@Z
?INFO_GetMetaItem@@YAHPAUMETA_ITEM_INFO@@H@Z
?INFO_GetGGCjzxTitle@@YAHFFPAUext_info_title@@@Z
?INFO_HasNewMsg@@YAHXZ
?INFO_GetStatus@@YAXPAD0PAG0@Z
?INFO_GetGGBWTitle@@YAHFPADPAUext_ggbw_title@@F@Z
?INFO_ShowDlg@@YAHPAUHWND__@@FFFPADFPAUext_info_title@@PAUext_ggbw_title@@FJ@Z
?INFO_Uninit@@YAHH@Z
?INFO_AllRegisterCallBack@@YAXP6GJPADFFPAXFUtag_NTime@@2EK@ZP6GJ0F0JFFK@ZP6GJH1H1AAHJ@Z@Z
?INFO_Init@@YAHPAUHWND__@@JPBD111IJHHH@Z
?INFO_SetLoginName@@YAXQADKD0@Z
?INFO_GetRollTitle@@YAHFFPAUext_info_title@@AAH@Z
?INFO_GetTopTitle@@YAHFFPAUext_info_title@@@Z
?INFO_GetHqMineCount@@YAHPAPAUstock_mine_info@@@Z
?INFO_Scheme@@YAXUtag_OP_Scheme_Color@@Utag_OP_Scheme_Font@@Utag_OP_Scheme_Menu@@H@Z
?INFO_AskHqMineCount@@YAHHPAUsetcode_and_stockcode@@@Z
?INFO_AskZxgRealinfo@@YAXXZ
?INFO_OnTimer@@YAXH@Z
?INFO_GetMiniHQStatus@@YAHJ@Z
?INFO_ShowMiniHQFace@@YAHHJ@Z
?INFO_ShowMsgBox@@YAHJ@Z
?INFO_DisConnect@@YAXXZ
?INFO_IsConnect@@YAHXZ
?INFO_Connect@@YAHH@Z
?INFO_ShowSoftManager@@YAHJJ@Z
?INFO_NotifyToMsgBox@@YAHPAD@Z
?INFO_NotifyToMsgBox@@YAHJJ@Z
?INFO_Gen_GetZXGTitle@@YAHPAUHWND__@@IIJJJH@Z
?INFO_Gen_GetCJZXContent@@YAHPAUHWND__@@IIJFFJJF@Z
?INFO_Gen_GetCJZXTitle@@YAHPAUHWND__@@IIJDDPADQAJFFH@Z
?INFO_Gen_GetZXGTitleResult@@YAHPADAAHK@Z
?INFO_Gen_GetCJZXContentResult@@YAHPAD@Z
?INFO_Gen_GetCJZXTitleResult@@YAHPADAAHK@Z
?INFO_Set_TPTQLAnswer@@YAXPBD0@Z
?INFO_SetOpenRqinfo@@YAXJKQAD@Z
?INFO_CarryoutFunc@@YAHHPAXH0AAHJ@Z
?INFO_ShowGN@@YAHJPAXH0AAHJ@Z
?INFO_ShowFunc@@YAHPAUHWND__@@JFPADFPAUext_info_title@@PAUext_ggbw_title@@FF@Z
?INFO_ProcessMsg@@YAHFPAUHWND__@@IIJ@Z

winmm

PlaySoundA

ws2_32

getaddrinfo
WSACleanup
WSAGetLastError
select
htons
inet_addr
gethostbyname
WSAStartup

wsock32

recv

gdiplus

GdiplusStartup
GdiplusShutdown
GdipDrawLines
GdipSetPenDashOffset
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipDrawImagePointsI
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCloneImage
GdipDrawImageRectI
GdipReleaseDC
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageRectRect

invest

?PopupInvestDlg@@YAXXZ
?SetPrivateInvestDir@@YAXPAD@Z
?SetCallBackToInvest@@YAXP6GJPBDFPADPAM2PAFNPAN4@Z@Z

mfc100

ord3655
ord5652
ord9191
ord9190
ord3667
ord1940
ord343
ord2872
ord302
ord3195
ord1726
ord6105
ord2844
ord2942
ord7581
ord3461
ord5436
ord4884
ord5846
ord1001
ord451
ord2767
ord11040
ord14127
ord2880
ord2229
ord13365
ord10447
ord1675
ord1684
ord4384
ord4427
ord4427
ord1684
ord1684
ord1684
ord3394
ord10685
ord8100
ord8100
ord10685
ord8100
ord2229
ord8102
ord10569
ord2830
ord2830
ord1579
ord1579
ord2229
ord2229
ord9976
ord2229
ord1579
ord2229
ord2229
ord2229
ord2229
ord2229
ord2229
ord9851
ord7941
ord2211
ord3582
ord7942
ord1579
ord7937
ord7590
ord3548
ord3892
ord3890
ord3489
ord5612
ord8391
ord5035
ord11114
ord5301
ord2119
ord1315
ord7474
ord3363
ord1437
ord7871
ord7892
ord12740
ord5307
ord475
ord5871
ord8311
ord11044
ord8334
ord11117
ord3392
ord7523
ord4431
ord1524
ord12489
ord12487
ord5273
ord8442
ord10755
ord10749
ord3402
ord2855
ord6959
ord8392
ord8516
ord9741
ord8087
ord10510
ord7855
ord1230
ord3636
ord12806
ord1639
ord822
ord12068
ord9855
ord7513
ord12132
ord2068
ord394
ord5999
ord6961
ord12862
ord13304
ord4952
ord12145
ord12148
ord4435
ord3491
ord8003
ord2770
ord12577
ord5580
ord12415
ord8271
ord10729
ord898
ord283
ord8504
ord947
ord384
ord5804
ord12532
ord2289
ord2753
ord5272
ord9602
ord7458
ord5287
ord2759
ord5809
ord2291
ord2830
ord2229
ord2417
ord2756
ord4796
ord953
ord2031
ord5291
ord10705
ord6047
ord11943
ord12258
ord4738
ord3251
ord909
ord2514
ord325
ord12694
ord6131
ord865
ord6091
ord11057
ord8232
ord2305
ord2309
ord8090
ord2839
ord2937
ord1684
ord1264
ord10547
ord5430
ord2092
ord4265
ord4105
ord307
ord311
ord2020
ord5434
ord877
ord6103
ord10671
ord4397
ord2306
ord2282
ord8091
ord2842
ord2940
ord5167
ord1276
ord10727
ord12152
ord4514
ord5171
ord2902
ord5437
ord7266
ord9172
ord2864
ord3184
ord1684
ord11033
ord11009
ord12988
ord2896
ord2897
ord7302
ord1297
ord1890
ord1295
ord734
ord5782
ord9281
ord5279
ord2871
ord2870
ord3467
ord3671
ord7267
ord12630
ord7264
ord5663
ord12627
ord11792
ord6211
ord4888
ord7888
ord7891
ord12867
ord6968
ord4781
ord12280
ord7932
ord12864
ord12960
ord7473
ord3969
ord12342
ord12343
ord3901
ord2223
ord2233
ord11269
ord2877
ord3163
ord3164
ord1184
ord5298
ord5395
ord5394
ord6010
ord11510
ord4148
ord5875
ord826
ord6063
ord1231
ord4347
ord1977
ord1014
ord5868
ord1164
ord5833
ord5871
ord6004
ord2144
ord7187
ord465
ord5861
ord7618
ord11557
ord1709
ord11607
ord1232
ord827
ord6064
ord12717
ord12092
ord1426
ord1438
ord8511
ord3426
ord2185
ord4511
ord2574
ord9917
ord12090
ord301
ord11508
ord6867
ord1859
ord1168
ord715
ord8306
ord7588
ord4952
ord5501
ord1588
ord11534
ord4808
ord7853
ord2997
ord2998
ord7135
ord11805
ord2544
ord10920
ord14073
ord12267
ord9446
ord712
ord5999
ord11051
ord11112
ord7520
ord11362
ord10751
ord2805
ord2927
ord2804
ord713
ord6000
ord433
ord5833
ord11038
ord6144
ord12704
ord2219
ord3988
ord2777
ord12586
ord5598
ord6160
ord6073
ord5858
ord3360
ord8463
ord3241
ord722
ord6009
ord12002
ord1173
ord12717
ord12092
ord1260
ord6088
ord2836
ord2911
ord11916
ord13136
ord6083
ord2828
ord2911
ord3356
ord12664
ord6116
ord893
ord11153
ord11184
ord9450
ord7355
ord11181
ord11172
ord5238
ord3409
ord1291
ord4080
ord2538
ord11917
ord3250
ord11471
ord5176
ord1878
ord12797
ord6838
ord12657
ord5843
ord2764
ord2911
ord996
ord5032
ord7490
ord5302
ord888
ord6112
ord11787
ord11180
ord13481
ord13484
ord13482
ord13485
ord13480
ord13483
ord1579
ord2417
ord13181
ord10922
ord14075
ord1732
ord7091
ord11806
ord3618
ord3676
ord8486
ord13299
ord7073
ord13301
ord11421
ord11420
ord2163
ord4724
ord13767
ord11726
ord7510
ord7584
ord1288
ord9449
ord10030
ord4078
ord5443
ord9185
ord9188
ord9192
ord921
ord11179
ord10967
ord345
ord1586
ord7576
ord12672
ord1951
ord1985
ord11915
ord314
ord2371
ord6111
ord7835
ord1465
ord1314
ord13125
ord1025
ord3490
ord5212
ord13316
ord11243
ord2911
ord4032
ord11242
ord10936
ord481
ord2528
ord11513
ord6195
ord13047
ord7012
ord2229
ord2229
ord2744
ord8224
ord7060
ord4144
ord422
ord5627
ord11627
ord13312
ord4589
ord11878
ord12857
ord11875
ord12847
ord7994
ord12850
ord12124
ord11949
ord11728
ord11812
ord11455
ord11437
ord12550
ord12099
ord5801
ord12473
ord12861
ord4131
ord4345
ord8554

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoCreateGuid

mfc42

ord640

Exports

Exports

�&+~��5��._O>��ZҌ�~wh)��5I��'�t��j�B�Vy��aO�X�7kɨ&��0��e��D\&��|��e�y�4x��aJ�a��,�daU(�{�<� ��>vQZ�֚�%ǧ��Y��3�zj��,hPG�-�]nh�j�]"� \6��Z��Qr��=��|y9a��w�6h�3��*oC�Q!�`�!�EXmo�nDe;z�5d�\ �mx̧-��I֑��ʟ�G��d`��C��sp�әK��U(yWi��4��W:bDb��j��(!sz�t�c=,&O�J'Ws[r��_e>۽`Yr�vE��3!��E��쇡 �qU��6""��J��I�N'ŹR8��˘��W�e��Gk��Ylj �K��-��] ��(�� e'�]�V/j�sxa�9�gXA�k��q��ƹ�8�W2�7kT��;S�Kh ��sz��$��q��Z"��_~(x;�A"J��T��y��xp�y�!��m��@��t�n�T�H0ؤz�$��Ww�@�4�殑��}��#�Ĕv��\�)�?�𹷆�ENQd��qh9OI��#��l�Bl��B@$��,ODR�`�>�P��nO�� 2��!�(j� �!Vp�H�l��ļ]1xx�?\�M�Dv��04�Pf`��9d%��(홈oW\�"��aw�Ȋ�a+9r��t}��a��E�d�r�>�Z�`J�H��<k"��v:��w&j5A�#�9��l� ��%N@P1��R��N@��eb��Q�I(�� ]1-��W�6|É�&��2(�\bkێ&��o�sF�s��8|�*_x��w|�~��x� ��w9>rfs�]�� *D��ŦU<�P�!�/^N�ć��҄�zvd��&z��y�>�Gq�^��a�;�O�Z{�8�b��f�f�a��=�F�*��Mg��uIY�Q�0��;�+̓��-�.n]��\�i��3��*n=�'��.�3K2lEX٪e�gF�3j�{��$N"��i�֤�M*1��Tו��e��)o?��H gq��U\`��phO��3g��d��c�"o�8j��=i<c]m�o/�C�S'��V��d�<��! �.��b��I.Ῥ��C3j��w��ƪ�2�ɹ�r��6li)Bb�q��4Rs�V��)��X�^!��]{ԯ#�jZ�t �C�E]�U��p��gҰ,F�`[�Bxw�s,F��J��v\��g��ڣ��0�'�t�Z�Ŗ�V�>�G��ڀ8#�9Nv��C$�vS*��J/'��z.��l^�NV `f��w��\��{Q�J�\bO �C"�؃�b��ѱ��'�e��4�o1t��p�vh~��n,��5n(��z�eBhZSL}�A��v2my�Y�36�-j��mc�d��B9��$N�*��ʔc�3��?�`�w#ă��Qly�:��T&��G䔝�d��G��W�*�GP�SZ�k=O��J��2r�؈��\��yV:��o��k̄��]��/�Ѹ�U�9GSU�N��6��ҏ��^��ؠ"��:�V�h�2�G��mU��)��q}��B��W�iSX��'��& ��w�% ��J�H�� +��1��<�kOJ��ѡ��u��N��-Ϲ�(WJypl��w+>器��5��"�mzXgʛ�)R��w�V��n:.{��RE��k�Pm��v��#?��3}B��<�Q�{b��/aϰ'f��X�0m1�� gU�ǛYy��E�k�C�>��V&�`&��_��2T�31v|��ѓh��3nɟ�D-層��N#5�Pxc�Otx�R�0�k!Y�޲1[� ��&hL��N�V�*�,K��#ޤ9!��3X�t��.Ȝ�W�@�^RF�d��"��M�{E��۴�/k,�Г)�Y��إ.�P��a�b��Fm�ж��ދO��"�>��:�=��y��k)c��9�� i��ѹ9��s0 ��2��;�M��/3}v��T�?�9A(�X��l?�M��U\�gQŤ�yEl�dUӰ��]U�� gWO��x��y:��R��ƅ�9%�� n��jm�%:�?ی.�Z�4�r!+�;_��чM��{CSù��Ȩ�/��Z� �9��b�h��@!��Ј�1��n��g��k��Q|�>N�{�o�\��X�ͼA�S�Z��>�_��W�c� B^`�Z��}C�Q<K� �5��U�4��mw��ڝ.�i��O��B�*�SKq=�GA�s~�� 1פY��h��Fbrwc�t. ��#�Q5z'��)}YȄA[�8�o2��\z�l ٺ+�`�]�:�=��4�3��X��1Չ0?}��(�lFvD>b:0��YZ>\rf$��ˋ��|o�˼A�?�^z�B�K��P�}��8H;�#^3��6b ��8o�2�U�t��Z��s�,��WBns��O�v�U�K <.}T��c� ��r�2?�l奼��P%�F[��dGi��[�u��,�Is7��G��1��׌��;P@850үFJ�F��e�0��u�C>m�K>�?�VL��(��E�9��[�'��&e ��ff҄�.ݑZ<��X�F�� CSp�CF�ʯz �ߞ�0�o��VOΙx�Ή��մ̤�/��ܪ��*��h�%�� C��ԯG��:�]0;�Hk�D��4�=�ц3�� 7�+��*`�n�ħ�³ ��JD�'��F*��Uey��)F��*9v(��wDs$�� k�"� ��u8 �-��_(�(��>�Ѷ��4=�Od}��BߡA�

Sections

.text
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 888KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SCY
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX3
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX4
Size: 12.0MB - Virtual size: 12.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

228a01261838dd3c7f2b72366a5c2570

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

imm32

kernel32

msimg32

msvcp100

msvcr100

oleaut32

psapi

shell32

tbeauty

tcalc

tcontrol

tgear

tjyaid

tmarquee

tqqcalc

tdxasiocomm

user32

viewthem

winmm

ws2_32

wsock32

gdiplus

invest

mfc100

ole32

mfc42

Exports

Exports

Sections

.text Size: - Virtual size: 6.4MB

.rdata Size: - Virtual size: 888KB

.data Size: - Virtual size: 6.5MB

.vmp0 Size: - Virtual size: 2.0MB

.vmp1 Size: - Virtual size: 1.3MB

.UPX0 Size: - Virtual size: 8KB

.UPX1 Size: - Virtual size: 2.6MB

.SCY Size: - Virtual size: 28KB

.UPX2 Size: - Virtual size: 3.4MB

.UPX3 Size: 8KB - Virtual size: 8KB

.UPX4 Size: 12.0MB - Virtual size: 12.0MB

.rsrc Size: 228KB - Virtual size: 227KB

.text
Size: - Virtual size: 6.4MB

.rdata
Size: - Virtual size: 888KB

.data
Size: - Virtual size: 6.5MB

.vmp0
Size: - Virtual size: 2.0MB

.vmp1
Size: - Virtual size: 1.3MB

.UPX0
Size: - Virtual size: 8KB

.UPX1
Size: - Virtual size: 2.6MB

.SCY
Size: - Virtual size: 28KB

.UPX2
Size: - Virtual size: 3.4MB

.UPX3
Size: 8KB - Virtual size: 8KB

.UPX4
Size: 12.0MB - Virtual size: 12.0MB

.rsrc
Size: 228KB - Virtual size: 227KB