248b4af3f41e95ba317cf561acb063cbd37e9e80ce4127ac4103c482ec512d02

Sharing

Copy URL Twitter E-mail

General

Target

248b4af3f41e95ba317cf561acb063cbd37e9e80ce4127ac4103c482ec512d02
Size

1.0MB
MD5

4e11c9759b10d3426e07a20b40561804
SHA1

16ff0538bbcd4c18f1115dc77af387877c8e84d8
SHA256

248b4af3f41e95ba317cf561acb063cbd37e9e80ce4127ac4103c482ec512d02
SHA512

bd1aa82ed55b153a1c094512dc54a52fd5b92acb358fb763838f9017f46e23b7a7883ea3095439dceda037e01df4600e80c3572a68f708680afba8ab1bbd6584
SSDEEP

24576:iEtxItcAY8LS1gtid+oYdfL5oqYXJoB8A0b3CM0yTcVBtgmr9gr9Xr9er9+:iigcAVqCzxfL54Zo2pbSuTcVwmr6rBr9

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ceshi/TTPMACRO.EXE
unpack001/ceshi/ttpmenu.exe
unpack001/ceshi/ttxkcodechange.dll
unpack001/ceshi/ttxkcodechange.dll2
unpack001/ceshi/ttxkcodechange.dll3
unpack001/ceshi/ttxkcodechange.dll4

Files

248b4af3f41e95ba317cf561acb063cbd37e9e80ce4127ac4103c482ec512d02
.zip
ceshi/TTPMACRO.EXE
.exe windows:6 windows x86 arch:x86

1d71cf847dcb25a90b06f19a5d4560c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord6

ws2_32

WSASocketA
WSAIoctl
WSACleanup
WSAStartup
closesocket
inet_ntoa

kernel32

ExpandEnvironmentStringsA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileSize
GetFileTime
LockFile
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
UnlockFile
WriteFile
CloseHandle
GetLastError
WaitForSingleObject
Sleep
GetProcAddress
CreateProcessW
SetLocalTime
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
CreateFileMappingA
GetPrivateProfileStringA
WritePrivateProfileStringA
CopyFileW
MoveFileW
WritePrivateProfileStringW
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
ReleaseMutex
CreateMutexA
OpenMutexA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetModuleHandleA
GetTickCount
GetLocalTime
GetPrivateProfileStringW
GetSystemTime
OutputDebugStringA
GetFileAttributesW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetExitCodeProcess
DecodePointer
HeapSize
ReadConsoleW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
LoadLibraryExA
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
MultiByteToWideChar
GetACP
GetConsoleTitleA
SetConsoleTitleA
WideCharToMultiByte
OutputDebugStringW
GetSystemDirectoryW
GetModuleFileNameW
LoadLibraryW
MulDiv
ExpandEnvironmentStringsW
GetFullPathNameW
SetLastError
FreeResource
LoadResource
LockResource
FindResourceA
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetStdHandle
ExitProcess
GetModuleHandleExW
WriteConsoleW
HeapFree
HeapAlloc
GetCurrentThread
GetTempPathW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
SetEnvironmentVariableW
GetCPInfo
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx

gdi32

CreateCompatibleDC
DeleteObject
EnumFontFamiliesExA
EnumFontFamiliesExW
CreateDIBSection
GetDeviceCaps
SelectObject
GetTextExtentPoint32W
DeleteDC
BitBlt

comdlg32

GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW

ttpcmn

ord40
ord61
SetI18nMenuStrs
_GetI18nStrW@24

advapi32

RegQueryValueExW

shell32

SHGetPathFromIDListEx
DragQueryFileW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoCreateInstance

Exports

Exports

ExtractDirName
ExtractFileName
GetMessageboxFont
HasBalloonTipSupport
HasDnsQuery
HasMultiMonitorSupport
IsWindows2000
IsWindows2000OrLater
IsWindows7OrLater
IsWindows95
IsWindowsMe
IsWindowsNT4
IsWindowsNTKernel
IsWindowsVistaOrLater
OnigDefaultCaseFoldFlag
OnigDefaultSyntax
OnigEncodingASCII
OnigEncodingBIG5
OnigEncodingCP1251
OnigEncodingEUC_CN
OnigEncodingEUC_JP
OnigEncodingEUC_KR
OnigEncodingEUC_TW
OnigEncodingGB18030
OnigEncodingISO_8859_1
OnigEncodingISO_8859_10
OnigEncodingISO_8859_11
OnigEncodingISO_8859_13
OnigEncodingISO_8859_14
OnigEncodingISO_8859_15
OnigEncodingISO_8859_16
OnigEncodingISO_8859_2
OnigEncodingISO_8859_3
OnigEncodingISO_8859_4
OnigEncodingISO_8859_5
OnigEncodingISO_8859_6
OnigEncodingISO_8859_7
OnigEncodingISO_8859_8
OnigEncodingISO_8859_9
OnigEncodingKOI8_R
OnigEncodingSJIS
OnigEncodingUTF16_BE
OnigEncodingUTF16_LE
OnigEncodingUTF32_BE
OnigEncodingUTF32_LE
OnigEncodingUTF8
OnigSyntaxASIS
OnigSyntaxEmacs
OnigSyntaxGnuRegex
OnigSyntaxGrep
OnigSyntaxJava
OnigSyntaxOniguruma
OnigSyntaxPerl
OnigSyntaxPerl_NG
OnigSyntaxPosixBasic
OnigSyntaxPosixExtended
OnigSyntaxPython
OnigSyntaxRuby
OutputDebugPrintf
_DequoteParam@12
_GetParam@12
b64decode
doSelectFolder
get_OPENFILENAME_SIZEA
get_OPENFILENAME_SIZEW
mctimelocal
onig_builtin_cmp
onig_builtin_count
onig_builtin_error
onig_builtin_fail
onig_builtin_max
onig_builtin_mismatch
onig_builtin_total_count
onig_callout_tag_is_exist_at_callout_num
onig_copy_encoding
onig_copy_syntax
onig_end
onig_error_code_to_str
onig_foreach_name
onig_free
onig_free_body
onig_free_match_param
onig_free_match_param_content
onig_get_arg_by_callout_args
onig_get_args_num_by_callout_args
onig_get_callback_each_match
onig_get_callout_data
onig_get_callout_data_by_callout_args
onig_get_callout_data_by_callout_args_self
onig_get_callout_data_by_callout_args_self_dont_clear_old
onig_get_callout_data_by_tag
onig_get_callout_data_by_tag_dont_clear_old
onig_get_callout_data_dont_clear_old
onig_get_callout_in_by_callout_args
onig_get_callout_name_by_name_id
onig_get_callout_num_by_callout_args
onig_get_callout_num_by_tag
onig_get_callout_tag_end
onig_get_callout_tag_start
onig_get_capture_range_in_callout
onig_get_capture_tree
onig_get_case_fold_flag
onig_get_contents_by_callout_args
onig_get_contents_end_by_callout_args
onig_get_current_by_callout_args
onig_get_default_case_fold_flag
onig_get_encoding
onig_get_match_stack_limit_size
onig_get_name_id_by_callout_args
onig_get_options
onig_get_parse_depth_limit
onig_get_passed_args_num_by_callout_args
onig_get_progress_callout
onig_get_regex_by_callout_args
onig_get_retraction_callout
onig_get_retry_counter_by_callout_args
onig_get_retry_limit_in_match
onig_get_retry_limit_in_search
onig_get_right_range_by_callout_args
onig_get_start_by_callout_args
onig_get_string_by_callout_args
onig_get_string_end_by_callout_args
onig_get_subexp_call_limit_in_search
onig_get_subexp_call_max_nest_level
onig_get_syntax
onig_get_syntax_behavior
onig_get_syntax_op
onig_get_syntax_op2
onig_get_syntax_options
onig_get_used_stack_size_in_callout
onig_initialize
onig_initialize_encoding
onig_initialize_match_param
onig_is_error_code_needs_param
onig_match
onig_match_with_param
onig_name_to_backref_number
onig_name_to_group_numbers
onig_new
onig_new_match_param
onig_noname_group_capture_is_active
onig_number_of_capture_histories
onig_number_of_captures
onig_number_of_names
onig_reg_init
onig_region_clear
onig_region_copy
onig_region_free
onig_region_init
onig_region_new
onig_region_resize
onig_region_set
onig_regset_add
onig_regset_free
onig_regset_get_regex
onig_regset_get_region
onig_regset_new
onig_regset_number_of_regex
onig_regset_replace
onig_regset_search
onig_regset_search_with_param
onig_scan
onig_search
onig_search_with_param
onig_set_callback_each_match
onig_set_callout_data
onig_set_callout_data_by_callout_args
onig_set_callout_data_by_callout_args_self
onig_set_callout_data_by_tag
onig_set_callout_of_name
onig_set_callout_user_data_of_match_param
onig_set_capture_num_limit
onig_set_default_case_fold_flag
onig_set_default_syntax
onig_set_match_stack_limit_size
onig_set_match_stack_limit_size_of_match_param
onig_set_meta_char
onig_set_parse_depth_limit
onig_set_progress_callout
onig_set_progress_callout_of_match_param
onig_set_retraction_callout
onig_set_retraction_callout_of_match_param
onig_set_retry_limit_in_match
onig_set_retry_limit_in_match_of_match_param
onig_set_retry_limit_in_search
onig_set_retry_limit_in_search_of_match_param
onig_set_subexp_call_limit_in_search
onig_set_subexp_call_max_nest_level
onig_set_syntax_behavior
onig_set_syntax_op
onig_set_syntax_op2
onig_set_syntax_options
onig_set_verb_warn_func
onig_set_warn_func
onig_setup_builtin_monitors_by_ascii_encoded_name
onig_unicode_define_user_property
onigenc_get_default_encoding
onigenc_get_left_adjust_char_head
onigenc_get_prev_char_head
onigenc_get_right_adjust_char_head
onigenc_get_right_adjust_char_head_with_prev
onigenc_init
onigenc_is_valid_mbc_string
onigenc_set_default_caseconv_table
onigenc_set_default_encoding
onigenc_step_back
onigenc_str_bytelen_null
onigenc_strdup
onigenc_strlen
onigenc_strlen_null
replaceInvalidFileNameChar

Sections

.text
Size: 731KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ceshi/ttpmenu.exe
.exe windows:6 windows x86 arch:x86

e647a84c405f1e96308288cbebf4d2b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

GetProfileStringA
GetDriveTypeA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetACP
CreateDirectoryW
CreateProcessW
GetStartupInfoW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileSize
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
CopyFileW
MoveFileW
SetCurrentDirectoryW
GetCurrentProcessId
GetConsoleTitleA
SetConsoleTitleA
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
LoadLibraryW
FreeResource
LoadResource
LockResource
FindResourceA
OutputDebugStringW
GetProcessHeap
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
ReadFile
HeapReAlloc
SetFilePointerEx
lstrcmpiA
GetConsoleMode
GetConsoleOutputCP
SetConsoleCtrlHandler
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
GetCurrentThread
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetStdHandle
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
SetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
RaiseException
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FormatMessageA
GetCurrentThreadId
Sleep
GetLastError
CloseHandle
GetTempFileNameA
GetTempPathA
DecodePointer
WriteFile
DeleteFileA
CreateFileA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
lstrcpyA
GetModuleFileNameA
SetLastError
GetFileAttributesA
GetPrivateProfileStringW
GetProcAddress
GetModuleHandleA
GetTickCount
GetLocalTime
GetSystemTime
OutputDebugStringA
GetFileAttributesW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEndOfFile
FlushFileBuffers
HeapSize
WriteConsoleW
GetFileSizeEx

user32

CallWindowProcW
PostMessageW
GetDesktopWindow
SetWindowLongW
DialogBoxIndirectParamW
CreateDialogIndirectParamW
GetWindowTextLengthW
GetWindowTextW
GetMenuStringW
LoadImageW
SendMessageW
SystemParametersInfoW
GetWindowLongW
InsertMenuA
GetMenuItemID
GetPriorityClipboardFormat
EmptyClipboard
GetClipboardData
CloseClipboard
OpenClipboard
GetClassNameA
SetWindowTextW
ModifyMenuW
SendDlgItemMessageW
GetWindowThreadProcessId
GetClassLongA
SetClassLongA
GetWindow
SetWindowPos
IsWindowVisible
IsIconic
GetClientRect
ClientToScreen
MessageBoxW
LoadIconA
CharNextA
CharPrevA
GetWindowLongA
GetWindowRect
GetDC
SetForegroundWindow
GetForegroundWindow
GetKeyState
MoveWindow
CallWindowProcA
AttachThreadInput
CopyIcon
DrawIconEx
LoadImageA
DestroyIcon
SetClipboardData
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
FindWindowA
GetParent
SetWindowLongA
GetSysColor
GetCursorPos
MessageBoxA
ReleaseDC
GetWindowDC
TrackPopupMenu
DeleteMenu
ModifyMenuA
AppendMenuA
GetMenuItemCount
GetSubMenu
DestroyMenu
CreateMenu
GetSystemMenu
GetMenuState
LoadMenuA
GetSystemMetrics
EnableWindow
GetDlgCtrlID
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextW
SetDlgItemTextA
GetDlgItem
EndDialog
ShowWindow
DestroyWindow
IsChild
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
SendMessageA
UnregisterHotKey
RegisterHotKey
DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
wsprintfA
SystemParametersInfoA

