46b067259a16e7f28ef37511d76821e0

Sharing

Copy URL Twitter E-mail

General

Target

46b067259a16e7f28ef37511d76821e0
Size

4.0MB
MD5

46b067259a16e7f28ef37511d76821e0
SHA1

c73902aec3b3a6aeb3d73d477521868d32074c01
SHA256

47eb1319fa3a1e323da6bf722697addacbfc1f8a3e94bdbd38bec6afdb3597f8
SHA512

42e701e21b7613a89f5041991a8deab19d1701aad8552fe93a1362966fcff63610dd06e9140809d09000bf985f9e86499822df80f9bfa842ef3ba36dddee891c
SSDEEP

98304:gvgZFXrtNFT5vqbXLdIv0DFRNWN5s+bgxyD4NY1ujCC24wvEQ:gvgZFJLTtOWMDw7goD4NYksXcQ

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/SyToolsBox/常用小工具/Reso.dll	acprotect

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SyToolsBox/SyToolsBox.exe	upx
static1/unpack001/SyToolsBox/常用小工具/ONES刻录工具.exe	upx
static1/unpack001/SyToolsBox/常用小工具/Reso.dll	upx
static1/unpack001/SyToolsBox/常用小工具/快速IP设置.exe	upx

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SyToolsBox/SyToolsBox.exe
unpack002/out.upx
unpack001/SyToolsBox/常用小工具/Foxit Reader.EXE
unpack001/SyToolsBox/常用小工具/OEM-DIY.exe
unpack001/SyToolsBox/常用小工具/ONES刻录工具.exe
unpack003/out.upx
unpack001/SyToolsBox/常用小工具/Reso.dll
unpack004/out.upx
unpack001/SyToolsBox/常用小工具/世纪前线网络质量测试工具.exe
unpack001/SyToolsBox/常用小工具/农历手册.EXE
unpack001/SyToolsBox/常用小工具/定时关机.EXE
unpack001/SyToolsBox/常用小工具/快速IP设置.exe
unpack005/out.upx

Files

46b067259a16e7f28ef37511d76821e0
.rar
SyToolsBox/Help.chm
.chm
SyToolsBox/SyToolsBox.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 336KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SyToolsBox/SyToolsBox.ini
SyToolsBox/实用批处理/(仅供备用)关闭系统本身的默认共享.cmd
SyToolsBox/实用批处理/(仅供备用)开启系统本身的默认共享.cmd
SyToolsBox/实用批处理/ARP本机绑定.bat
SyToolsBox/实用批处理/Autorun 病毒清除工具.CMD
SyToolsBox/实用批处理/IE不能打开新链接修复.cmd
SyToolsBox/实用批处理/Sort.ico
SyToolsBox/实用批处理/WINXP原本的各项服务.BAT
SyToolsBox/实用批处理/一键清理系统垃圾文件.bat
SyToolsBox/实用批处理/中文显示ping结果.bat
.bat .vbs
SyToolsBox/实用批处理/修复EXE文件关联.cmd
SyToolsBox/实用批处理/关闭局域网共享.cmd
SyToolsBox/实用批处理/关闭所有分区自动播放.cmd
SyToolsBox/实用批处理/开启系统补丁自动更新.bat
SyToolsBox/实用批处理/开通局域网共享(无需验证即可进入).cmd
SyToolsBox/实用批处理/开通局域网共享(需证用户名和密码).cmd
SyToolsBox/实用批处理/彻底关闭自动更新功能.bat
SyToolsBox/实用批处理/恢复所有分区自动播放.cmd
SyToolsBox/实用批处理/断开网络联结.bat
SyToolsBox/实用批处理/显示IP配置.bat
SyToolsBox/实用批处理/查看安装日期及运行时间.cmd
SyToolsBox/实用批处理/查看网关的MAC地址.bat
SyToolsBox/实用批处理/查看进程使用的端口.bat
SyToolsBox/实用批处理/清除所有多余的启动项目.cmd
SyToolsBox/实用批处理/清除所有多余的桌面右键菜单.cmd
SyToolsBox/实用批处理/自动关闭空闲的IDE通道.bat
SyToolsBox/实用批处理/解决IIS无法调试的问题.cmd
SyToolsBox/实用注册表/(仅供备用)取消磁盘的自动扫描.reg
SyToolsBox/实用注册表/Administrator帐户设为不隐藏.reg
SyToolsBox/实用注册表/Sort.ico
SyToolsBox/实用注册表/不显示共享文档和用户文档.REG
SyToolsBox/实用注册表/修复EXE文件关联.REG
SyToolsBox/实用注册表/修复任务栏声音图标消失.reg
SyToolsBox/实用注册表/关闭光驱硬盘的自动运行.REG
SyToolsBox/实用注册表/去掉快捷方式小箭头(重启系统生效).reg
SyToolsBox/实用注册表/取消磁盘的自动扫描.reg
SyToolsBox/实用注册表/因装了KB905474正版验证补丁进系统受阻导入本注册表可破解.reg
SyToolsBox/实用注册表/安装SQL如提示挂起导入本注册表可解决.reg
SyToolsBox/实用注册表/恢复快捷方式小箭头(重启系统生效).reg
SyToolsBox/实用注册表/打开光驱硬盘的自动运行.REG
SyToolsBox/实用注册表/显示共享文档和用户文档.reg
SyToolsBox/实用注册表/显示隐藏文件(中了该类病毒后).reg
SyToolsBox/实用注册表/注册表编辑器regedit解禁.reg
SyToolsBox/实用注册表/注册表解禁.reg
SyToolsBox/实用注册表/禁止生成缩略图缓冲文件Thumbs.db.reg
SyToolsBox/实用注册表/若任务管理器被病毒禁用导入本注册表可解开.reg
SyToolsBox/常用小工具/Foxit Reader.EXE
.exe windows:4 windows x86 arch:x86

a900cce46c67759e2822a509e6acc601

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetParent

gdi32

EndDoc

comdlg32

GetOpenFileNameA

winspool.drv

EnumPrintersA

advapi32

RegSetValueExA

shell32

ExtractIconA

comctl32

ImageList_Draw

oledlg

ord8

ole32

OleLockRunning

olepro32

ord253

oleaut32

SysFreeString

wsock32

htons

Sections

.text
Size: 888KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SyToolsBox/常用小工具/OEM-DIY.exe
.exe windows:4 windows x86 arch:x86

0c40996f6e1e5f2a82b51e9950881bf1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
MultiByteToWideChar
WideCharToMultiByte
CompareFileTime
FindClose
FindFirstFileW
GetFileAttributesW
GetLastError
CreateDirectoryW
ExpandEnvironmentStringsW
lstrlenA
WriteFile
GetStdHandle
lstrcmpW
GetSystemTimeAsFileTime
lstrlenW
RemoveDirectoryW
FindNextFileW
DeleteFileW
VirtualAlloc
VirtualFree
GetACP
GetOEMCP
GetUserDefaultUILanguage
GetUserDefaultLCID
GetTempPathW
SetEnvironmentVariableW
SetCurrentDirectoryW
CloseHandle
lstrcmpiW
GetModuleFileNameW
CreateThread
GetVersionExW
CreateFileW
GetDriveTypeW
GetModuleHandleW
GetProcAddress
LoadLibraryA
MulDiv
GetSystemDirectoryW
TerminateThread
ResumeThread
SuspendThread
LocalFree
lstrcpyW
FormatMessageW
DeleteCriticalSection
GetFileSize
SetFilePointer
ReadFile
SetFileTime
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
GetModuleHandleA
WaitForSingleObject
GetExitCodeThread
GetLocalTime
SystemTimeToFileTime
GetCommandLineW
SetFileAttributesW
GetStartupInfoA

user32

CharUpperW
GetWindowLongW
wsprintfW
wsprintfA
MessageBoxA
GetKeyState
SendMessageW
wvsprintfW
KillTimer
GetSystemMenu
EnableMenuItem
SetTimer
GetWindowTextW
DefWindowProcW
CallWindowProcW
GetWindowDC
DrawIconEx
MessageBeep
DialogBoxIndirectParamW
GetWindow
GetParent
GetClientRect
ClientToScreen
GetWindowTextLengthW
SetWindowPos
GetDC
DrawTextW
ReleaseDC
ShowWindow
GetWindowRect
ScreenToClient
LoadIconW
LoadImageW
SetWindowLongW
SetDlgItemTextW
SystemParametersInfoW
GetSystemMetrics
GetDlgItem
SetFocus
EndDialog
SetWindowTextW

gdi32

DeleteObject
SelectObject
GetDeviceCaps
GetObjectW
CreateFontIndirectW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFileInfoW

ole32

CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantClear

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_except_handler3
_beginthreadex
_CxxThrowException
_purecall
memset
_wcsnicmp
malloc
free
_wtol
memcpy
memmove
memcmp
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
_controlfp

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SyToolsBox/常用小工具/ONES刻录工具.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 450KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 628KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 828KB - Virtual size: 824KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SyToolsBox/常用小工具/Reso.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SyToolsBox/常用小工具/世纪前线网络质量测试工具.exe
.exe windows:4 windows x86 arch:x86

2e3109e855834205b603691f4225e497

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

setsockopt
inet_ntoa
closesocket
getsockopt
inet_addr
gethostbyname
WSAGetLastError
socket
sendto
recvfrom

kernel32

UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesA
GetFileSize
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
CreateThread
ExitThread
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
SetStdHandle
WriteFile
FlushFileBuffers
GetModuleHandleA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
GetCurrentProcess
ReadFile
CreateFileA
FindFirstFileA
DuplicateHandle
GetCPInfo
FindClose
GetOEMCP
SizeofResource
GetProcessVersion
WritePrivateProfileStringA
LocalReAlloc
GlobalFlags
TlsGetValue
TlsFree
TlsSetValue
GlobalReAlloc
LeaveCriticalSection
GlobalHandle
TlsAlloc
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrcpynA
EnterCriticalSection
MulDiv
FormatMessageA
LocalFree
FreeLibrary
SetLastError
LoadLibraryA
GlobalGetAtomNameA
GetVersion
lstrcatA
lstrcpyA
GlobalAddAtomA
GlobalFindAtomA
GetFileType
GetProcAddress
GetProfileStringA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetTimeZoneInformation
GetCurrentThreadId
WinExec
Sleep
GetTickCount
GetCurrentProcessId

user32

GetCapture
WinHelpA
GetTopWindow
CopyRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
ScreenToClient
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadStringA
DestroyMenu
GetClassNameA
PtInRect
GetSysColorBrush
CharUpperA
InvalidateRect
ShowWindow
RegisterClassA
GetMenu
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
PostQuitMessage
PostMessageA
EnableWindow
LoadCursorA
SetCursor
SetTimer
KillTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
GetWindowRect
LoadIconA
wsprintfA
GetWindowTextLengthA
GetMenuItemCount
GetSubMenu
GetMenuItemID
IsWindow
ModifyMenuA
GetMenuState
GetClassInfoA
ExcludeUpdateRgn
UnregisterClassA
HideCaret
ShowCaret
IsWindowUnicode
DrawFocusRect
DefDlgProcA
InflateRect
CharNextA

gdi32

GetTextExtentPointA
PatBlt
CreateCompatibleDC
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectA
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
CreateDIBitmap
BitBlt
DeleteObject
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
ExtTextOutA
Escape
TextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegEnumValueA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

comctl32

ord17

wsock32

WSAStartup
WSACleanup

wininet

InternetQueryDataAvailable
InternetGetLastResponseInfoA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
FtpOpenFileA

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SyToolsBox/常用小工具/农历手册.EXE
.exe windows:4 windows x86 arch:x86

33b24602a3f7e9299ce7c89d86e9eacb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
ord552
ord660
ord553
ord661
__vbaStrDate
ord662
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
_CIsin
__vbaErase
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaDateR8
__vbaI2I4
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
ord601
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaI2Str
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord100
__vbaI4Var
ord610
__vbaVarAdd
__vbaVarDup
__vbaFpI4
_CIatan
__vbaStrMove
__vbaR8IntI4
ord542
_allmul
ord545
_CItan
__vbaUI1Var
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SyToolsBox/常用小工具/定时关机.EXE
.exe windows:4 windows x86 arch:x86

664126ea733005fe0bedfa2a7669029f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
CompareStringA
SetEndOfFile
ReadFile
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
CreateFileA
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
VirtualAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetModuleFileNameA
GetVersion
GetStartupInfoA
GetModuleHandleA
GetSystemTime
GetEnvironmentVariableA
GetSystemDirectoryA
CopyFileA
SystemTimeToFileTime
FileTimeToSystemTime
SetLastError
GetVersionExA
lstrcmpiA
lstrlenA
LocalAlloc
CloseHandle
GetCommandLineA
CreateThread
GetLastError
FormatMessageA
LocalFree
GlobalAlloc
GlobalFree
GetLocalTime
LoadLibraryA
Sleep
GetProcAddress
FreeLibrary
SetSystemPowerState
GetCurrentProcess
CreateProcessA
GetTimeZoneInformation
HeapReAlloc
GetExitCodeProcess
FreeEnvironmentStringsW
HeapAlloc
TerminateProcess
ExitProcess
SetEnvironmentVariableA

user32

GetMessageA
ExitWindowsEx
SendMessageA
MessageBoxA
SetTimer
SetCursor
LoadCursorA
SetDlgItemTextA
CheckDlgButton
EndDialog
GetDlgItemTextA
EnableWindow
GetDlgItem
IsDlgButtonChecked
DialogBoxParamA
CheckRadioButton
LoadIconA
EnableMenuItem
ShowWindow
KillTimer
SetForegroundWindow
PostMessageA
TrackPopupMenu
GetSubMenu
GetCursorPos
PostQuitMessage
GetParent
SendDlgItemMessageA
DestroyMenu
LoadMenuA
wsprintfA
IsDialogMessageA
TranslateMessage
DispatchMessageA
CreateDialogParamA
SetWindowTextA

advapi32

SetServiceStatus
LookupPrivilegeValueA
ControlService
QueryServiceStatus
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
InitiateSystemShutdownA
OpenProcessToken
AdjustTokenPrivileges

comdlg32

GetOpenFileNameA

comctl32

InitCommonControlsEx

shell32

Shell_NotifyIconA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA

winmm

PlaySoundA

mpr

WNetAddConnection2A
WNetCancelConnection2A

wsock32

WSACleanup
WSAGetLastError
recv
send
setsockopt
sendto
ntohl
inet_addr
ioctlsocket
gethostbyname
connect
shutdown
closesocket
accept
socket
htons
bind
listen
WSAAsyncSelect
WSAStartup
htonl

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SyToolsBox/常用小工具/快速IP设置.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 123KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 336KB

UPX1 Size: 156KB - Virtual size: 160KB

.rsrc Size: 17KB - Virtual size: 20KB

Headers

File Characteristics

Sections

.text Size: 236KB - Virtual size: 232KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 156KB - Virtual size: 209KB

.rsrc Size: 20KB - Virtual size: 16KB

a900cce46c67759e2822a509e6acc601

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

Sections

.text Size: 888KB - Virtual size: 2.5MB

.rsrc Size: 28KB - Virtual size: 28KB

0c40996f6e1e5f2a82b51e9950881bf1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcrt

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 11KB - Virtual size: 11KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 450KB - Virtual size: 452KB

.rsrc Size: 179KB - Virtual size: 180KB

Headers

File Characteristics

Sections

.text Size: 628KB - Virtual size: 624KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 60KB - Virtual size: 377KB

.rsrc Size: 828KB - Virtual size: 824KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 92KB

UPX1 Size: 31KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 68KB - Virtual size: 67KB

UPX0
Size: - Virtual size: 336KB

UPX1
Size: 156KB - Virtual size: 160KB

.rsrc
Size: 17KB - Virtual size: 20KB

.text
Size: 236KB - Virtual size: 232KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 156KB - Virtual size: 209KB

.rsrc
Size: 20KB - Virtual size: 16KB

.text
Size: 888KB - Virtual size: 2.5MB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 11KB - Virtual size: 11KB

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 450KB - Virtual size: 452KB

.rsrc
Size: 179KB - Virtual size: 180KB

.text
Size: 628KB - Virtual size: 624KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 60KB - Virtual size: 377KB

.rsrc
Size: 828KB - Virtual size: 824KB

UPX0
Size: - Virtual size: 92KB

UPX1
Size: 31KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 40KB - Virtual size: 39KB

.text
Size: 52KB - Virtual size: 49KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 41KB

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 36KB - Virtual size: 39KB

.rsrc
Size: 36KB - Virtual size: 35KB

UPX0
Size: - Virtual size: 212KB

UPX1
Size: 123KB - Virtual size: 124KB

.rsrc
Size: 20KB - Virtual size: 24KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 108KB - Virtual size: 105KB