76978c74055733ffcd535a17dd4c269d

Sharing

Copy URL Twitter E-mail

General

Target

76978c74055733ffcd535a17dd4c269d
Size

8.1MB
MD5

76978c74055733ffcd535a17dd4c269d
SHA1

5656d4e18a622a6c1b22f1974a8a985314513bb5
SHA256

1a5ef099f121e447a22acad18d24462d02589d9e76960b0c6b67fbd58df9eb98
SHA512

6a346213551d16cebbbbb6ff9b13addfaf17d3d22acf05d49d1e9594b433460e6c7d9c02e94186639f8db9043172a4440805ab6611ea23f2a4bc303fe69f223f
SSDEEP

196608:ihA9CllGCBvVFZdMXxm/+eF0aOsNjxSITe4d+nhem:ill0HBm2ej5xSCeo+h/

Score

7^/10

upx aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/$TEMP/CPlug.exe	aspack_v212_v242

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/PYJJ_Plus_4018.exe	upx
static1/unpack002/Tools/imetool.exe	upx

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PYJJ_Plus_4018.exe
unpack002/$PLUGINSDIR/AdvSplash.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$SYSDIR/$0
unpack002/$TEMP/CPlug.exe
unpack002/Tools/imetool.exe
unpack003/out.upx
unpack002/Tools/indicdll.dll
unpack002/Tools/internat.exe
unpack002/out.upx
unpack002/py/lib/$0

Files

76978c74055733ffcd535a17dd4c269d
.rar
PYJJ_Plus_4018.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/AdvSplash.dll
.dll windows:4 windows x86 arch:x86

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetVersion
lstrcpyA
lstrcatA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree

user32

LoadCursorA
RegisterClassA
SetWindowPos
SetWindowLongA
SystemParametersInfoA
EndPaint
GetClientRect
BeginPaint
DefWindowProcA
DestroyWindow
LoadImageA
CreateWindowExA
IsWindow
GetMessageA
DispatchMessageA
UnregisterClassA
wsprintfA
PostMessageA
SetWindowRgn
EnumDisplaySettingsA

gdi32

CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt
DeleteObject

winmm

timeSetEvent
PlaySoundA
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CNNIC.ini
$PLUGINSDIR/Contset.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/splash.bmp
$PLUGINSDIR/splash.wav
$SYSDIR/$0
.dll windows:4 windows x86 arch:x86

8190aaa05a848b49f8c39a3521426aed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetCompositionFontW
ImmAssociateContext
ImmLockIMC
ImmCreateIMCC
ImmGetIMCCSize
ImmReSizeIMCC
ImmGenerateMessage
ImmLockIMCC
ImmUnlockIMCC
ImmUnlockIMC

kernel32

WideCharToMultiByte
GlobalFree
GlobalHandle
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
CompareStringW
lstrcpynW
lstrcmpiW
GetModuleFileNameW
WinExec
CreateFileW
GetSystemDirectoryW
Sleep
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetPrivateProfileStringW
FindNextFileW
lstrcpyA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
CopyFileW
GetModuleHandleA
GetOEMCP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
SetUnhandledExceptionFilter
HeapCreate
GetCommandLineA
GetFileType
SetStdHandle
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrlenA
MulDiv
MultiByteToWideChar
SetLastError
DuplicateHandle
GetFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
FlushFileBuffers
UnlockFile
LockFile
WriteFile
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
GetCurrentThreadId
CloseHandle
GetTickCount
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
GlobalAlloc
GetVersionExW
lstrlenW
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetFileAttributesW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
ReadFile
GetFileSize
GetLastError
TlsGetValue

user32

GetFocus
DrawFocusRect
FillRect
CallWindowProcW
GetDlgCtrlID
IsWindowEnabled
GetDC
CharNextW
DrawTextW
CharUpperW
DialogBoxIndirectParamW
SetRectEmpty
GetClassInfoExW
RegisterClassExW
MessageBoxW
GetSysColor
ReleaseDC
GetWindowDC
DialogBoxParamW
MoveWindow
EndPaint
BeginPaint
MessageBeep
SetFocus
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemInt
EnableWindow
FindWindowExW
MapDialogRect
EndDialog
GetParent
InvalidateRgn
RedrawWindow
IsChild
GetDesktopWindow
DestroyAcceleratorTable
CreateAcceleratorTableW
GetActiveWindow
FindWindowW
keybd_event
CallNextHookEx
SetWindowsHookExW
TrackPopupMenuEx
RegisterClassW
LoadIconW
LoadImageW
RegisterWindowMessageW
GetClientRect
MapWindowPoints
SetWindowContextHelpId
GetDlgItem
GetWindow
LoadCursorW
SetCursor
UpdateWindow
TrackMouseEvent
GetWindowTextLengthW
GetSubMenu
ReleaseCapture
CreateWindowExW
GetCapture
SetCapture
GetCursorPos
ScreenToClient
GetMenuStringW
DestroyMenu
RemoveMenu
InsertMenuW
EnableMenuItem
CheckMenuItem
LoadMenuW
GetWindowRect
SetWindowRgn
GetCaretPos
ClientToScreen
LoadBitmapW
CopyRect
PtInRect
ShowWindow
SetWindowPos
GetKeyState
PostMessageW
UnregisterClassW
SetTimer
KillTimer
IsWindowVisible
InvalidateRect
SetWindowLongW
DefWindowProcW
DestroyWindow
SendMessageW
UnhookWindowsHookEx
GetAncestor
GetWindowLongW
GetWindowTextW
SetWindowTextW
IsWindow
SystemParametersInfoW
MonitorFromPoint
GetMonitorInfoW
GetClassNameW
OffsetRect
UnregisterClassA

gdi32

SelectObject
DeleteObject
CreateFontW
CreateDCW
CreateRoundRectRgn
MaskBlt
ExtTextOutW
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32W
CreateCompatibleBitmap
SetBkMode
SetTextColor
TextOutW
FillRgn
FrameRgn
ExtSelectClipRgn
PatBlt
CreateSolidBrush
GetMapMode
SetMapMode
GetViewportExtEx
GetWindowExtEx
GetDeviceCaps
RectVisible
GetObjectW
CreateFontIndirectW
GetStockObject
DeleteDC
BitBlt
SetBkColor

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
ChooseColorW
GetFileTitleW

advapi32

RegSetValueExW
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
RegCloseKey

shell32

ShellExecuteW

ole32

OleLockRunning
StringFromGUID2
CoGetClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

LoadTypeLi
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
VariantClear
VariantInit
OleLoadPicture

shlwapi

PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW

comctl32

_TrackMouseEvent
CreatePropertySheetPageW
ord17
PropertySheetW
DestroyPropertySheetPage

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CPlug.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 360KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Skins/Plusǳ.jsn
Skins/SirSɫƤ.jsn
Skins/fjayɫĬ.jsn
Skins/xcyfq01.jsn
Skins/xcyfq02.jsn
Skins/ʥ.jsn
Skins/ͳ Windows.jsn
Skins/.jsn
Skins/ӥɫˮ.jsn
Skins/.jsn
Skins/ͨ.jsn
Skins/̲.jsn
Skins/.jsn
Tools/imetool.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/indicdll.dll
.dll windows:5 windows x86 arch:x86

e849a4fb4c69e579ec1b546f9edc4a93

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
GetACP
HeapAlloc
HeapCreate
lstrlenW
GetCurrentProcessId
CreateFileMappingW
GetCurrentThreadId
lstrcmpW
UnmapViewOfFile
GetLastError
MapViewOfFile
GlobalFree
GlobalAlloc
CloseHandle

user32

IsWindow
GetFocus
GetWindowThreadProcessId
CallNextHookEx
PostMessageW
CreatePopupMenu
InsertMenuItemW
SendMessageW
GetKeyboardLayout
SetWindowsHookExW
UnhookWindowsHookEx
GetMessagePos
GetWindowRect
PtInRect
GetParent
GetClassNameW
GetDesktopWindow

gdi32

DeleteObject

imm32

ImmReleaseContext
ImmGetConversionStatus
ImmGetOpenStatus
ImmGetDefaultIMEWnd
ImmGetImeMenuItemsW
ImmGetContext

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/internat.exe
.exe windows:5 windows x86 arch:x86

6ec4b9854181010bb09f30f0c6b36520

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrlenW
GlobalReAlloc
GlobalLock
lstrcatW
GlobalUnlock
FreeLibrary
lstrcpyW
AddAtomW
IsValidLocale
GlobalFree
DeleteAtom
LoadLibraryW
lstrcmpW
GetProcAddress
LocalAlloc
lstrcpynW
GetLocaleInfoW
GlobalGetAtomNameW
LocalFree
WinExec
GetModuleHandleW
GetStartupInfoW
GetAtomNameW
ExitProcess
GlobalAlloc
lstrcmpiW

user32

RemovePropW
SetPropW
AllowSetForegroundWindow
GetWindow
DestroyMenu
GetPropW
GetDesktopWindow
MapWindowPoints
TrackPopupMenuEx
GetLastActivePopup
GetParent
GetWindowLongW
LoadBitmapW
GetSysColor
DrawTextW
CreateIconIndirect
GetKeyboardLayout
GetKeyboardLayoutList
DestroyIcon
GetWindowThreadProcessId
AttachThreadInput
MessageBeep
GetDC
ReleaseDC
EnumChildWindows
DrawFocusRect
GetSystemMetrics
GetWindowDC
SystemParametersInfoW
wsprintfW
UnloadKeyboardLayout
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
ShowWindow
LoadStringW
FindWindowW
MessageBoxW
LoadIconW
LoadCursorW
RegisterClassExW
PostMessageW
LoadStringA
WinHelpW
GetProcessDefaultLayout
CreatePopupMenu
InsertMenuW
CheckMenuItem
DestroyWindow
KillTimer
SetTimer
GetMessagePos
InSendMessageEx
GetClassNameW
DefWindowProcW
SetForegroundWindow
IsWindow
SendMessageW
SetActiveWindow
PostQuitMessage
RegisterWindowMessageW
GetClientRect

gdi32

TranslateCharsetInfo
DeleteDC
DeleteObject
GetTextCharsetInfo
GetStockObject
ExtTextOutW
PatBlt
SetBkColor
SelectObject
SetTextColor
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
GetTextExtentPointW
BitBlt
CreateFontIndirectW
GetObjectW

comctl32

ord329
ImageList_Create
ImageList_Destroy
ord328
ImageList_ReplaceIcon
ord334
ImageList_GetIconSize
ImageList_GetIcon
ord332
ImageList_Draw
ImageList_Remove

imm32

ImmAssociateContext
ImmGetDefaultIMEWnd
ImmGetIMEFileNameW
ImmGetDescriptionW
ImmGetProperty

setupapi

SetupOpenInfFileW
SetupOpenAppendInfFileW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetStringFieldW

advapi32

RegFlushKey
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegDeleteValueW

shell32

SHAppBarMessage
ExtractIconExW
Shell_NotifyIconW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/readme.txt
about.htm
.html
bd/abc.txt
bd/jiajia.txt
bd/weiruanpy.txt
bd/ziguanpy.txt
bd0.txt
bd1.txt
bd2.txt
bd3.txt
bd4.txt
bd5.txt
bd6.txt
bd7.txt
bihua.bin
clc.bin
cs.bin
dz.bin
fh0.txt
fh1.txt
fh2.txt
fh3.txt
fh4.txt
fh5.txt
fh6.txt
fh7.txt
fzm.bin
jj_biaod.htm
.html
license.rtf
.rtf
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pinyin.bin
py/lib/$0
.exe windows:4 windows x86 arch:x86

7b77a9431cd2e1a48da23f16c7f84614

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmInstallIMEW

sensapi

IsNetworkAlive

kernel32

SetFilePointer
GetFileTime
GetFileSize
GetFileAttributesW
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateFileW
MoveFileW
DeleteFileW
DuplicateHandle
GetCurrentProcess
SetEndOfFile
ReadFile
WriteFile
LockFile
UnlockFile
FlushFileBuffers
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryW
CopyFileW
LCMapStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
LocalFree
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateThread
lstrcpyW
lstrcpyA
GetVersionExW
GetSystemDirectoryW
GetDriveTypeW
GetTickCount
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
InterlockedExchange
Sleep
SetProcessWorkingSetSize
GetFileAttributesExW
FindNextFileW
GetProcAddress
GetModuleHandleW
GetCommandLineW
FlushInstructionCache
SetLastError
GetCurrentThreadId
LockResource
FindResourceExW
GetProcessHeap
FindClose
GetSystemDirectoryA
HeapReAlloc
HeapFree
HeapAlloc
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
RaiseException
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
GetSystemTimeAsFileTime
GetFileType
SetStdHandle
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapDestroy
VirtualAlloc
VirtualFree
GetTimeZoneInformation
IsProcessorFeaturePresent
InterlockedCompareExchange
GetVersionExA
GetConsoleCP
GetConsoleMode
HeapCreate
ExitProcess
GetModuleFileNameA
GetCPInfo
GetOEMCP
LCMapStringA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetEnvironmentStringsW
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
lstrcmpiW
GetModuleFileNameW
lstrlenW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
CloseHandle
WaitForSingleObject
GetStdHandle
GetStartupInfoA
LoadLibraryA
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
CompareStringW
CompareStringA
CreateFileA
RtlUnwind
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW

user32

SetWindowLongW
CallWindowProcW
GetWindowLongW
GetDlgItem
EndDialog
DialogBoxParamW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyWindow
DefWindowProcW
PeekMessageW
GetMessageW
RegisterWindowMessageW
FindWindowExW
UnloadKeyboardLayout
PostMessageW
GetActiveWindow
MessageBoxW
SendMessageW
FindWindowW
GetWindow
SystemParametersInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
KillTimer
PostQuitMessage
SetTimer
DestroyIcon
LoadIconW
CharNextW
CharUpperW
UnregisterClassA
DispatchMessageW
TranslateMessage

comdlg32

GetFileTitleW

advapi32

GetNamedSecurityInfoW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
GetUserNameW
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW

ws2_32

WSAResetEvent
WSARecv
WSAGetLastError
WSAGetOverlappedResult
htons
getservbyname
inet_addr
htonl
inet_ntoa
gethostbyname
getservbyport
ntohs
gethostbyaddr
WSASetLastError
WSASocketW
WSACreateEvent
WSASetEvent
WSAEventSelect
WSAConnect
WSAEnumNetworkEvents
WSASend
closesocket
WSACloseEvent
WSAStartup
WSACleanup

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
py/lib/ʿ.txt
py/lib/ʮ.txt
pyfu.bin
pytips.htm
.html
readme.htm
.html
skins/BlueWonder(Big Font).jsn
skins/BlueWonder(Classical).jsn
skins/BlueWonder(Small Font).jsn
skins/BlueWonder(΢ź).jsn
top0.txt
top1.txt
top2.txt
top3.txt
top4.txt
top5.txt
top6.txt
top7.txt
uh.txt
users/$0/_pytmp.bin
users/$0/bd0.txt
users/$0/fh0.txt
users/$0/jj.bin
users/$0/jj.ini
usrword.txt
ע.txt
新云软件.url
.url
注意事项.txt
自述文件.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 200KB

UPX1 Size: 18KB - Virtual size: 20KB

.rsrc Size: 27KB - Virtual size: 28KB

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 208B

.reloc Size: 512B - Virtual size: 412B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 472B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

Imports

kernel32

UPX0
Size: - Virtual size: 200KB

UPX1
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 27KB - Virtual size: 28KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 208B

.reloc
Size: 512B - Virtual size: 412B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 472B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 657B

.data
Size: 512B - Virtual size: 85B

.reloc
Size: 512B - Virtual size: 154B

.text
Size: 231KB - Virtual size: 231KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 17KB - Virtual size: 24KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 21KB - Virtual size: 20KB

.text
Size: 11KB - Virtual size: 20KB

.rdata
Size: 1KB - Virtual size: 4KB

.data
Size: 360KB - Virtual size: 1.3MB

.rsrc
Size: 512B - Virtual size: 4KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

UPX0
Size: - Virtual size: 96KB

UPX1
Size: 43KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 4KB

CODE
Size: 98KB - Virtual size: 98KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB