4afd2143de2a4949288f40429040d016

Sharing

Copy URL

Twitter E-mail

General

Target

4afd2143de2a4949288f40429040d016
Size

2.3MB
MD5

4afd2143de2a4949288f40429040d016
SHA1

d1651ecec8a829153dc6c35850227dd71a9a7f99
SHA256

2d20d733d9d4f65d0f2bd09edbc294e20736b6e877439f836061d191785cbd1d
SHA512

2a87a4568308433c8b6f26e060d8143b24d863c04615064acd4cdcd5f08c9a86336fc1cf88ac030b9580e42716ce805e77c2412da4ac45d27e7055af7ec0e2a8
SSDEEP

49152:5iwUrb8N5mmnTaG1AfV58TSlUkcnyoBs+H/JpIIrXgF/hwsX/de:IrJMTa35h6yIf/FrXshwsw

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ButterFly BotByZeRo/Butterfly Wizard High.exe
unpack001/ButterFly BotByZeRo/QQdaili_2.1.exe
unpack001/ButterFly BotByZeRo/QQdaili_2.1/gamelsp.dll
unpack001/ButterFly BotByZeRo/QQdaili_2.1/gameppp.dll
unpack001/ButterFly BotByZeRo/QQdaili_2.1/qqdaili.exe
unpack001/ButterFly BotByZeRo/QQdaili_2.1/update.exe
unpack001/ButterFly BotByZeRo/SkinH_EL.dll

Files

4afd2143de2a4949288f40429040d016
.rar
ButterFly BotByZeRo/BuFiY.HD
ButterFly BotByZeRo/Butterfly Wizard High.exe
.exe windows:4 windows x86 arch:x86

f9c41706cc269f94627833b41248ad6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
SetCurrentDirectoryA
CopyFileA
DeleteFileA
GetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsA
Sleep
CreateEventA
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
lstrlenW
lstrlenA
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
HeapAlloc
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
lstrcpyA
WinExec
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
GlobalReAlloc
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
GetProcessHeap
HeapReAlloc
HeapFree
WaitForMultipleObjects
FindNextFileA

user32

UnregisterClassA
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
TrackPopupMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
GetWindowTextA
SetWindowTextA
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetMenuState
GetTabbedTextExtentA
DrawStateA
GrayStringA
TabbedTextOutA
WindowFromDC
EnumChildWindows
GetWindowDC
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
FrameRect
GetPropA
MoveWindow
CallWindowProcA
SetPropA
DrawTextA
GetCursor
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
GetWindowTextLengthA
CharUpperA
BeginPaint
EndPaint
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
GetClassLongA
CreateWindowExA
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA

gdi32

GetViewportExtEx
SetPolyFillMode
ExtSelectClipRgn
LineTo
MoveToEx
GetTextMetricsA
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetPixel
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePenIndirect
RestoreDC
SaveDC
SetWindowOrgEx
SetTextColor
SetBkMode
SetBkColor
CreateRectRgnIndirect
ExcludeClipRect
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBrushIndirect
CreateBitmap
SelectObject
CreatePen
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps

winmm

midiStreamOpen
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

msimg32

GradientFill

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegQueryValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

OleInitialize
CLSIDFromProgID
OleUninitialize
CLSIDFromString
OleRun
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantCopyInd
VariantInit
SysAllocString
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi

comctl32

ImageList_GetIcon
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create
ImageList_Read
ImageList_DrawIndirect
ImageList_Duplicate

ws2_32

inet_ntoa
gethostbyname
WSAStartup
WSACleanup
select
send
accept
getpeername
recv
connect
ioctlsocket
recvfrom
socket
htons
WSAAsyncSelect
closesocket
inet_addr

comdlg32

ChooseColorA
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

Sections

.text
Size: 680KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 504KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ButterFly BotByZeRo/DarkShinato.HD
ButterFly BotByZeRo/KingShinato.HD
ButterFly BotByZeRo/QQdaili_2.1.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ButterFly BotByZeRo/QQdaili_2.1/gamelist.ini
ButterFly BotByZeRo/QQdaili_2.1/gamelsp.dll
.dll windows:4 windows x86 arch:x86

