201fd861b45634dfd230db249cae4ea9

Sharing

Copy URL Twitter E-mail

General

Target

201fd861b45634dfd230db249cae4ea9
Size

2.1MB
MD5

201fd861b45634dfd230db249cae4ea9
SHA1

d82aea2f867a880eb65562f2bc8ed598f5f29067
SHA256

8e5c97d383aa8775b8998cbd07914d67f0e32b94b450e9b2a4073a37383a4dbd
SHA512

ec6ffdbd42a8f67945b7741677c037cab1d478e9e27ecc57873421f3bf0c0b9744f298ab90ef390d8fc54f949ef5a339994e56d172de7e8bdfd5fc52e7ac3de3
SSDEEP

49152:npHlg9K5OMS1UD773cZL37+FrE3PXuyi74dvaGGOOo2:vgkOMS2XcZjqFrryN0Gf2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/CSOM.dll	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CSOM.dll
unpack001/金槍客.exe

Files

201fd861b45634dfd230db249cae4ea9
.rar
CSOM.dll
.dll windows:4 windows x86 arch:x86

1c8e92bcf9f7e416d5d8289427387076

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA
SHDeleteKeyA
SHDeleteValueA
PathAppendA
PathFindFileNameA

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
TlsFree
LCMapStringA
GetModuleFileNameA
GetCommandLineA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetTickCount
GetTempFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
DebugActiveProcessStop
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
GetTempPathA
GetVersionExA
IsDebuggerPresent
TerminateProcess
Sleep
GetSystemDefaultLangID
VirtualAlloc
VirtualQuery
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualProtectEx
CreateThread
GetCurrentThreadId
WideCharToMultiByte
QueryDosDeviceA
GetLogicalDriveStringsA
MultiByteToWideChar
GetSystemDirectoryA
GetVersion
lstrlenA
DeviceIoControl
GetTimeZoneInformation
GetLocaleInfoA
WriteFile
Process32Next
Process32First
GlobalFree
GlobalUnlock
DeleteFileA
ReadFile
SetFilePointer
CreateFileA
CopyFileA
LoadLibraryA
CreateMutexA
WriteProcessMemory
GetProcAddress
CreateDirectoryA
CloseHandle
GetModuleHandleA
ReadProcessMemory
GetCurrentProcess
MapViewOfFile
OpenFileMappingA
OpenProcess
GetCurrentProcessId
FreeLibrary
VerLanguageNameA
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
MulDiv
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcpynA
GetFullPathNameA
GetFileTime
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GetCurrentDirectoryA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTime
GetLocalTime
HeapSize
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFree
InterlockedDecrement
InterlockedIncrement
WinExec
lstrcatA
WriteProfileStringA
SetLastError
GetProfileStringA
GlobalSize
EnumResourceNamesA
GetWindowsDirectoryA
GlobalMemoryStatus
InterlockedExchange
GetDriveTypeA
GetVolumeInformationA
GetLastError
GetFileSize
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
FindNextFileA
FindClose
GlobalAlloc
LoadLibraryExA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcpyA
GlobalLock
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadStringA
IsDialogMessageA
SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
GetSysColorBrush
DestroyMenu
CharUpperA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
PostMessageA
PostQuitMessage
WindowFromPoint
GetParent
GetWindow
PtInRect
IsWindowVisible
GetWindowLongA
EnumWindows
GetWindowTextA
FindWindowExA
IsRectEmpty
GetCursorPos
GetDlgItem
SystemParametersInfoA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SendMessageTimeoutA
SetCursorPos
mouse_event
keybd_event
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClassNameA
GetDesktopWindow
GetWindowRect
ReleaseCapture
SetCapture
LoadImageA
VkKeyScanExA
GetDC
ReleaseDC
GetKeyboardLayout
SendDlgItemMessageA
GetMenuItemCount
GetDlgCtrlID
GetSystemMetrics
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
LoadBitmapA
DestroyWindow
GetKeyboardState
wsprintfA
MessageBoxA
GetWindowThreadProcessId
CreateWindowExA
LoadIconA
LoadCursorA
RegisterClassA
SetWindowLongA
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
UnregisterClassA
PostThreadMessageA
WaitMessage
PeekMessageA
UnregisterHotKey
RegisterHotKey
SendMessageA
GetAsyncKeyState
CallWindowProcA
ShowWindow
DefWindowProcA
SetWindowPos
SetWindowTextA
FindWindowA
IsWindow

gdi32

DeleteObject
PtVisible
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetObjectA
GetStockObject
SetViewportOrgEx
ExtTextOutA
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SelectPalette
RealizePalette
GetDIBits
CreateDCA
GetPixel
GetDeviceCaps
RemoveFontResourceA
AddFontResourceA
TextOutA
SetMapMode
EnumFontFamiliesExA
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
RectVisible
Escape

advapi32

AllocateAndInitializeSid
RegCreateKeyA
RegDeleteValueA
GetUserNameA
RegGetKeySecurity
FreeSid
InitializeAcl
AddAce
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegOpenKeyExA
RegSetKeySecurity
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
InitializeSecurityDescriptor
RegOpenKeyA
RegEnumValueA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
SetSecurityDescriptorDacl
RegDeleteKeyA

wininet

InternetOpenUrlA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetGetConnectedState
InternetCloseHandle
InternetReadFile
InternetOpenA

iphlpapi

GetAdaptersInfo
SendARP

ntdll

RtlMoveMemory
ZwClose
LdrGetDllHandle
LdrQueryProcessModuleInformation
LdrGetProcedureAddress

mpr

WNetCancelConnection2A
WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA
WNetAddConnection2A

winmm

waveOutGetDevCapsA
waveOutGetNumDevs
mciSendStringA

ws2_32

WSACleanup
sendto
socket
htons
connect
closesocket
inet_ntoa
gethostbyaddr
gethostname
gethostbyname
inet_addr
WSAStartup

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comdlg32

PrintDlgA
GetFileTitleA

winspool.drv

SetPrinterA
EnumPrintersA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetPrinterA

shell32

ShellExecuteA
SHChangeNotify
SHEmptyRecycleBinA
SHGetSpecialFolderPathA

comctl32

ord17

ole32

CoCreateGuid
CoCreateInstance

Exports

Exports

p

Sections

.text
Size: - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 841KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 940KB - Virtual size: 939KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ucbug交流群.txt
ucbug游戏社区.htm
.html
ucbug游戏网.url
.url
下载说明.txt
更多免费外挂.htm
.html
金槍客.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c8e92bcf9f7e416d5d8289427387076

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

wininet

iphlpapi

ntdll

mpr

winmm

ws2_32

version

comdlg32

winspool.drv

shell32

comctl32

ole32

Exports

Exports

Sections

.text Size: - Virtual size: 413KB

.rdata Size: - Virtual size: 841KB

.data Size: - Virtual size: 593KB

.vmp0 Size: - Virtual size: 29KB

.vmp1 Size: - Virtual size: 87KB

.vmp2 Size: 940KB - Virtual size: 939KB

.reloc Size: 4KB - Virtual size: 216B

Headers

File Characteristics

Sections

.textbss Size: - Virtual size: 1.6MB

.text Size: 8KB - Virtual size: 8KB

.data Size: 1.3MB - Virtual size: 1.3MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: - Virtual size: 413KB

.rdata
Size: - Virtual size: 841KB

.data
Size: - Virtual size: 593KB

.vmp0
Size: - Virtual size: 29KB

.vmp1
Size: - Virtual size: 87KB

.vmp2
Size: 940KB - Virtual size: 939KB

.reloc
Size: 4KB - Virtual size: 216B

.textbss
Size: - Virtual size: 1.6MB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB