7803163fa4e00698e7f25d63c00314e0

Sharing

Copy URL Twitter E-mail

General

Target

7803163fa4e00698e7f25d63c00314e0
Size

1.3MB
MD5

7803163fa4e00698e7f25d63c00314e0
SHA1

3c0e6b11628843ba121d5f37af1828bc79a35bce
SHA256

e27cca903328161da2492e131d697d4fab4864354e473cdc475b081fbe3e9eff
SHA512

63d6aa9528d65b224bb1e3b96d3e10aca5b09c28f9f88669c588a33662b466fd440864f8110fe47f29dc3d1f767efccfc946f370df6741bb21f3884b7f0368fd
SSDEEP

24576:9R6jxk3s3I1/Z9rrdTYdU9DWUkzEj7OPxM3I9mgF/JYRa6Q:/mi3s4dZ9P9YdaklJM4EgF/wY

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/PJudger.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/StartUpManager.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IPSearcher.dll
unpack001/PJProtect.exe
unpack001/PJUpdater.exe
unpack001/PJudger.exe
unpack001/ProcFindInfo.exe
unpack001/ProcessProtect.dll
unpack001/StartUpManager.exe
unpack001/psapi.dll

Files

7803163fa4e00698e7f25d63c00314e0
.rar
IPSearcher.dll
.dll windows:4 windows x86 arch:x86

93b974b7813ab8e5b1fe659fe5089a92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsSetValue
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
SetLastError
TlsGetValue
TlsFree
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCommandLineA
GetVersion
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentThreadId
CloseHandle
TlsAlloc
GetLastError
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW

user32

MessageBoxA
wsprintfA

wsock32

ioctlsocket

Exports

Exports

_GetAddress

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PJClock.rmd
PJProtect.exe
.exe windows:4 windows x86 arch:x86

a699de233c8d4d23cfc0b8da026c0edf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord800
ord641
ord2514
ord5943
ord5683
ord2818
ord540
ord537
ord5265
ord4376
ord4853
ord4998
ord5300
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord3521
ord1146
ord1168
ord324
ord4234
ord6215
ord4224
ord6334
ord4710
ord2379
ord755
ord470
ord6453
ord2642
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord6052
ord4673
ord1576

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_setmbcp
_stricmp
_strdup
free
__CxxFrameHandler
_adjust_fdiv
printf

kernel32

OpenProcess
GetStartupInfoA
CloseHandle
CreateMutexA
GetModuleHandleA
GetCurrentProcess
GetModuleFileNameA
GetLastError

user32

PostQuitMessage
SendMessageA
GetSystemMetrics
GetClientRect
EnableWindow
IsWindowVisible
IsIconic
PostMessageA
RegisterHotKey
LoadIconA
DrawIcon

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

processprotect

ProcessProtect_Release
ProcessProtect_AddProcessId
ProcessProtect_Init

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PJUpdater.exe
.exe windows:4 windows x86 arch:x86

532ef250a014bac53a1fef024f863713

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord795
ord800
ord2514
ord5683
ord2818
ord540
ord537
ord5943
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3721
ord1146
ord2985
ord3522
ord1168
ord567
ord324
ord2370
ord2302
ord4234
ord6199
ord6334
ord4710
ord2379
ord755
ord470
ord2575
ord4396
ord3574
ord3573
ord3693
ord609
ord1641
ord3626
ord3663
ord2414
ord4275
ord4284
ord4133
ord5788
ord4297
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord640
ord5875
ord5789
ord2860
ord5787
ord2754
ord6194
ord6021
ord1640
ord323
ord5785
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord858
ord4673
ord1576

msvcrt

_setmbcp
_strdup
free
__CxxFrameHandler
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp
__set_app_type
__p__fmode

kernel32

GetLastError
CreateMutexA
lstrlenA
GetModuleHandleA
GetModuleFileNameA
GetStartupInfoA

user32

GrayStringA
DrawTextA
TabbedTextOutA
GetWindowTextA
InflateRect
DrawStateA
InvalidateRect
SetRect
FillRect
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA
MessageBoxA

gdi32

Escape
ExtTextOutA
TextOutA
CreateSolidBrush
CreatePen
SelectObject
BitBlt
GetTextExtentPoint32A
RoundRect
GetBkColor
DPtoLP
GetMapMode
LPtoDP
CreateCompatibleDC
CreateCompatibleBitmap
PtVisible
RectVisible

comctl32

_TrackMouseEvent

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PJudger.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 128KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PJudger.ini
ProcFindInfo.exe
.exe windows:4 windows x86 arch:x86

e280de6e261f71f423658997134c6d92

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord693
ord795
ord800
ord2514
ord5943
ord2582
ord4402
ord3370
ord3640
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3721
ord1146
ord1168
ord860
ord567
ord540
ord324
ord2370
ord2302
ord4234
ord4224
ord1205
ord2818
ord924
ord5289
ord4129
ord5683
ord5572
ord2919
ord3996
ord4710
ord2379
ord755
ord3079
ord1200
ord6199
ord3092
ord6334
ord2652
ord6907
ord1669
ord3301
ord2642
ord535
ord3998
ord823
ord2575
ord4396
ord3574
ord3573
ord3693
ord609
ord1641
ord3663
ord3626
ord2414
ord4275
ord4284
ord4133
ord5788
ord4297
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord640
ord5875
ord5789
ord2860
ord5787
ord2754
ord6194
ord1640
ord323
ord5785
ord3825
ord3831
ord3830
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord470
ord5714
ord858
ord4673
ord1576

msvcrt

__CxxFrameHandler
_mbscmp
__dllonexit
_setmbcp
_CxxThrowException
wcslen
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv

kernel32

GetModuleHandleA
FormatMessageA
lstrlenA
LocalAlloc
GetModuleFileNameA
InterlockedDecrement
LocalFree
CreateMutexA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoA

user32

SetRect
DrawStateA
InflateRect
GetWindowTextA
TabbedTextOutA
LoadIconA
DrawTextA
GrayStringA
SendMessageA
FillRect
EnableWindow
InvalidateRect
wsprintfA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon

gdi32

BitBlt
GetTextExtentPoint32A
RoundRect
GetBkColor
DPtoLP
LPtoDP
SelectObject
CreateCompatibleBitmap
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateCompatibleDC
CreateSolidBrush
CreatePen

comctl32

_TrackMouseEvent

ole32

OleRun
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
SysAllocString
VariantInit
VariantCopy
SysFreeString
GetErrorInfo

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProcessDB.mdb
ProcessProtect.dll
.dll windows:4 windows x86 arch:x86

b28859720d5d7eeef96bd9152a4707e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
OpenProcess
GetCurrentProcessId
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
ResetEvent
lstrcpyA
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
CreateEventA
CreateProcessA
GetStringTypeA
LCMapStringW
SetEvent
LeaveCriticalSection
WaitForMultipleObjects
CloseHandle
LCMapStringA
MultiByteToWideChar
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
TlsAlloc
TlsFree
SetLastError
TlsGetValue
UnhandledExceptionFilter
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeW

user32

WaitForInputIdle

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

psapi

GetModuleFileNameExA

Exports

Exports

ProcessProtect_AddProcessId
ProcessProtect_GetLastError
ProcessProtect_Init
ProcessProtect_Release
ProcessProtect_RemoveProecessId

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Projgtips.dll
StartUpManager.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 512KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 283KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
psapi.dll
.dll windows:5 windows x86 arch:x86

a5329a3aa51dc5375c9f671bd584f453

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
ReadProcessMemory
GetSystemInfo
SetProcessWorkingSetSize
GetProcessWorkingSetSize
lstrcpyA
lstrlenA
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
CreateFileA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
DisableThreadLibraryCalls
GetLastError
GetProcAddress
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
LoadLibraryA
InterlockedExchange
FreeLibrary
RaiseException

ntdll

NtSetInformationProcess
NtWriteFile
NtStartProfile
NtSetIntervalProfile
NtCreateProfile
NtAllocateVirtualMemory
RtlMultiByteToUnicodeN
RtlAdjustPrivilege
RtlUnicodeToOemN
DbgPrint
_snprintf
NtStopProfile
NtClose
atoi
_stricmp
wcschr
wcslen
RtlUnwind
NtQueryVirtualMemory
NtQuerySystemInformation
RtlNtStatusToDosError
NtQueryInformationProcess

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumPageFilesA
EnumPageFilesW
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetPerformanceInfo
GetProcessImageFileNameA
GetProcessImageFileNameW
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
showallfile.reg
wry.dll
安装说明.url
.url
进程执法官.CHM
.chm

Sharing

General

Malware Config

Signatures

Files

93b974b7813ab8e5b1fe659fe5089a92

Headers

File Characteristics

Imports

kernel32

user32

wsock32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

a699de233c8d4d23cfc0b8da026c0edf

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

processprotect

psapi

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 552B

.rsrc Size: 8KB - Virtual size: 4KB

532ef250a014bac53a1fef024f863713

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comctl32

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 424B

.rsrc Size: 36KB - Virtual size: 32KB

Headers

File Characteristics

Sections

.text Size: 128KB - Virtual size: 368KB

.rdata Size: 18KB - Virtual size: 76KB

.data Size: 14KB - Virtual size: 48KB

.rsrc Size: 60KB - Virtual size: 508KB

.aspack Size: 192KB - Virtual size: 192KB

.adata Size: - Virtual size: 4KB

e280de6e261f71f423658997134c6d92

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comctl32

ole32

oleaut32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 25KB

b28859720d5d7eeef96bd9152a4707e6

Headers

File Characteristics

Imports

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 552B

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 424B

.rsrc
Size: 36KB - Virtual size: 32KB

.text
Size: 128KB - Virtual size: 368KB

.rdata
Size: 18KB - Virtual size: 76KB

.data
Size: 14KB - Virtual size: 48KB

.rsrc
Size: 60KB - Virtual size: 508KB

.aspack
Size: 192KB - Virtual size: 192KB

.adata
Size: - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 25KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.tls
Size: 4KB - Virtual size: 12B

.reloc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 512KB

UPX1
Size: 283KB - Virtual size: 284KB

.rsrc
Size: 13KB - Virtual size: 16KB

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 1024B - Virtual size: 932B