44dbea19bf012746e45fa8fe7d3dc477

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

ws2_32

WSCGetProviderPath
recvfrom
ntohs
inet_ntoa
select
closesocket
inet_addr
htons
sendto
socket

psapi

GetModuleFileNameExA

kernel32

EnterCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetLocaleInfoA
GetCurrentProcess
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalAlloc
GlobalFree
SetEvent
WaitForSingleObject
CreateEventA
GetLastError
CreateMutexW
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
Sleep
HeapSize
ExitProcess
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
InitializeCriticalSection
SetFilePointer
GetStringTypeA
GetStringTypeW

Exports

Exports

GetData
SetData
WSPStartup

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ButterFly BotByZeRo/QQdaili_2.1/gameppp.dll
.dll windows:4 windows x86 arch:x86

f9950ce092fa8c803fb83c99d74d5157

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA

ws2_32

ntohl
recv
send
recvfrom
select
htons
ntohs
getsockname
connect
bind
socket
__WSAFDIsSet
closesocket
listen
accept
WSAStartup
inet_addr
WSACleanup
gethostbyname
sendto

kernel32

TlsGetValue
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeW
CreateFileA
GetModuleFileNameA
CloseHandle
Sleep
GetSystemDirectoryA
GetLastError
GetProcAddress
LoadLibraryA
CreateMutexA
GetTickCount
HeapAlloc
ExitThread
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetModuleHandleA
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
SetFilePointer
GetStringTypeA

Exports

Exports

Connect
GetStatus
HangUp
SetStatus

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ButterFly BotByZeRo/QQdaili_2.1/gametcp.dll
ButterFly BotByZeRo/QQdaili_2.1/qqdaili.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 352KB - Virtual size: 924KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 241KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ButterFly BotByZeRo/QQdaili_2.1/qqdaili.ini
ButterFly BotByZeRo/QQdaili_2.1/update.exe
.exe windows:4 windows x86 arch:x86

177104c487ca0c40a3f2362900925ed5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
Sleep
GetVersionExW
TerminateProcess
GetModuleFileNameW
CreateFileW
Process32FirstW
MoveFileExW
CreateToolhelp32Snapshot
GetFileTime
CloseHandle
DeleteFileW
GetFileSize
GlobalFree
CopyFileW
GetSystemDirectoryW
Process32NextW
GlobalAlloc
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSection
LoadLibraryA
HeapSize
GetConsoleMode
GetLastError
MoveFileW
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP

user32

wsprintfW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

ws2_32

WSCEnumProtocols
WSCDeinstallProvider
WSCGetProviderPath
WSCUpdateProvider
WSCWriteProviderOrder
WSCInstallProvider

netapi32

NetScheduleJobAdd
NetApiBufferFree
NetScheduleJobEnum

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ButterFly BotByZeRo/SkinH_EL.dll
.dll windows:4 windows x86 arch:x86

5b234a1aba7588c195b2279c948d550c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetConsoleCtrlHandler
VirtualAlloc
HeapReAlloc
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
SetUnhandledExceptionFilter
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
InterlockedIncrement
LoadLibraryA
GetProcAddress
OutputDebugStringA
InterlockedDecrement
WriteFile
GetStdHandle
DebugBreak
HeapValidate
IsBadReadPtr
IsBadWritePtr
FatalAppExitA
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineA
RtlUnwind
IsBadCodePtr
UnhandledExceptionFilter
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetFilePointer
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
MulDiv
VirtualProtect
FlushInstructionCache
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
GetModuleFileNameA
GetVersion
GetCurrentThreadId
GetModuleHandleA
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetLastError
VirtualQuery

user32

UnhookWindowsHookEx
SetWindowsHookExA
EnumChildWindows
LoadCursorA
SetCursor
EnumThreadWindows
TrackPopupMenu
GetMenuItemID
IsIconic
IsZoomed
GetWindowRgn
IsMenu
GetSubMenu
GetMenuBarInfo
GetMenu
SetWindowRgn
GetSystemMenu
MessageBoxA
GetClassNameA
CallNextHookEx
ScreenToClient
SetCapture
EqualRect
ReleaseCapture
SetWindowPos
KillTimer
SetTimer
MenuItemFromPoint
GetMenuItemRect
GetMenuItemCount
GetMenuItemInfoA
GetMenuStringA
GetMenuState
SetMenuItemInfoA
SetRect
GetActiveWindow
LockWindowUpdate
IsWindowVisible
GetSystemMetrics
ShowScrollBar
FillRect
GetSysColorBrush
EnableScrollBar
GetScrollBarInfo
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
GetWindowDC
GetDCEx
GetDC
MoveWindow
FindWindowExA
GetCursorPos
PtInRect
SetRectEmpty
ClientToScreen
ReleaseDC
GetSysColor
InflateRect
GetParent
GetClassLongA
GetWindowRect
GetComboBoxInfo
OffsetRect
IsRectEmpty
InvalidateRect
GetClientRect
GetWindowTextA
SendMessageA
IsWindowEnabled
GetFocus
GetIconInfo
DrawIconEx
DrawTextA
TrackMouseEvent
BeginPaint
EndPaint
RemovePropA
GetPropA
CallWindowProcA
DefWindowProcA
GetWindowLongA
SetWindowLongA
SetPropA

gdi32

SetPixel
SetBkColor
TextOutA
GetTextExtentPointA
SetMapMode
CreatePen
CreateSolidBrush
GetStockObject
RoundRect
BeginPath
Rectangle
EndPath
SelectClipPath
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
StretchBlt
GetObjectA
DeleteObject
BitBlt
DeleteDC
SetTextColor
CreateDIBitmap
CreateFontA
CreatePatternBrush
SelectClipRgn
CombineRgn
CreateRectRgn
EqualRgn
OffsetRgn
ExtCreateRegion
CreateDIBSection
GetPixel
PatBlt
SelectObject
Polygon

comctl32

ImageList_Draw
ImageList_GetImageInfo

msimg32

TransparentBlt

Exports

Exports

SkinH_Attach
SkinH_Attach_Ex

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ButterFly BotByZeRo/aero.she
ButterFly BotByZeRo/使用说明.txt
ButterFly BotByZeRo/更新日志.txt

Sharing

General

Malware Config

Signatures

Files

f9c41706cc269f94627833b41248ad6b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: 680KB - Virtual size: 679KB

.rdata Size: 504KB - Virtual size: 500KB

.data Size: 60KB - Virtual size: 220KB

.rsrc Size: 92KB - Virtual size: 91KB

Headers

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 35KB

DATA Size: 1024B - Virtual size: 584B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 14KB - Virtual size: 14KB

44dbea19bf012746e45fa8fe7d3dc477

Headers

File Characteristics

Imports

user32

advapi32

ws2_32

psapi

kernel32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

f9950ce092fa8c803fb83c99d74d5157

Headers

File Characteristics

Imports

user32

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 8KB - Virtual size: 7KB

Headers

File Characteristics

Sections

Size: 352KB - Virtual size: 924KB

Size: 5KB - Virtual size: 16KB

Size: - Virtual size: 12KB

Size: 11KB - Virtual size: 16KB

Size: - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

Size: - Virtual size: 68KB

.text
Size: 680KB - Virtual size: 679KB

.rdata
Size: 504KB - Virtual size: 500KB

.data
Size: 60KB - Virtual size: 220KB

.rsrc
Size: 92KB - Virtual size: 91KB

CODE
Size: 36KB - Virtual size: 35KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 14KB - Virtual size: 14KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 33KB - Virtual size: 96KB

.data
Size: 241KB - Virtual size: 244KB

.adata
Size: - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 16KB - Virtual size: 14KB

.text
Size: 608KB - Virtual size: 607KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 24KB - Virtual size: 35KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB