68a07d92e6df82eda39fc4d0c580ac4d

Sharing

Copy URL Twitter E-mail

General

Target

68a07d92e6df82eda39fc4d0c580ac4d
Size

1.9MB
MD5

68a07d92e6df82eda39fc4d0c580ac4d
SHA1

0c05ec706798df76aea5422a27aaa4b15badd4e5
SHA256

12b37f68d6ee0b282f250b820c39549186e74470a0c2325f6c331172394230a6
SHA512

f5da0b2ee7c41c24ae717bd549e7b912e315ed97904ff97da18c62f36954e8722b10f5202d4d0d0f7e25765b1e63d2a4f3ba16d62860117290c83376f65bd973
SSDEEP

49152:UJ6hxzT6eJ+pk6EXjv2Wc5zKf/hrqPWXbVLh1SFXtF8Ho84JoXo6H4uUpJ:UqzPXTyMweXbZh6XGPH4hpJ

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/Psv格式播放工具.exe	aspack_v212_v242

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/PcShare.exe
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/Psv格式播放工具.exe
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcClient.dll
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcCortr.dll
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcFile.exe
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcFrame.exe
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcHide.sys
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcInit.exe
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcInit.exe.bak
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcKey.dll
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcKeyMon.exe
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcMulit.exe
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcProc.exe
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcRegedit.exe
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcService.exe
unpack001/050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcTlnt.exe

Files

68a07d92e6df82eda39fc4d0c580ac4d
.rar
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/PcShare.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

GOLDSUN
Size: - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GOLDSUN
Size: 130KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GOLDSUN
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/PcShare.ini
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/Psv格式播放工具.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcClient.dll
.dll windows:4 windows x86 arch:x86

d471e4cc31b788e47645426cca40c4a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
DisableThreadLibraryCalls
CreateThread
ExitProcess
ReleaseMutex
WaitForSingleObject
Sleep
DeleteFileA
CreateEventA
CreateMutexA
lstrcmpA
SetFilePointer
CreateProcessA
GetSystemDirectoryA
GetStartupInfoA
VirtualFreeEx
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenW
OpenProcess
MultiByteToWideChar
FreeLibrary
GetVersion
DeviceIoControl
GetProcAddress
GetCurrentProcessId
lstrcpyA
lstrcatA
lstrlenA
LoadLibraryA
ReadFile

user32

wsprintfA
CharUpperA

advapi32

RegCloseKey
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
DeleteService
OpenSCManagerA
ControlService

shell32

ShellExecuteA

wininet

InternetReadFile
InternetSetOptionA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA

ws2_32

inet_ntoa
gethostbyname
inet_addr

shlwapi

SHDeleteKeyA

msvcrt

??3@YAXPAX@Z
strrchr
_adjust_fdiv
malloc
_initterm
free
_except_handler3
strstr
strchr
atoi
__CxxFrameHandler
??2@YAPAXI@Z
sprintf

Exports

Exports

ServiceMain

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcCortr.dll
.dll windows:4 windows x86 arch:x86

d3e0c63c4145ad90ae763172a5ec1226

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetSetOptionA
InternetOpenUrlA
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetCloseHandle
HttpSendRequestA
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA

shlwapi

SHDeleteKeyA

mfc42

ord3319
ord3310
ord2820
ord6385
ord668
ord354
ord5186
ord1979
ord665
ord825
ord823
ord800
ord3181
ord4058
ord2781
ord1980
ord2770
ord356
ord3790
ord3010
ord3178
ord4274
ord6375
ord4486
ord269
ord6467
ord1116
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord2554

msvcrt

getenv
__CxxFrameHandler
strchr
strrchr
_strupr
sprintf
atol
_beginthread
fclose
fread
fseek
fopen
fwrite
_stat
atoi
free
malloc
calloc
_EH_prolog
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

GetDiskFreeSpaceExA
LocalAlloc
LocalFree
GetPriorityClass
GetThreadPriority
SetPriorityClass
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
CreateProcessA
GetStdHandle
CreatePipe
SetStdHandle
DuplicateHandle
WriteFile
ReadFile
GetTickCount
ResetEvent
TerminateThread
GetCurrentThread
GetSystemDirectoryA
GetTempPathA
DeleteFileA
SetEvent
Sleep
GetCurrentThreadId
CreateEventA
lstrcpyA
lstrlenA
WaitForSingleObject
GetVolumeInformationA
TerminateProcess
CreateToolhelp32Snapshot
Process32First
GetCurrentProcess
Process32Next
OpenProcess
LoadLibraryA
GetProcAddress
FreeLibrary
CloseHandle
GetLogicalDriveStringsA
GetDriveTypeA
SetCurrentDirectoryA
MoveFileA
CreateDirectoryA

user32

OpenWindowStationA
GetThreadDesktop
ExitWindowsEx
GetProcessWindowStation
ReleaseDC
GetDC
PostMessageA
OpenDesktopA
SetProcessWindowStation
SetCursorPos
IsWindow
SendMessageA
GetMessageA
OpenInputDesktop
SetThreadDesktop
CloseWindowStation
CloseDesktop
DispatchMessageA
TranslateMessage
DestroyWindow
SendInput
wsprintfA

gdi32

SelectPalette
RealizePalette
GetDIBits
DeleteObject
CreateCompatibleDC
GetStockObject
DeleteDC
SelectObject
BitBlt
CreateDCA
GetDeviceCaps
CreateCompatibleBitmap

advapi32

OpenThreadToken
LogonUserA
CreateProcessAsUserA
ImpersonateSelf
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
QueryServiceConfigA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
ChangeServiceConfigA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
StartServiceA
ControlService
DeleteService
EnumServicesStatusA

shell32

SHFileOperationA
ShellExecuteA
SHEmptyRecycleBinA

avicap32

capCreateCaptureWindowA

Exports

Exports

ToDo

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcFile.exe
.exe windows:4 windows x86 arch:x86

adf91c02b4a9dc063bf142dee24387c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetModuleFileNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetCurrentThreadId
SetLastError
GetTickCount
MulDiv
GetLastError
FormatMessageA
LocalFree
GetVersion
GetVersionExA
FreeLibrary
LoadLibraryA
GetProcAddress
FindResourceA
LoadResource
LockResource
ResetEvent
WaitForSingleObject
CreateDirectoryA
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTempPathA
SetEvent
DeleteCriticalSection
CloseHandle
CreateEventA
InitializeCriticalSection
MultiByteToWideChar
GetModuleHandleA

user32

GrayStringA
DrawTextA
TabbedTextOutA
DrawEdge
SetRect
DrawFocusRect
GetMessagePos
DrawStateA
InflateRect
GetClientRect
GetMenuItemCount
GetMenuItemID
WindowFromDC
CopyRect
DestroyIcon
GetIconInfo
FillRect
MessageBoxA
ClientToScreen
GetMenuItemInfoA
SystemParametersInfoA
GetWindowRect
OffsetRect
IsMenu
GetSysColor
GetWindowDC
GetSystemMetrics
ReleaseDC
LoadBitmapA
IsWindow
TranslateMessage
GetMenuDefaultItem
DispatchMessageA
GetParent
LoadMenuA
GetSubMenu
AppendMenuA
EnableWindow
IsChild
MenuItemFromPoint
GetMenu
DestroyMenu
GetSystemMenu
SetTimer
GetFocus
IsRectEmpty
SetWindowPos
IntersectRect
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
RemovePropA
GetPropA
CallWindowProcA
SetPropA
GetWindowLongA
GetClassNameA
CallNextHookEx
BringWindowToTop
UpdateWindow
ModifyMenuA
GetMenuStringA
GetMenuState
PeekMessageA
RedrawWindow
LoadIconA
LoadImageA
LoadCursorA
SendMessageA
GetMenuItemRect
CreatePopupMenu
GetCursorPos
SetForegroundWindow
wsprintfA
SetCursor
PostMessageA
KillTimer

gdi32

GetObjectA
DeleteObject
RoundRect
GetTextExtentPoint32A
BitBlt
Rectangle
CreatePen
SetBrushOrgEx
UnrealizeObject
GetPixel
RectVisible
TextOutA
ExtTextOutA
Escape
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
SelectClipRgn
SetPixel
GetNearestColor
CreateFontIndirectA
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
CreatePatternBrush
CreateSolidBrush
PtVisible
GetStockObject

shell32

SHGetFileInfoA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

ws2_32

WSASocketA
send
recv
WSACleanup
WSAStartup
closesocket

mfc42

ord6652
ord4236
ord331
ord2444
ord5248
ord5279
ord6369
ord5234
ord1713
ord1709
ord5083
ord2389
ord4121
ord5471
ord4057
ord4364
ord2531
ord6154
ord3102
ord1819
ord4622
ord1859
ord2152
ord4160
ord1140
ord2714
ord3643
ord394
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord561
ord815
ord6215
ord2621
ord1134
ord6880
ord1137
ord3232
ord5484
ord4145
ord5805
ord1864
ord645
ord407
ord5473
ord2102
ord1858
ord401
ord2445
ord5254
ord800
ord860
ord540
ord825
ord5572
ord2915
ord858
ord4129
ord5710
ord6283
ord823
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord686
ord794
ord796
ord807
ord674
ord1146
ord1168
ord384
ord527
ord529
ord554
ord501
ord366
ord773
ord5981
ord5885
ord5884
ord2862
ord2096
ord6000
ord2117
ord4163
ord6625
ord4457
ord1233
ord5252
ord6008
ord4413
ord6069
ord4467
ord3481
ord2252
ord4981
ord6067
ord3482
ord6120
ord5030
ord3303
ord641
ord2514
ord3287
ord3286
ord3301
ord4224
ord6270
ord1644
ord4125
ord602
ord765
ord6907
ord6905
ord4171
ord3663
ord693
ord2841
ord3790
ord3452
ord2515
ord3874
ord355
ord537
ord3177
ord3499
ord2864
ord2379
ord3998
ord1083
ord5600
ord665
ord5442
ord1979
ord3318
ord5186
ord354
ord6385
ord2107
ord5450
ord5440
ord6383
ord6394
ord4247
ord4234
ord4248
ord4245
ord4246
ord2455
ord4724
ord5053
ord2863
ord4499
ord1133
ord4810
ord4774
ord3021
ord6453
ord4458
ord4500
ord4501
ord4775
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord5241
ord5280
ord4441
ord5261
ord4425
ord3597
ord2820
ord2818
ord324
ord2301
ord2370
ord6199
ord4710
ord1849
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord4532
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord5290
ord3748
ord1726
ord5253
ord3371
ord4432
ord3641
ord303
ord813
ord4244
ord1175
ord6007
ord2763
ord3996
ord4464
ord6696
ord1942
ord5259
ord3399
ord3734
ord4272
ord4284
ord1945
ord5260
ord560
ord4273
ord5910
ord4299
ord2358
ord3567
ord3402
ord4424
ord3698
ord567
ord2302
ord1768
ord6734
ord2582
ord4402
ord3370
ord3640
ord2289
ord2652
ord5681
ord2642
ord3092
ord1669
ord6334
ord4220
ord2584
ord3654
ord2438
ord2824
ord3811
ord5621
ord1816
ord3571
ord3626
ord3573
ord5823
ord3664
ord996
ord640
ord2414
ord5785
ord1641
ord1640
ord323
ord2859
ord415
ord613
ord289
ord715
ord5641
ord1867
ord2866
ord3619
ord816
ord5789
ord562
ord283
ord2754
ord1871
ord5607
ord2762
ord896
ord2408
ord1642
ord2453
ord1862
ord3701
ord500
ord772
ord1176
ord6142
ord2567
ord5788
ord5787
ord5875
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord4277
ord5683
ord2614
ord3920
ord472
ord6194
ord2860
ord2764
ord6877
ord5860
ord3702
ord1621
ord4202
ord5856
ord536
ord2753
ord696
ord1265
ord5642
ord4185
ord5628
ord6467
ord3706
ord2452
ord4023
ord909
ord2546
ord3815
ord291
ord1110
ord1724
ord5256
ord706
ord408
ord1865
ord5101
ord2101
ord5104
ord3351
ord976
ord4152
ord2382
ord5283
ord1576

msvcrt

_setmbcp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
free
calloc
fwrite
fopen
fseek
fread
fclose
_strupr
atoi
_ftol
_beginthread
sprintf
strstr
strchr
strrchr
_mbscmp
__CxxFrameHandler
_controlfp

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_GetIconSize
ImageList_SetOverlayImage
ImageList_ReplaceIcon

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcFrame.exe
.exe windows:4 windows x86 arch:x86

bfb29af118c86d2720e5341aa12d07c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetModuleFileNameA
GetPrivateProfileStringA
InitializeCriticalSection
GetCurrentDirectoryA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA

user32

PostMessageA
GetKeyState
EnableWindow
LoadCursorA
SendMessageA
LoadImageA
LoadIconA
SetCursor
BringWindowToTop
UpdateWindow
GetDC
GetClientRect
SetTimer
ReleaseDC

gdi32

BitBlt
GetObjectA
DeleteObject
CreateCompatibleBitmap
GetDIBits
RealizePalette
SelectPalette
GetStockObject
CreateDIBitmap
CreateCompatibleDC

ws2_32

send
WSASocketA
closesocket
WSACleanup
recv
WSAStartup

mfc42

ord4424
ord3738
ord561
ord815
ord6215
ord5484
ord2621
ord1134
ord2725
ord2092
ord4622
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord823
ord1920
ord3571
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4723
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6055
ord4078
ord1776
ord4407
ord5240
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1725
ord5260
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4432
ord784
ord517
ord825
ord3626
ord3663
ord2414
ord4262
ord755
ord470
ord640
ord2753
ord5785
ord1640
ord323
ord1641
ord2859
ord5766
ord6131
ord6216
ord3075
ord2754
ord2379
ord2860
ord1175
ord641
ord1979
ord6385
ord665
ord4224
ord800
ord5186
ord3499
ord354
ord2515
ord355
ord537
ord1842
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord3749
ord1727
ord4427
ord686
ord807
ord796
ord674
ord1146
ord1168
ord384
ord554
ord529
ord366
ord4242
ord5885
ord5882
ord5884
ord2862
ord2096
ord6000
ord2117
ord4163
ord6625
ord4457
ord2258
ord1233
ord5252
ord4413
ord6067
ord3482
ord5030
ord4981
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord1576

msvcrt

_setmbcp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
free
__CxxFrameHandler
sprintf
_except_handler3
_beginthread
strstr
strchr
calloc

comctl32

ImageList_ReplaceIcon

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcHide.sys
.sys windows:5 windows x86 arch:x86

c727f335720b334d5691fb42380798c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ObQueryNameString
ExAllocatePoolWithTag
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
ZwSetValueKey
RtlInitUnicodeString
ZwOpenKey
wcslen
wcscat
strchr
wcsncmp
ZwEnumerateKey
ExFreePoolWithTag
wcscmp
RtlCompareMemory
RtlUpperString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr
ObfDereferenceObject
_strupr
ObReferenceObjectByHandle

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcInit.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.petite
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcInit.exe.bak
.exe windows:4 windows x86 arch:x86

1a90c9863913131c2503e173196e825a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
SetFileTime
WriteFile
Sleep
OpenMutexA
ReadFile
SetFilePointer
GetTempPathA
lstrcpyA
GetSystemDirectoryA
GetFileTime
GetEnvironmentVariableA
Process32Next
lstrlenA
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
lstrlenW
OpenProcess
MultiByteToWideChar
CreateFileA
GetStartupInfoA
DeviceIoControl
lstrcmpiA
CloseHandle

user32

wsprintfA

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

msvcrt

_exit
memset
sprintf
strncpy
strcpy
strncmp
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
memcpy
__CxxFrameHandler
_EH_prolog
_except_handler3
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcKey.dll
.dll windows:4 windows x86 arch:x86

c66e0861537c46a6295a120a823b05b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
SetFilePointer
CreateFileA
LoadLibraryA
GetProcAddress
GetCurrentProcess
lstrcatA
GetCurrentProcessId
GetLocalTime
lstrcpyA
GetCurrentThreadId

user32

SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
SetWindowsHookExA
GetKeyboardState
CallNextHookEx
GetActiveWindow
wsprintfA
GetWindowTextA
ToAscii

msvcrt

_adjust_fdiv
malloc
_initterm
free

Exports

Exports

SK

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 342B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcKeyMon.exe
.exe windows:4 windows x86 arch:x86

fa1aff6577a5e8c75ed1b6975fa9fb00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetForegroundWindow
GetCursorPos
LoadMenuA
EnableWindow
BringWindowToTop
UpdateWindow
GetSubMenu
SendMessageA
PostMessageA
SetCursor
LoadIconA
LoadCursorA

gdi32

GetStockObject

ws2_32

closesocket
recv
WSACleanup
WSAStartup
WSASocketA

mfc42

ord324
ord3597
ord4425
ord5261
ord5280
ord4234
ord4897
ord5241
ord1775
ord6052
ord2514
ord4710
ord4998
ord4853
ord823
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord796
ord674
ord1146
ord1168
ord529
ord366
ord825
ord6000
ord2117
ord4457
ord1233
ord5252
ord2258
ord4981
ord2379
ord4413
ord6199
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord3663
ord1830
ord2400
ord5061
ord4938
ord4940
ord4629
ord4589
ord4586
ord1576
ord4368
ord4891
ord5076
ord4341
ord4349
ord4723
ord4886
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4078
ord5240
ord5290
ord4441
ord3748
ord1723
ord4432
ord5817
ord344
ord657
ord4239
ord3873
ord3499
ord641
ord800
ord2515
ord355
ord537
ord3876
ord5251
ord1175
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord6215
ord1134
ord1199
ord1205
ord3953
ord5265
ord4376

msvcrt

_onexit
_setmbcp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
__CxxFrameHandler
_beginthread
fclose
fwrite
fopen
strchr
__dllonexit
_exit
_controlfp

comctl32

ord17

kernel32

GetStartupInfoA
GetModuleHandleA

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcMulit.exe
.exe windows:4 windows x86 arch:x86

9a482d1e1b1b6d040024dcf657f41177

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSACleanup
recv
send
closesocket
WSASocketA

mfc42

ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3721
ord567
ord825
ord795
ord4275
ord640
ord5785
ord2860
ord1640
ord323
ord2859
ord755
ord470
ord800
ord641
ord3499
ord2515
ord355
ord537
ord2379
ord823
ord4673
ord4274
ord5277
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2514
ord2621
ord1134
ord5265
ord1576
ord6052
ord1775
ord5280
ord4425
ord3597
ord1146
ord1168
ord324
ord2302
ord4234
ord2642
ord3092
ord6199
ord4710
ord1768
ord6880
ord4299
ord4376
ord4224
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord6375
ord4998

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
free
calloc
strstr
__CxxFrameHandler
strchr
_setmbcp
fclose
sprintf
_beginthread
fwrite
fopen
fseek

kernel32

GetPrivateProfileStringA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetCurrentDirectoryA
GlobalAlloc
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GetTickCount
CloseHandle
GlobalFree

user32

DrawIcon
GetSystemMetrics
IsIconic
PostMessageA
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
LoadIconA
LoadCursorA
SendMessageA
GetDC
ReleaseDC
EnableWindow

gdi32

SelectPalette
CreateDCA
GetDeviceCaps
DeleteDC
GetObjectA
GetStockObject
GetDIBits
CreateCompatibleBitmap
CreateDIBitmap
CreateCompatibleDC
BitBlt
DeleteObject
RealizePalette

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcProc.exe
.exe windows:4 windows x86 arch:x86

3991f47baad76d7527391ace84e6bf57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetStartupInfoA
GetModuleHandleA
SetEvent
CloseHandle
ResetEvent
CreateEventA

user32

GetSubMenu
SetForegroundWindow
GetCursorPos
LoadMenuA
SetCursor
DispatchMessageA
PeekMessageA
TranslateMessage
EnableWindow
BringWindowToTop
UpdateWindow
LoadCursorA
LoadIconA
PostMessageA
SendMessageA

gdi32

GetStockObject

ws2_32

recv
send
closesocket
WSASocketA
WSAStartup
WSACleanup

mfc42

ord4234
ord324
ord3597
ord4425
ord5261
ord5280
ord5241
ord1775
ord6052
ord2514
ord641
ord4710
ord4998
ord4853
ord4376
ord5265
ord3953
ord1205
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord796
ord674
ord823
ord1146
ord1168
ord529
ord366
ord825
ord6000
ord2117
ord4457
ord1233
ord5252
ord2379
ord2258
ord6069
ord800
ord3301
ord6067
ord3482
ord5030
ord4413
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord4981
ord3663
ord1849
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4078
ord4403
ord5240
ord5290
ord4441
ord3748
ord1726
ord4432
ord303
ord813
ord4244
ord4284
ord6696
ord3996
ord4464
ord6907
ord3998
ord5253
ord1175
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord6215
ord6199
ord1134
ord1199
ord1576

msvcrt

_setmbcp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
free
__CxxFrameHandler
atol
sprintf
_beginthread
_ultoa
strchr
calloc

comctl32

ord17

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcRegedit.exe
.exe windows:4 windows x86 arch:x86

ba85f04751b36e0abd6371dc5b671ef9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
GetModuleHandleA
WaitForSingleObject
SetEvent
CloseHandle
GetStartupInfoA
CreateEventA

user32

LoadMenuA
SendMessageA
wsprintfA
PostMessageA
SetCursor
DispatchMessageA
PeekMessageA
TranslateMessage
EnableWindow
BringWindowToTop
UpdateWindow
LoadIconA
GetSubMenu
SetForegroundWindow
GetCursorPos
LoadCursorA

gdi32

GetStockObject

ws2_32

send
closesocket
WSASocketA
recv
WSACleanup
WSAStartup

mfc42

ord1205
ord1199
ord1134
ord6199
ord6215
ord815
ord561
ord3738
ord4424
ord4622
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord4995
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord794
ord796
ord674
ord823
ord1146
ord1168
ord527
ord529
ord366
ord825
ord6000
ord2117
ord4457
ord1233
ord5252
ord6069
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord6008
ord4125
ord6907
ord3998
ord800
ord3301
ord3303
ord2514
ord641
ord2379
ord4467
ord3481
ord2252
ord4981
ord6067
ord3482
ord5910
ord5030
ord4413
ord3663
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord5241
ord5280
ord4441
ord5261
ord4425
ord3597
ord860
ord540
ord324
ord2370
ord4234
ord6334
ord4284
ord3092
ord4710
ord1849
ord4532
ord5253
ord3371
ord3641
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord5290
ord3748
ord1726
ord4432
ord384
ord303
ord813
ord686
ord4244
ord6696
ord3996
ord2862
ord2096
ord4464
ord1175
ord2864
ord5981
ord4224
ord2763
ord537
ord1942
ord3399
ord3734
ord5259
ord4272
ord1816
ord2289
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord1576

msvcrt

_setmbcp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
free
__CxxFrameHandler
sprintf
_mbscmp
atol
_beginthread
strchr
calloc

comctl32

ImageList_ReplaceIcon
ord17

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcService.exe
.exe windows:4 windows x86 arch:x86

3eb58ec6577e924a8afa325169053b48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
GetModuleHandleA
WaitForSingleObject
SetEvent
CloseHandle
GetStartupInfoA
CreateEventA

user32

SetForegroundWindow
GetCursorPos
LoadMenuA
SetCursor
DispatchMessageA
PeekMessageA
TranslateMessage
EnableWindow
GetParent
BringWindowToTop
UpdateWindow
LoadIconA
PostMessageA
SendMessageA
GetSubMenu
LoadCursorA

gdi32

GetStockObject

ws2_32

send
closesocket
WSASocketA
recv
WSACleanup
WSAStartup

mfc42

ord1205
ord1199
ord1134
ord6199
ord6215
ord815
ord561
ord3738
ord4424
ord4622
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord796
ord674
ord823
ord1146
ord1168
ord529
ord366
ord825
ord6000
ord2117
ord4457
ord1233
ord5252
ord2379
ord2258
ord6069
ord6067
ord3482
ord5030
ord4413
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord4981
ord3286
ord4224
ord6907
ord800
ord3301
ord641
ord2514
ord3663
ord5265
ord4376
ord4998
ord4710
ord6052
ord4078
ord1775
ord5241
ord5280
ord4441
ord5261
ord4425
ord3597
ord860
ord540
ord324
ord2289
ord2370
ord2299
ord4234
ord4853
ord6334
ord1849
ord4532
ord5253
ord3371
ord3641
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord5290
ord3748
ord1726
ord4432
ord384
ord303
ord813
ord686
ord4244
ord4284
ord6696
ord3996
ord2862
ord2096
ord4464
ord1175
ord6007
ord3998
ord4508
ord2864
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord1576

msvcrt

_setmbcp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
free
__CxxFrameHandler
sprintf
_mbscmp
_beginthread
strchr
calloc

comctl32

ImageList_ReplaceIcon
ord17

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/PcTlnt.exe
.exe windows:4 windows x86 arch:x86

3df24ee29c38c1e2068615d5e8ce722a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
TerminateThread
WaitForSingleObject
WaitForMultipleObjects
SetConsoleMode
GetStdHandle
CloseHandle
CreateEventA
SetConsoleTitleA
GetModuleHandleA
GetCommandLineA
GetConsoleMode
lstrlenA
lstrcpyA
WriteConsoleA
SetConsoleTextAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
CreateThread
ExitThread
WriteConsoleOutputCharacterA
ReadConsoleInputA

user32

BringWindowToTop
PeekMessageA
TranslateMessage
DispatchMessageA
EnableWindow

shell32

StrCmpNIA

ws2_32

WSACleanup
WSASocketA
send
recv
closesocket
WSAStartup

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

mfc42

ord1175
ord1575
ord2086
ord815
ord561
ord4710
ord6199
ord1768
ord2379
ord4234
ord641
ord326
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord1816
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
free
calloc
strlen
strcat
_EH_prolog
__CxxFrameHandler
strcpy
exit
signal
printf
_controlfp

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/update/QQWry.dat
050725PcShare2005-Vip-0718/050725PcShare2005-Vip-0718/PcShare2005-Vip-0718/使用帮助说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

GOLDSUN Size: - Virtual size: 404KB

GOLDSUN Size: 130KB - Virtual size: 136KB

GOLDSUN Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

.text Size: 9KB - Virtual size: 20KB

.rdata Size: 2KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 8KB

.aspack Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

d471e4cc31b788e47645426cca40c4a9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

ws2_32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

Shared Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 890B

d3e0c63c4145ad90ae763172a5ec1226

Headers

File Characteristics

Imports

wininet

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

avicap32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 2KB

adf91c02b4a9dc063bf142dee24387c4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ws2_32

mfc42

msvcrt

comctl32

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 84KB - Virtual size: 80KB

bfb29af118c86d2720e5341aa12d07c7

GOLDSUN
Size: - Virtual size: 404KB

GOLDSUN
Size: 130KB - Virtual size: 136KB

GOLDSUN
Size: 512B - Virtual size: 512B

.text
Size: 9KB - Virtual size: 20KB

.rdata
Size: 2KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 8KB

.aspack
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

Shared
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 890B

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 84KB - Virtual size: 80KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1024B - Virtual size: 1002B

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 640B - Virtual size: 598B

.petite
Size: 1024B - Virtual size: 824B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 927B

.data
Size: 4KB - Virtual size: 208B

Shared
Size: 4KB - Virtual size: 264B

.reloc
Size: 4KB - Virtual size: 342B