0b5ac15d86fd9c57940f283e6ab078cf

Sharing

Copy URL Twitter E-mail

General

Target

0b5ac15d86fd9c57940f283e6ab078cf
Size

1.2MB
MD5

0b5ac15d86fd9c57940f283e6ab078cf
SHA1

cdf14abf1c5773996d8d39c5e0e93dd19fcb108b
SHA256

6e6f137142f06cecb5a5a904628383ff1128e1f5c075f42c97ae0be699be839d
SHA512

f4f46d566367d8041b2d304723809292de2d19142deebf943c55ee9491fdd585787da092dc95308c322bf8c5067b9b20aa4082d10b91bf1904bef23f76f31fbc
SSDEEP

24576:pb/wf+r+rJlsd6XYjMtQTz4x5j4SKmxDKwCm0D7jnO1P8oMVlGw6Z21M:d/t+lK+LM4Pj4zm0wCd/jAWM

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MD_Fix.dll
unpack001/梦幻之星Ⅳ.exe
unpack001/运行前先运行此补丁(否则会出现死机花屏等现象）.exe

Files

0b5ac15d86fd9c57940f283e6ab078cf
.rar
9号下载说明.txt
MD_Fix.dll
.dll windows:5 windows x86 arch:x86

8fbd8b641200f0d17b6fc07afcb34e88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapSize

Exports

Exports

GetInfo
GetName
IsDynamic
IsPlugin
ReadValueEnd
SearchDataBegin
WriteValueBegin

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载软件_免费下载单机游戏_手机游戏下载大全_psp游戏_下载快播.url
.url
梦幻之星Ⅳ.exe
.exe windows:5 windows x86 arch:x86

c9ac7bcee35537cb4c1dee29693ff5ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90u

ord4934
ord4508
ord2275
ord1666
ord4653
ord959
ord2614
ord2637
ord2632
ord3234
ord3492
ord436
ord686
ord2100
ord1688
ord1769
ord2103
ord1601
ord4510
ord2277
ord1668
ord4654
ord3497
ord616
ord4265
ord2595
ord4815
ord1313
ord4543
ord2901
ord4518
ord4490
ord3528
ord654
ord1783
ord1716
ord3651
ord775
ord1678
ord1779
ord1708
ord3627
ord750
ord2286
ord1786
ord1722
ord4663
ord3278
ord3661
ord785
ord4268
ord430
ord683
ord4009
ord1686
ord4547
ord4618
ord5106
ord3070
ord5105
ord4785
ord5228
ord3551
ord4693
ord3251
ord2481
ord5616
ord1440
ord3681
ord2646
ord2645
ord2647
ord2644
ord2643
ord5656
ord5601
ord1753
ord6410
ord3354
ord4378
ord5293
ord5296
ord4800
ord4805
ord4802
ord4820
ord4823
ord4807
ord5209
ord5016
ord4596
ord4589
ord5418
ord4810
ord5214
ord4622
ord5224
ord4865
ord4866
ord4109
ord5349
ord4945
ord4946
ord5356
ord4987
ord5487
ord4861
ord4789
ord4927
ord5279
ord5407
ord4955
ord4904
ord5408
ord4942
ord5384
ord4707
ord4797
ord4798
ord5400
ord5230
ord5142
ord5239
ord5491
ord5401
ord5079
ord5382
ord4933
ord5397
ord4549
ord1376
ord2194
ord4550
ord4521
ord812
ord4492
ord663
ord404
ord1250
ord1254
ord6096
ord3992
ord337
ord2593
ord1063
ord1248
ord1088
ord3741
ord3749
ord6187
ord3488
ord3543
ord2084
ord1183
ord333
ord2592
ord4044
ord692
ord595
ord3562
ord3286
ord5664
ord4657
ord1493
ord6411
ord3355
ord1695
ord1602
ord2105
ord6791
ord1488
ord6703
ord2081
ord5867
ord2479
ord2504
ord5979
ord4519
ord1108
ord4442
ord938
ord2537
ord310
ord601
ord818
ord1608
ord305
ord3221
ord814
ord266
ord1599
ord2597
ord1333
ord3399
ord2209
ord2490
ord665
ord406
ord935
ord1315
ord813
ord664
ord405
ord811
ord799
ord899
ord2676
ord6164
ord277
ord4494
ord12404
ord13194
ord9972
ord10457
ord10304
ord13136
ord12165
ord12617
ord7766
ord9965
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord6018
ord3115
ord4905
ord4681
ord9272
ord8452
ord5663
ord285
ord3220
ord1607
ord1113
ord1220
ord1098
ord4211
ord7332
ord7138
ord4043
ord265
ord286
ord296
ord600
ord280
ord5632
ord5324
ord2208
ord1810
ord4741
ord611
ord3489
ord4652
ord1665
ord2274
ord5938
ord6614
ord1354
ord3537
ord1581
ord936
ord5939
ord6697
ord6013
ord293
ord290
ord1556
ord5737
ord5559
ord690
ord441
ord1314
ord2326
ord6415
ord2478
ord6687
ord3515
ord1486
ord2725
ord4131
ord6203
ord6579
ord2470
ord4398
ord3953
ord4351
ord2360
ord6065
ord4530
ord4527
ord6604
ord6311
ord4159
ord1603
ord4774
ord6577
ord5194
ord744
ord613
ord524
ord1809
ord1675
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5653
ord3743
ord5154
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord2106
ord969
ord967
ord778
ord3654
ord4660
ord1719
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4682
ord4702
ord2069
ord4631
ord1137
ord5008
ord4000
ord639
ord374
ord2283
ord316
ord821
ord4405
ord2082
ord1272
ord3794
ord2969
ord801

msvcr90

_CxxThrowException
memcpy
__RTDynamicCast
memset
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_purecall
_gcvt_s
_wtof
_wtol
_wcsicmp
strcpy_s
_beginthreadex
calloc
_recalloc
vsprintf_s
_itoa_s
atol
strtol
memmove_s
wcstoul
_wtoi
_msize
ftell
realloc
malloc
toupper
free
fread
fseek
swscanf_s
fclose
fwrite
_wfopen_s
memcpy_s
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
exit
wcscpy_s
__CxxFrameHandler3

kernel32

LoadLibraryW
GetProcAddress
lstrcpyW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
FindFirstFileW
MulDiv
VirtualQueryEx
SetLastError
WriteProcessMemory
WideCharToMultiByte
CreateEventW
GlobalLock
GlobalUnlock
GlobalFree
ResumeThread
GlobalAlloc
LoadResource
SizeofResource
LockResource
WaitForSingleObject
SetEvent
ResetEvent
FreeLibrary
lstrlenA
lstrlenW
CreateDirectoryW
GetLastError
GetSystemDirectoryW
DeleteFileW
CreateThread
ExitThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CloseHandle
CreateFileW
CopyFileW
GetTempFileNameW
GetTempPathW
GetModuleHandleW
GetModuleFileNameW
TerminateThread
FindResourceW
ReadProcessMemory
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetFileAttributesW
GetLocalTime
QueryPerformanceCounter
LocalFree
FormatMessageW
GetProcessHandleCount
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcess
MultiByteToWideChar

user32

CopyImage
CloseWindow
BringWindowToTop
LoadIconW
DestroyIcon
PostMessageW
GetClientRect
GetFocus
GetNextDlgTabItem
UnregisterHotKey
GetSystemMetrics
GetWindowRect
SetParent
PtInRect
SetActiveWindow
RegisterHotKey
GetWindowTextW
GetClassNameW
EnumWindows
GetWindowThreadProcessId
GetParent
IsWindowVisible
InvalidateRect
IsWindow
SetRect
GetActiveWindow
CreateIconFromResource
CreateIconFromResourceEx
FillRect
GetSysColor
CopyRect
DrawFocusRect
SendMessageW
ReleaseDC
GetDC
GetKeyState
GetDesktopWindow
MessageBoxW
GetClassInfoW
EnableWindow
SetLayeredWindowAttributes
KillTimer
LoadCursorW
SetCursor
SetTimer
GetWindowLongW
SetWindowLongW
IsRectEmpty

gdi32

CreateFontIndirectW
SelectObject
CreateSolidBrush
BitBlt
DeleteDC
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
GetObjectW
GetStockObject
DeleteObject
GetTextExtentPoint32W
CreateCompatibleDC
CreateFontW
GetDeviceCaps

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

msvcp90

?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW

Sections

.text
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
运行前先运行此补丁(否则会出现死机花屏等现象）.exe
.exe windows:4 windows x86 arch:x86

0c40996f6e1e5f2a82b51e9950881bf1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
MultiByteToWideChar
WideCharToMultiByte
CompareFileTime
FindClose
FindFirstFileW
GetFileAttributesW
GetLastError
CreateDirectoryW
ExpandEnvironmentStringsW
lstrlenA
WriteFile
GetStdHandle
lstrcmpW
GetSystemTimeAsFileTime
lstrlenW
RemoveDirectoryW
FindNextFileW
DeleteFileW
VirtualAlloc
VirtualFree
GetACP
GetOEMCP
GetUserDefaultUILanguage
GetUserDefaultLCID
GetTempPathW
SetEnvironmentVariableW
SetCurrentDirectoryW
CloseHandle
lstrcmpiW
GetModuleFileNameW
CreateThread
GetVersionExW
CreateFileW
GetDriveTypeW
GetModuleHandleW
GetProcAddress
LoadLibraryA
MulDiv
GetSystemDirectoryW
TerminateThread
ResumeThread
SuspendThread
LocalFree
lstrcpyW
FormatMessageW
DeleteCriticalSection
GetFileSize
SetFilePointer
ReadFile
SetFileTime
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
GetModuleHandleA
WaitForSingleObject
GetExitCodeThread
GetLocalTime
SystemTimeToFileTime
GetCommandLineW
SetFileAttributesW
GetStartupInfoA

user32

CharUpperW
GetWindowLongW
wsprintfW
wsprintfA
MessageBoxA
GetKeyState
SendMessageW
wvsprintfW
KillTimer
GetSystemMenu
EnableMenuItem
SetTimer
GetWindowTextW
DefWindowProcW
CallWindowProcW
GetWindowDC
DrawIconEx
MessageBeep
DialogBoxIndirectParamW
GetWindow
GetParent
GetClientRect
ClientToScreen
GetWindowTextLengthW
SetWindowPos
GetDC
DrawTextW
ReleaseDC
ShowWindow
GetWindowRect
ScreenToClient
LoadIconW
LoadImageW
SetWindowLongW
SetDlgItemTextW
SystemParametersInfoW
GetSystemMetrics
GetDlgItem
SetFocus
EndDialog
SetWindowTextW

gdi32

DeleteObject
SelectObject
GetDeviceCaps
GetObjectW
CreateFontIndirectW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFileInfoW

ole32

CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantClear

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_except_handler3
_beginthreadex
_CxxThrowException
_purecall
memset
_wcsnicmp
malloc
free
_wtol
memcpy
memmove
memcmp
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
_controlfp

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fbd8b641200f0d17b6fc07afcb34e88

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 3KB - Virtual size: 3KB

c9ac7bcee35537cb4c1dee29693ff5ea

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

comctl32

shlwapi

ole32

oleaut32

msvcp90

psapi

Sections

.text Size: 268KB - Virtual size: 268KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 500KB - Virtual size: 499KB

0c40996f6e1e5f2a82b51e9950881bf1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcrt

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 268KB - Virtual size: 268KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 500KB - Virtual size: 499KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 2KB