4[.]zip[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4.zip.zip
Size

8.7MB
MD5

d8664586adf39412db89c41af91f09c5
SHA1

b299db8a3cf565cc663602bc9e6ead30169b7c6e
SHA256

222e064ca35c691a96ca2fd74c7754bbeb2100455fd1f5c68ee5160f7e5a0788
SHA512

8ef8e241eb1d4af79bd16dd472f9648e2e88e285ae970437d97cd91a8cc3fb356aaf1353c70cd18d84c2a8f8c7654ce43e729507dbe441daf9c8eda5c56b6c98
SSDEEP

196608:99t4P3lGAaJYAmeMIn+UWEKFu3vKGbrc6WXm/tIgM+7P1a9osf5h+:4aPmeHn+UW3geEEYP1a6Kk

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/大灰狼远程协助管理hack44.cn/Bin_huc123.com/SkinH.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/大灰狼远程协助管理hack44.cn/Bin_huc123.com/SkinH.dll	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack002/大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/FTPServer.exe
unpack002/大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/mstsc.exe
unpack002/大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/mstscax.dll
unpack002/大灰狼远程协助管理hack44.cn/Bin_huc123.com/Plugins/控件版本编辑.exe
unpack002/大灰狼远程协助管理hack44.cn/Bin_huc123.com/SkinH.dll
unpack002/大灰狼远程协助管理hack44.cn/Bin_huc123.com/Update/DHL2012.dat
unpack002/大灰狼远程协助管理hack44.cn/Bin_huc123.com/大灰狼远程管理.exe

Files

4.zip.zip
.zip

Password: infected
4.zip
.rar
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/FTPServer.exe
.exe windows:4 windows x86 arch:x86

5a5a55551436be725d131033f85b3674

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord825
ord2370
ord4234
ord1768
ord6199
ord4710
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord4424
ord3640
ord807
ord796
ord809
ord686
ord693
ord1146
ord1168
ord554
ord529
ord556
ord384
ord567
ord3663
ord818
ord2302
ord6197
ord6379
ord2122
ord6334
ord858
ord3522
ord3521
ord2086
ord4299
ord6880
ord3092
ord6215
ord6453
ord6069
ord2379
ord2546
ord291
ord2863
ord6335
ord3998
ord3996
ord6900
ord2862
ord2096
ord6905
ord2864
ord5655
ord2011
ord6067
ord3288
ord6000
ord2117
ord4284
ord3797
ord5871
ord4163
ord2120
ord613
ord289
ord2818
ord955
ord1140
ord1194
ord5440
ord6383
ord823
ord5450
ord6394
ord2301
ord2362
ord6403
ord6402
ord1175
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord4622
ord817
ord3811
ord565
ord2393
ord3500
ord1639
ord535
ord2726
ord5605
ord2761
ord4226
ord5308
ord4779
ord5811
ord5482
ord2032
ord4447
ord4335
ord4863
ord4975
ord5797
ord5479
ord1995
ord967
ord3717
ord802
ord791
ord542
ord523
ord4411
ord4919
ord1200
ord939
ord537
ord6569
ord4277
ord4129
ord2764
ord5710
ord4204
ord5622
ord924
ord2827
ord3831
ord6877
ord3780
ord1638
ord2077
ord941
ord922
ord2029
ord536
ord5683
ord6929
ord6927
ord4202
ord2614
ord6930
ord668
ord3178
ord3319
ord4058
ord2781
ord2770
ord356
ord5810
ord5481
ord2031
ord5796
ord5478
ord1971
ord966
ord3570
ord665
ord605
ord354
ord278
ord2449
ord1567
ord268
ord5823
ord3664
ord3742
ord3584
ord415
ord543
ord715
ord803
ord4275
ord2152
ord1233
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord5714
ord3738
ord815
ord561
ord2621
ord1199
ord1247
ord6117
ord4396
ord3574
ord609
ord5875
ord3874
ord2754
ord2859
ord3402
ord3626
ord2414
ord3571
ord755
ord640
ord5794
ord2915
ord2567
ord6172
ord5789
ord5785
ord1641
ord1640
ord323
ord470
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord1081
ord1106
ord1816
ord2820
ord6907
ord3301
ord3693
ord5788
ord5873
ord6696
ord6662
ord3337
ord1949
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord5620
ord6007
ord3286
ord4224
ord3089
ord2642
ord5981
ord4055
ord1871
ord6571
ord2740
ord879
ord2801
ord882
ord603
ord1979
ord1969
ord273
ord5186
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord3790
ord5265
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
_setmbcp
__CxxFrameHandler
_mbsrev
_mbsdec
_mbsinc
_ui64toa
_mbscmp
atoi
_mbsicmp
_ftol
_splitpath
memmove
??1type_info@@UAE@XZ
__dllonexit
_controlfp

kernel32

LeaveCriticalSection
ResumeThread
GetProcAddress
LoadLibraryA
SetThreadPriority
CreateDirectoryA
GetLocalTime
GetModuleHandleA
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
MulDiv
Sleep
lstrcpynA
lstrcatA
lstrcpyA
lstrlenA
GetModuleFileNameA
RemoveDirectoryA
EnterCriticalSection
DeleteFileA
MultiByteToWideChar
GetFileAttributesA
GetTickCount

user32

SetTimer
PostThreadMessageA
wsprintfA
GetDlgItem
RedrawWindow
KillTimer
WinHelpA
DrawFocusRect
InflateRect
GetDlgCtrlID
DrawStateA
CopyRect
DrawFrameControl
GetSysColor
DrawTextExA
GetParent
LoadMenuA
PtInRect
EnableMenuItem
GetCursorPos
TranslateMessage
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
SetForegroundWindow
SetWindowPos
IsWindow
GetWindow
OffsetRect
GetClientRect
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
IsWindowVisible
GetWindowRect
LoadImageA
InvalidateRect
UpdateWindow
ScreenToClient
DestroyIcon
SendMessageA
PostMessageA
LoadIconA
EnableWindow
GetSystemMetrics

gdi32

CreatePen
Ellipse
CreateCompatibleDC
CreateCompatibleBitmap
Polygon
BitBlt
DeleteObject
GetTextExtentPoint32A
StretchBlt

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA

comctl32

ImageList_ReplaceIcon
ord17

ole32

CoInitialize
CoUninitialize
CoCreateInstance

wsock32

shutdown
WSAGetLastError
listen

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/QQwry.dat
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/SkinH.she
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/SkinH0.she
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/SkinH1.she
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/SkinH2.she
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/SkinH4.she
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/SkinH5.she
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/mstsc.exe
.exe windows:5 windows x86 arch:x86

25eca8b18ca9be457cf5115590166568

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
GetUserNameA

kernel32

FlushFileBuffers
ExitProcess
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
InterlockedExchange
RtlUnwind
IsBadWritePtr
HeapReAlloc
InitializeCriticalSection
GetCPInfo
GetOEMCP
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
Sleep
LCMapStringW
LCMapStringA
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
lstrcpynA
GetVersionExW
GetModuleFileNameA
GetStdHandle
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
ReadFile
WriteFile
WideCharToMultiByte
SetLastError
GetACP
CreateThread
SetEvent
LocalAlloc
lstrlenA
LoadResource
LockResource
LocalFree
CloseHandle
GetLastError
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetStartupInfoA
DebugBreak
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetProcAddress
GetVersionExA
GetModuleHandleA
GetModuleHandleW
DeviceIoControl
lstrlenW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
WaitForSingleObject
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindResourceA
FindResourceW
FormatMessageA
FormatMessageW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
LoadLibraryW

gdi32

CreateFontIndirectA
CreateFontIndirectW
GetObjectA
GetObjectW
GetDIBColorTable
UpdateColors
StretchBlt
CreatePalette
CreateCompatibleBitmap
CreateSolidBrush
SetTextColor
SetBkMode
SetMapMode
SelectPalette
RealizePalette
TranslateCharsetInfo
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
SetRectRgn
GetDCOrgEx
GetClipBox
CombineRgn
EqualRgn
GetStockObject

user32

IsDlgButtonChecked
BeginPaint
DrawIcon
EndPaint
EndDialog
MapWindowPoints
GetDesktopWindow
GetDC
ReleaseDC
GetDlgItem
SetRect
InvalidateRect
UpdateWindow
LockWindowUpdate
SetFocus
SetWindowPlacement
SetWindowPos
GetClientRect
MoveWindow
EqualRect
CopyRect
EnableWindow
IsWindowVisible
EnableMenuItem
ShowWindow
SetForegroundWindow
AdjustWindowRect
IsZoomed
SetCursor
GetSystemMenu
CreateMenu
IsWindow
PostQuitMessage
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetDlgItemTextA
GetDlgItemTextW
GetMessageA
GetMessageW
MessageBoxA
MessageBoxW
GetWindowLongA
GetWindowLongW
InsertMenuA
InsertMenuW
IsDialogMessageA
CheckDlgButton
LoadAcceleratorsA
LoadAcceleratorsW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadStringW
ModifyMenuA
ModifyMenuW
PostMessageA
PostMessageW
SendMessageTimeoutA
SendMessageA
SendMessageW
SetDlgItemTextA
SetDlgItemTextW
SetWindowLongA
SetWindowLongW
SetWindowTextA
SetWindowTextW
TranslateAcceleratorA
TranslateAcceleratorW
RegisterClassExA
RegisterClassExW
SendDlgItemMessageW
DestroyIcon
SetTimer
KillTimer
DestroyWindow
GetSystemMetrics
GetWindowRect
FillRect
GetWindow
MapDialogRect
GetWindowDC
TranslateMessage
IsDialogMessageW

shell32

ShellExecuteW
ExtractIconA
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ExtractIconW
ShellExecuteA

ole32

CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

SysFreeString

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_GetImageCount
ImageList_ReplaceIcon

wsock32

inet_addr
gethostbyaddr
gethostbyname

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameW

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/mstscax.dll
.dll regsvr32 windows:5 windows x86 arch:x86

ae2dc42a8a16adb699e614525e0040d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalMemoryStatus
GetLocalTime
lstrcatA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
HeapSize
InterlockedExchange
RtlUnwind
IsBadWritePtr
WriteFile
VirtualFree
HeapCreate
GetSystemDefaultLangID
SetEvent
DuplicateHandle
LockResource
GetVersion
LoadLibraryW
GetModuleHandleW
FreeResource
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
IsBadReadPtr
SetFilePointer
ReadFile
GlobalFree
GlobalHandle
MulDiv
Beep
GetEnvironmentStringsW
lstrcmpA
GetSystemTime
GetExitCodeThread
WaitForMultipleObjects
ReleaseSemaphore
GlobalSize
ResetEvent
CreateDirectoryA
DeleteFileA
GetTempFileNameA
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathA
QueryDosDeviceW
FindNextChangeNotification
FindCloseChangeNotification
GetFileInformationByHandle
SetFileTime
SetEndOfFile
LockFileEx
LockFile
UnlockFile
FreeLibraryAndExitThread
ResumeThread
CreateThread
GetComputerNameA
DebugBreak
WaitForMultipleObjectsEx
EscapeCommFunction
SetCommState
GetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
SetupComm
SetCommMask
PurgeComm
GetCommTimeouts
GetCommMask
GetCommModemStatus
ClearCommError
GetCommProperties
GetCommConfig
SetErrorMode
DeviceIoControl
GetOverlappedResult
FlushFileBuffers
FindClose
CompareFileTime
SystemTimeToFileTime
GetSystemDefaultLCID
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
FindResourceA
FindResourceW
lstrcmpiA
lstrcmpiW
FormatMessageA
FormatMessageW
GetFileAttributesA
GetSystemDirectoryA
GetSystemDirectoryW
SetFileAttributesA
SetFileAttributesW
FindNextFileA
FindNextFileW
GetFullPathNameA
GetFullPathNameW
GetProfileStringA
GetProfileStringW
LoadLibraryExA
LoadLibraryExW
MoveFileA
MoveFileW
OutputDebugStringW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexA
CreateMutexW
CreateSemaphoreA
CreateSemaphoreW
lstrcpyA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
GetVolumeInformationA
GetVolumeInformationW
GetComputerNameW
GetVersionExW
GetDefaultCommConfigA
GetDefaultCommConfigW
lstrcpynA
ExitThread
IsBadCodePtr
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
Sleep
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
ExitProcess
HeapReAlloc
GetModuleHandleA
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetLastError
GetTickCount
QueryPerformanceCounter
RaiseException
SetLastError
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
LoadResource
SizeofResource
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
HeapDestroy
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
CloseHandle
EnterCriticalSection
LeaveCriticalSection
LocalFree
lstrlenA
LocalAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
lstrlenW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyA
GetSecurityDescriptorLength
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
GetUserNameA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
SetFileSecurityW
SetFileSecurityA
GetFileSecurityW
GetFileSecurityA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA

user32

CreateIconIndirect
MsgWaitForMultipleObjects
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumClipboardFormats
CountClipboardFormats
SetClipboardViewer
ChangeClipboardChain
GetClipboardData
CallWindowProcA
CallWindowProcW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetClassInfoA
GetClassInfoW
GetClipboardFormatNameA
GetClipboardFormatNameW
GetMessageA
GetMessageW
MessageBoxA
MessageBoxW
GetWindowLongA
GetWindowLongW
GetWindowTextA
GetWindowTextW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
SetCapture
SendMessageTimeoutA
UnhookWindowsHookEx
SendMessageW
SetDlgItemTextA
SetDlgItemTextW
SetWindowLongA
SetWindowLongW
SetWindowsHookExA
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
UnregisterClassA
UnregisterClassW
wvsprintfA
wvsprintfW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
MapVirtualKeyA
MapVirtualKeyW
SendDlgItemMessageW
GetKeyboardType
IsWindowVisible
GetSysColor
GetCursorPos
SetScrollPos
LockWindowUpdate
ShowScrollBar
SetScrollInfo
AdjustWindowRect
SystemParametersInfoA
IsIconic
DestroyIcon
MapWindowPoints
DefDlgProcW
GetWindowPlacement
GetSystemMetrics
GetDesktopWindow
GetWindowRect
EnableWindow
SetParent
GetSystemMenu
EnableMenuItem
SetWindowPlacement
CloseWindow
FlashWindow
MessageBeep
GetForegroundWindow
GetAsyncKeyState
CallNextHookEx
GetWindowThreadProcessId
AttachThreadInput
CreateCursor
DestroyCursor
GetWindowDC
CopyRect
LoadStringA
SetRect
GetKeyboardLayout
DestroyWindow
TranslateMessage
SetFocus
GetClientRect
UpdateWindow
InvalidateRect
IsWindow
MoveWindow
ShowWindow
IsChild
GetFocus
DestroyAcceleratorTable
GetMessageExtraInfo
SendMessageA
ReleaseCapture
BringWindowToTop
InflateRect
GetSysColorBrush
FillRect
GetKeyboardState
ScreenToClient
ClientToScreen
SetCursorPos
keybd_event
SetCursor
RegisterClipboardFormatW
ActivateKeyboardLayout
GetParent
GetDlgItem
BeginPaint
EndPaint
GetKeyState
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
GetDC
ReleaseDC
SetTimer
KillTimer
EndDialog
wsprintfA

gdi32

LineTo
CreateCompatibleBitmap
CreateCompatibleDC
StretchDIBits
PatBlt
CreateSolidBrush
SetTextColor
SetBkMode
SetBkColor
CreatePolygonRgn
GetRgnBox
CombineRgn
StretchBlt
RealizePalette
SelectPalette
GetMapMode
SetRectRgn
DPtoLP
CreateBrushIndirect
MoveToEx
GetCurrentObject
SetDIBitsToDevice
CreatePalette
SetDIBColorTable
CreateDIBPatternBrushPt
CreatePatternBrush
SetBitmapBits
SetTextAlign
GetTextAlign
SetROP2
CreateDIBSection
CreateDIBitmap
GetBitmapBits
GdiFlush
GetPaletteEntries
DeleteObject
Polyline
Polygon
SetPolyFillMode
GetNearestPaletteIndex
CreatePen
UpdateColors
BitBlt
SetBrushOrgEx
SetStretchBltMode
SelectClipRgn
CreateBitmap
CreateRectRgn
CreateDCW
CreateDCA
GetTextExtentPointW
GetTextExtentPointA
CreateMetaFileW
CreateMetaFileA
SelectObject
GetStockObject
Rectangle
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
GetObjectW
GetObjectA
CreateFontIndirectW
CreateFontIndirectA
GetDIBits
SetMetaFileBitsEx
PlayMetaFile
GetMetaFileBitsEx
GetDIBColorTable
GetNearestColor
Ellipse

winspool.drv

GetPrinterW
EndDocPrinter
EnumPrintersW
EnumPrintersA
GetPrinterDriverW
GetPrinterDriverA
GetPrinterDataW
GetPrinterDataA
StartDocPrinterW
StartDocPrinterA
OpenPrinterW
OpenPrinterA
SetPrinterW
GetPrinterA
StartPagePrinter
WritePrinter
GetJobW
SetJobW
GetJobA
SetJobA
EndPagePrinter
ClosePrinter

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream
CoGetMalloc
OleSetClipboard
OleIsCurrentClipboard
OleUninitialize
OleInitialize
OleRegEnumVerbs

oleaut32

SysAllocString
OleCreatePropertyFrame
VariantChangeType
VarUI4FromStr
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString

crypt32

CryptDecodeObject
CertFindExtension
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateContext
CertCompareCertificate

winmm

waveOutSetVolume
waveOutGetVolume
waveOutOpen
waveOutClose
waveOutReset
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutGetPitch

wsock32

recvfrom
bind
WSAStartup
send
closesocket
socket
htons
connect
WSAAsyncSelect
WSACleanup
setsockopt
gethostbyname
gethostname
WSACancelAsyncRequest
WSAAsyncGetHostByName
ioctlsocket
shutdown
getsockname
inet_addr
recv
WSAGetLastError
sendto

shell32

ExtractIconW
ExtractIconA
SHFileOperationA
ord100

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 551KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Control/users.dat
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/01.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/02.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/03.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/04.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/05.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/06.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/07.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/08.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/09.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/10.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/11.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/12.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/13.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/14.ICO
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/15.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/16.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/17.ICO
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/18.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/19.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/20.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/21.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/22.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/23.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/24.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/25.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/26.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/27.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/28.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/29.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/30.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/31.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/32.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/33.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/34.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/35.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/36.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/37.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/38.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/39.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/40.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/ICO图标/41.ico
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Plugins/Consys02.dll
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Plugins/控件版本编辑.exe
.exe windows:4 windows x86 arch:x86

5de07468bd81b8f14174fe0f1fb2ad37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord800
ord2514
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5199
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord1168
ord860
ord540
ord324
ord2370
ord4234
ord4710
ord2379
ord755
ord470
ord823
ord665
ord1979
ord6385
ord5773
ord5186
ord354
ord535
ord4224
ord5953
ord3097
ord858
ord4129
ord5710
ord5683
ord2820
ord3811
ord537
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5280
ord4673
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbscmp
sprintf
__CxxFrameHandler
_setmbcp
_initterm

kernel32

CloseHandle
SetFilePointer
CreateFileA
WriteFile
lstrlenA
GetModuleHandleA
GetStartupInfoA
ReadFile

user32

EnableWindow
GetSystemMetrics
SendMessageA
LoadIconA
GetClientRect
DrawIcon
IsIconic

comdlg32

GetOpenFileNameA

shell32

DragQueryFileA
DragFinish

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
大灰狼远程协助管理hack44.cn/Bin_huc123.com/SkinH.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
大灰狼远程协助管理hack44.cn/Bin_huc123.com/Update/DHL2012.dat
.exe windows:4 windows x86 arch:x86

a955a4b7e02c1c86a5d6102154d11a1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
calloc
free
_exit
_XcptFilter
exit
_acmdln
__getmainargs
memcmp
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??2@YAPAXI@Z
memset
__CxxFrameHandler
_ftol
memmove
_initterm
??3@YAXPAX@Z

kernel32

GetModuleHandleA
lstrcmpiA
Sleep
LoadLibraryA
GetProcAddress
GetStartupInfoA

ws2_32

select
gethostname
recv

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
大灰狼远程协助管理hack44.cn/Bin_huc123.com/大灰狼远程管理.exe
.exe windows:5 windows x86 arch:x86

8e13889b276c5157208e93af460879d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA

kernel32

CreateThread

user32

BeginPaint

gdi32

BitBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

ShellExecuteA

comctl32

ImageList_LoadImageA

oledlg

ord1

ole32

CoRegisterMessageFilter

olepro32

ord253

oleaut32

SafeArrayGetLBound

urlmon

URLDownloadToFileA

ws2_32

closesocket

pdh

PdhCollectQueryData

avifil32

AVIStreamWrite

msvfw32

DrawDibOpen

skinh

SkinH_Detach

wininet

InternetReadFile

winmm

waveOutUnprepareHeader

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 2.3MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

5a5a55551436be725d131033f85b3674

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

comctl32

ole32

wsock32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 23KB

25eca8b18ca9be457cf5115590166568

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

shell32

ole32

oleaut32

comctl32

wsock32

comdlg32

Sections

.text Size: 160KB - Virtual size: 159KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 224KB - Virtual size: 224KB

ae2dc42a8a16adb699e614525e0040d8

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

winspool.drv

ole32

oleaut32

crypt32

winmm

wsock32

shell32

Exports

Exports

Sections

.text Size: 551KB - Virtual size: 550KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 146KB - Virtual size: 145KB

.reloc Size: 27KB - Virtual size: 26KB

5de07468bd81b8f14174fe0f1fb2ad37

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

comdlg32

shell32

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 668B

.rsrc Size: 100KB - Virtual size: 98KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 23KB

.text
Size: 160KB - Virtual size: 159KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 224KB - Virtual size: 224KB

.text
Size: 551KB - Virtual size: 550KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 146KB - Virtual size: 145KB

.reloc
Size: 27KB - Virtual size: 26KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 668B

.rsrc
Size: 100KB - Virtual size: 98KB

UPX0
Size: - Virtual size: 148KB

UPX1
Size: 81KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 8KB

.text
Size: 2.3MB - Virtual size: 6.4MB

��
Size: 2.2MB - Virtual size: 2.2MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

��
Size: 4KB - Virtual size: 4KB