78a170902d857b59244408ba15092d22

Sharing

Copy URL Twitter E-mail

General

Target

78a170902d857b59244408ba15092d22
Size

1.6MB
MD5

78a170902d857b59244408ba15092d22
SHA1

54b62becf9e36d6f2fb5be88383dfe54e0d816f5
SHA256

8e4e45dbd4445f68b49897eb40c62ad220f9a29b742c3f3885df083843bb4ed3
SHA512

e852d29c306e91e181db5f8336ce8dc0395f22dd9d33636543e23d723c69ec09cba8f49a190a2e5df42797dd9a8b161e08cb93bb8c8a262420a1a0a19f483e24
SSDEEP

49152:mPPJR8KDURrvar89YATV4BI8+jqdKPvHp:m4KgpC89HWunjq8J

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wuyingzong10/fzsujuku.dll
unpack001/wuyingzong10/fzwuzong.exe

Files

78a170902d857b59244408ba15092d22
.rar
wuyingzong10/Help.chm
.chm
wuyingzong10/fzsujuku.dll
.dll windows:4 windows x86 arch:x86

4635d8c2a3c724b2e077d2832c414b86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\psystem\DELPHI例子或控件\ZEOSDBO-6.6.2-rc\vc2005SQLite3.5.3_xxtea\SQLite3.5.3_xxtea\Release\fzsujuku.pdb

Imports

kernel32

InterlockedIncrement
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
UnlockFile
LockFile
GetTickCount
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
WideCharToMultiByte
LoadLibraryW
GetVersionExW
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
LoadLibraryA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
HeapFree
HeapAlloc
HeapReAlloc
GetModuleHandleA
ExitProcess
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapSize

Exports

Exports

fzlite_aggregate_context
fzlite_aggregate_count
fzlite_auto_extension
fzlite_bind_blob
fzlite_bind_double
fzlite_bind_int
fzlite_bind_int64
fzlite_bind_null
fzlite_bind_parameter_count
fzlite_bind_parameter_index
fzlite_bind_parameter_name
fzlite_bind_text
fzlite_bind_text16
fzlite_bind_value
fzlite_bind_zeroblob
fzlite_busy_handler
fzlite_busy_timeout
fzlite_changes
fzlite_clear_bindings
fzlite_close
fzlite_collation_needed
fzlite_collation_needed16
fzlite_column_blob
fzlite_column_bytes
fzlite_column_bytes16
fzlite_column_count
fzlite_column_database_name
fzlite_column_database_name16
fzlite_column_decltype
fzlite_column_decltype16
fzlite_column_double
fzlite_column_int
fzlite_column_int64
fzlite_column_name
fzlite_column_name16
fzlite_column_origin_name
fzlite_column_origin_name16
fzlite_column_table_name
fzlite_column_table_name16
fzlite_column_text
fzlite_column_text16
fzlite_column_type
fzlite_column_value
fzlite_commit_hook
fzlite_complete
fzlite_complete16
fzlite_create_collation
fzlite_create_collation16
fzlite_create_function
fzlite_create_function16
fzlite_create_module
fzlite_data_count
fzlite_db_handle
fzlite_declare_vtab
fzlite_enable_load_extension
fzlite_enable_shared_cache
fzlite_errcode
fzlite_errmsg
fzlite_errmsg16
fzlite_exec
fzlite_expired
fzlite_extended_result_codes
fzlite_finalize
fzlite_free
fzlite_free_table
fzlite_get_autocommit
fzlite_get_auxdata
fzlite_get_table
fzlite_global_recover
fzlite_interrupt
fzlite_key
fzlite_last_insert_rowid
fzlite_libversion
fzlite_libversion_number
fzlite_load_extension
fzlite_malloc
fzlite_mprintf
fzlite_open
fzlite_open16
fzlite_open_v2
fzlite_overload_function
fzlite_prepare
fzlite_prepare16
fzlite_prepare16_v2
fzlite_prepare_v2
fzlite_profile
fzlite_progress_handler
fzlite_realloc
fzlite_rekey
fzlite_release_memory
fzlite_reset
fzlite_reset_auto_extension
fzlite_result_blob
fzlite_result_double
fzlite_result_error
fzlite_result_error16
fzlite_result_int
fzlite_result_int64
fzlite_result_null
fzlite_result_text
fzlite_result_text16
fzlite_result_text16be
fzlite_result_text16le
fzlite_result_value
fzlite_rollback_hook
fzlite_set_authorizer
fzlite_set_auxdata
fzlite_sleep
fzlite_snprintf
fzlite_soft_heap_limit
fzlite_step
fzlite_table_column_metadata
fzlite_thread_cleanup
fzlite_threadsafe
fzlite_total_changes
fzlite_trace
fzlite_transfer_bindings
fzlite_update_hook
fzlite_user_data
fzlite_value_blob
fzlite_value_bytes
fzlite_value_bytes16
fzlite_value_double
fzlite_value_int
fzlite_value_int64
fzlite_value_numeric_type
fzlite_value_text
fzlite_value_text16
fzlite_value_text16be
fzlite_value_text16le
fzlite_value_type
fzlite_vmprintf

Sections

.text
Size: 356KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wuyingzong10/fzwuzong.exe
.exe .vbs windows:1 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 961KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wuyingzong10/sknd/E_黄色.skn
wuyingzong10/sknd/兰_xpskin.skn
wuyingzong10/sknd/兰kin.skn
wuyingzong10/sknd/兰skin.skn
wuyingzong10/sknd/天兰SKIN.skn
wuyingzong10/sknd/恢_1SKIN.skn
wuyingzong10/sknd/恢_SKIN.skn
wuyingzong10/sknd/暗黑SKIN.skn
wuyingzong10/sknd/紫_SKIN.skn
wuyingzong10/sknd/黑绿SKIN.skn
wuyingzong10/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

4635d8c2a3c724b2e077d2832c414b86

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 356KB - Virtual size: 352KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 16KB - Virtual size: 12KB

Headers

File Characteristics

Sections

CODE Size: 961KB - Virtual size: 2.8MB

DATA Size: 10KB - Virtual size: 32KB

BSS Size: - Virtual size: 16KB

.idata Size: 4KB - Virtual size: 16KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 172KB

.rsrc Size: 79KB - Virtual size: 400KB

.aspack Size: 163KB - Virtual size: 164KB

.data Size: - Virtual size: 4KB

.text
Size: 356KB - Virtual size: 352KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 16KB - Virtual size: 12KB

CODE
Size: 961KB - Virtual size: 2.8MB

DATA
Size: 10KB - Virtual size: 32KB

BSS
Size: - Virtual size: 16KB

.idata
Size: 4KB - Virtual size: 16KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 172KB

.rsrc
Size: 79KB - Virtual size: 400KB

.aspack
Size: 163KB - Virtual size: 164KB

.data
Size: - Virtual size: 4KB