gdi32

GetObjectA
EnumFontFamiliesExW
DeleteDC
CreateCompatibleDC
BitBlt
ExtTextOutA
GetDeviceCaps
GetTextExtentPoint32W
GetTextMetricsA
SetTextColor
SetBkColor
SelectObject
GetTextExtentPoint32A
GetStockObject
DeleteObject
CreateDIBSection
EnumFontFamiliesExA
CreateFontIndirectA

comdlg32

GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
GetOpenFileNameW

advapi32

RegOpenKeyExA
RegQueryValueExW
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetPathFromIDListEx
DragQueryFileW
SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteExA

ole32

CoCreateInstance
CoTaskMemFree

Exports

Exports

ExtractDirName
ExtractFileName
GetMessageboxFont
HasBalloonTipSupport
HasDnsQuery
HasMultiMonitorSupport
IsWindows2000
IsWindows2000OrLater
IsWindows7OrLater
IsWindows95
IsWindowsMe
IsWindowsNT4
IsWindowsNTKernel
IsWindowsVistaOrLater
OutputDebugPrintf
_DequoteParam@12
_GetI18nLogfont@20
_GetI18nStr@24
_GetI18nStrW@24
_GetParam@12
_SetI18nDlgStrs@20
_SetI18nMenuStrs@20
b64decode
doSelectFolder
get_OPENFILENAME_SIZEA
get_OPENFILENAME_SIZEW
mctimelocal
replaceInvalidFileNameChar

Sections

.text
Size: 459KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ceshi/ttxkcodechange.dll
.dll windows:6 windows x86 arch:x86

2ec6c7cc10d8e840462b859a2d77eda0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer

Exports

Exports

_TTXBind@8

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ceshi/ttxkcodechange.dll2
.dll windows:6 windows x86 arch:x86

2ec6c7cc10d8e840462b859a2d77eda0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer

Exports

Exports

_TTXBind@8

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ceshi/ttxkcodechange.dll3
.dll windows:6 windows x86 arch:x86

2ec6c7cc10d8e840462b859a2d77eda0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer

Exports

Exports

_TTXBind@8

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ceshi/ttxkcodechange.dll4
.dll windows:6 windows x86 arch:x86

2ec6c7cc10d8e840462b859a2d77eda0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer

Exports

Exports

_TTXBind@8

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d71cf847dcb25a90b06f19a5d4560c6

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

ws2_32

kernel32

gdi32

comdlg32

ttpcmn

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 731KB - Virtual size: 731KB

.rdata Size: 414KB - Virtual size: 414KB

.data Size: 55KB - Virtual size: 88KB

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 26KB - Virtual size: 25KB

e647a84c405f1e96308288cbebf4d2b8

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 459KB - Virtual size: 459KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 3KB - Virtual size: 290KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 14KB - Virtual size: 14KB

2ec6c7cc10d8e840462b859a2d77eda0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

2ec6c7cc10d8e840462b859a2d77eda0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

2ec6c7cc10d8e840462b859a2d77eda0

Headers

DLL Characteristics

.text
Size: 731KB - Virtual size: 731KB

.rdata
Size: 414KB - Virtual size: 414KB

.data
Size: 55KB - Virtual size: 88KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 26KB - Virtual size: 25KB

.text
Size: 459KB - Virtual size: 459KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 3KB - Virtual size: 290KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 14KB - Virtual size: 14KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB