2d37fb84e1ec507295a36cfad772435f

Sharing

Copy URL Twitter E-mail

General

Target

2d37fb84e1ec507295a36cfad772435f
Size

763KB
MD5

2d37fb84e1ec507295a36cfad772435f
SHA1

882ac7022f0eeab317c615b8186bf1247f523bed
SHA256

e70a18ef3c9da44300089370ad34dca38306dfaaf7a97a759bd16d1ddf37050d
SHA512

86a87bfbb72e3d7efe46f99f051be210c6703799b82f4493e089e66f42872f0cf3ad52b3d4ba76894979dee110794deb357a245bad299421f1fc6cf3d77cc02b
SSDEEP

12288:cYVQ7y8ZfXjl6szl0b0003GSZ2VqODjDoh7ETS03fnqvZfkV:c5y8Zz+I3GSZS3DnGIXPqvK

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/StrongBox-v2.0.0709/StrongBox/StrongBox.exe
unpack001/StrongBox-v2.0.0709/StrongBox/StrongBox.sys

Files

2d37fb84e1ec507295a36cfad772435f
.rar
StrongBox-v2.0.0709/StrongBox/StrongBox.exe
.exe windows:4 windows x86 arch:x86

4308b9ec610c5f0017883269d29fe04d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
SetErrorMode
GetFileTime
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
DeleteFileA
HeapReAlloc
RtlUnwind
RaiseException
ExitThread
SetStdHandle
GetFileType
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsSetValue
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
ReleaseMutex
CreateMutexW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
lstrlenA
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
SuspendThread
ResumeThread
SetThreadPriority
InterlockedDecrement
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetThreadLocale
GetCurrentProcessId
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
MultiByteToWideChar
HeapFree
GetProcessHeap
HeapAlloc
WideCharToMultiByte
GetExitCodeThread
SetFileAttributesW
ReadFile
GetFileSize
RemoveDirectoryW
GetFullPathNameW
GetTempFileNameW
GetFileAttributesW
MoveFileExW
GetVersion
GetPrivateProfileStringW
DeleteFileW
GetTempPathW
CreateSemaphoreW
ReleaseSemaphore
DeviceIoControl
GetTickCount
lstrlenW
SetProcessWorkingSetSize
GetCurrentProcess
GetProcessWorkingSetSize
GetVersionExW
WaitForSingleObject
GetCommandLineW
TerminateThread
SetEvent
ResetEvent
CreateEventW
Sleep
ExitProcess
OpenEventW
GetSystemDirectoryW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetLastError
SetLastError
CreateFileW
GetProcAddress
LoadLibraryW
GetWindowsDirectoryW
CreateThread
CloseHandle
CreateProcessW
CreateDirectoryW
GetCurrentDirectoryW
LocalFree
FormatMessageW
FindResourceW
LoadResource
LockResource
SizeofResource
ExpandEnvironmentStringsW
GetCommandLineA
GetModuleFileNameW

user32

RegisterClipboardFormatW
PostThreadMessageW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
ValidateRect
WindowFromPoint
DestroyMenu
CharUpperW
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
CheckMenuItem
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
IsWindowEnabled
MoveWindow
IsDialogMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
IsWindowVisible
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
PeekMessageW
LoadImageW
UpdateWindow
DrawEdge
MessageBeep
DispatchMessageW
TranslateMessage
DrawTextW
DrawFrameControl
GetKeyState
GetWindowLongW
ModifyMenuW
GetMenuItemID
GetMenuItemCount
GetDesktopWindow
GetDC
ReleaseDC
GetParent
GetFocus
EqualRect
IsWindow
GetSysColor
FindWindowW
GetClassNameW
SetWindowRgn
SetActiveWindow
EnumChildWindows
SetRect
DestroyCursor
PtInRect
CopyRect
RegisterHotKey
GetSystemMenu
RegisterWindowMessageW
FillRect
UnregisterHotKey
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
CharNextW
DrawIcon
GetSystemMetrics
IsIconic
ReleaseCapture
SetCapture
UnregisterClassW
GetTopWindow
LoadBitmapW
LoadIconW
PostMessageW
TrackPopupMenuEx
wsprintfW
GetSubMenu
LoadMenuW
DestroyIcon
CreateWindowExW
ScreenToClient
ShowWindow
SetWindowTextW
SetFocus
EndDialog
GetDlgItem
GetWindowTextW
GetWindowRect
LoadCursorW
GetClientRect
SetCursor
InvalidateRect
SetWindowLongW
SetForegroundWindow
KillTimer
SetTimer
GetCursorPos
EnableMenuItem
AppendMenuW
CreatePopupMenu
SendMessageW
SetWindowPos
EnableWindow
GetMenu
UnregisterClassA

gdi32

GetDeviceCaps
CreateSolidBrush
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
GetWindowExtEx
CreateFontW
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
SetBkColor
TextOutW
BitBlt
GetStockObject
CreateRoundRectRgn
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetPixel
GetObjectW
DeleteObject
GetTextExtentPoint32W
SelectObject
GetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

ControlService
RegQueryValueExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
DeleteService
RegOpenKeyExW
CloseServiceHandle
StartServiceW
QueryServiceStatusEx
OpenServiceW
CreateServiceW
OpenSCManagerW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetFileInfoW
DragFinish
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetSpecialFolderPathW
DragQueryFileW
ShellExecuteW
Shell_NotifyIconW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoRegisterMessageFilter
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

ws2_32

bind
socket
__WSAFDIsSet
gethostbyname
WSACleanup
accept
getsockname
recv
closesocket
send
setsockopt
htons
WSAGetLastError
select
inet_addr
WSAStartup
connect
listen

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 464KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StrongBox-v2.0.0709/StrongBox/StrongBox.sys
.sys windows:5 windows x86 arch:x86

f7b66477797430a72acb2c9b3188310c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmIsAddressValid
IoGetDeviceObjectPointer
KeSetAffinityThread
KeGetCurrentThread
KeNumberProcessors
ExFreePoolWithTag
RtlCompareMemory
_stricmp
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
wcscat
wcsrchr
ZwQueryValueKey
ZwOpenKey
wcsstr
wcslen
ZwWaitForSingleObject
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
ZwDeleteFile
ZwWriteFile
ProbeForWrite
ProbeForRead
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
PsGetVersion
NtBuildNumber
KeServiceDescriptorTable
KeReleaseMutex
KeWaitForSingleObject
KeDelayExecutionThread
PsTerminateSystemThread
IoDeleteDevice
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
RtlInitUnicodeString
PsGetCurrentProcessId
MmUserProbeAddress
_except_handler3
ObReferenceObjectByHandle
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
KeInitializeMutex
PsProcessType
RtlVolumeDeviceToDosName
IoFileObjectType
ObReferenceObjectByPointer
MmSectionObjectType
wcsncpy
PsLookupProcessByProcessId
_wcsicmp
KeQuerySystemTime
_alldiv
wcscpy
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
wcschr
ZwOpenFile
sprintf
ObOpenObjectByPointer
IoAllocateMdl
ZwOpenEvent
KeClearEvent
IoCreateNotificationEvent
swprintf
KeInitializeSemaphore
ExSemaphoreObjectType
KeDetachProcess
KeAttachProcess
KeReadStateEvent
KeReleaseSemaphore
KeResetEvent
KeReadStateSemaphore
KeTickCount
KeBugCheckEx
IoDriverObjectType
ObReferenceObjectByName
IofCompleteRequest
ObfDereferenceObject

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql
KeGetCurrentIrql

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SuCop0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SuCop1
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StrongBox-v2.0.0709/StrongBox/pic/QQ三国.ico
StrongBox-v2.0.0709/StrongBox/pic/QQ堂.ico
StrongBox-v2.0.0709/StrongBox/pic/QQ幻想.ico
StrongBox-v2.0.0709/StrongBox/pic/QQ游戏.ico
StrongBox-v2.0.0709/StrongBox/pic/QQ直播.ico
StrongBox-v2.0.0709/StrongBox/pic/QQ穿越火线.ico
StrongBox-v2.0.0709/StrongBox/pic/QQ自由幻想.ico
StrongBox-v2.0.0709/StrongBox/pic/QQ音速.ico
StrongBox-v2.0.0709/StrongBox/pic/QQ飞车.ico
StrongBox-v2.0.0709/StrongBox/pic/msn.ico
StrongBox-v2.0.0709/StrongBox/pic/仙境传说.ico
StrongBox-v2.0.0709/StrongBox/pic/传奇世界.ico
StrongBox-v2.0.0709/StrongBox/pic/冒险岛.ico
StrongBox-v2.0.0709/StrongBox/pic/功夫online.ico
StrongBox-v2.0.0709/StrongBox/pic/功夫小子.ico
StrongBox-v2.0.0709/StrongBox/pic/劲舞团.ico
StrongBox-v2.0.0709/StrongBox/pic/千年3.ico
StrongBox-v2.0.0709/StrongBox/pic/华夏Ⅱ.ico
StrongBox-v2.0.0709/StrongBox/pic/天下贰.ico
StrongBox-v2.0.0709/StrongBox/pic/奇迹世界.ico
StrongBox-v2.0.0709/StrongBox/pic/完美世界.ico
StrongBox-v2.0.0709/StrongBox/pic/巨人.ico
StrongBox-v2.0.0709/StrongBox/pic/彩虹岛.ico
StrongBox-v2.0.0709/StrongBox/pic/征途.ico
StrongBox-v2.0.0709/StrongBox/pic/惊天动地.ico
StrongBox-v2.0.0709/StrongBox/pic/新英雄年代.ico
StrongBox-v2.0.0709/StrongBox/pic/梦幻国度.ico
StrongBox-v2.0.0709/StrongBox/pic/梦幻西游.ico
StrongBox-v2.0.0709/StrongBox/pic/水浒Q传.ico
StrongBox-v2.0.0709/StrongBox/pic/泡泡堂2008.ico
StrongBox-v2.0.0709/StrongBox/pic/洛奇.ico
StrongBox-v2.0.0709/StrongBox/pic/热血江湖.ico
StrongBox-v2.0.0709/StrongBox/pic/热血英豪.ico
StrongBox-v2.0.0709/StrongBox/pic/疯狂赛车.ico
StrongBox-v2.0.0709/StrongBox/pic/盛大传奇.ico
StrongBox-v2.0.0709/StrongBox/pic/盛大富翁.ico
StrongBox-v2.0.0709/StrongBox/pic/神泣.ico
StrongBox-v2.0.0709/StrongBox/pic/神迹.ico
StrongBox-v2.0.0709/StrongBox/pic/腾讯QQ.ico
StrongBox-v2.0.0709/StrongBox/pic/腾讯TM.ico
StrongBox-v2.0.0709/StrongBox/pic/街头篮球.ico
StrongBox-v2.0.0709/StrongBox/pic/超级舞者.ico
StrongBox-v2.0.0709/StrongBox/pic/超级跑跑.ico
StrongBox-v2.0.0709/StrongBox/pic/跑跑卡丁车.ico
StrongBox-v2.0.0709/StrongBox/pic/迪士尼魔幻飞板.ico
StrongBox-v2.0.0709/StrongBox/pic/问道.ico
StrongBox-v2.0.0709/StrongBox/pic/霸王大陆.ico
StrongBox-v2.0.0709/StrongBox/pic/风火之旅.ico
StrongBox-v2.0.0709/StrongBox/pic/魔域.ico
StrongBox-v2.0.0709/StrongBox/pic/龙与地下城.ico
StrongBox-v2.0.0709/StrongBox/sw.lib
StrongBox-v2.0.0709/StrongBox/update.ini
StrongBox-v2.0.0709/StrongBox/超级巡警账号保护神说明.txt

Sharing

General

Malware Config

Signatures

Files

4308b9ec610c5f0017883269d29fe04d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wintrust

ws2_32

iphlpapi

Sections

.text Size: 464KB - Virtual size: 460KB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

f7b66477797430a72acb2c9b3188310c

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 1024B - Virtual size: 660B

.data Size: 512B - Virtual size: 18KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 944B

.SuCop0 Size: 4KB - Virtual size: 3KB

.SuCop1 Size: 17KB - Virtual size: 16KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 464KB - Virtual size: 460KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 1024B - Virtual size: 660B

.data
Size: 512B - Virtual size: 18KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 944B

.SuCop0
Size: 4KB - Virtual size: 3KB

.SuCop1
Size: 17KB - Virtual size: 16KB

.reloc
Size: 3KB - Virtual size: 3KB