7f8f07231e2bbe5cc48b0143d8ac9b4c

Sharing

Copy URL Twitter E-mail

General

Target

7f8f07231e2bbe5cc48b0143d8ac9b4c
Size

1.1MB
MD5

7f8f07231e2bbe5cc48b0143d8ac9b4c
SHA1

f9c9ffed787ca88f472fbbc2fc71150a4041a9ed
SHA256

11fb760aa8e3b7982a097511b06dce9f70f3a3a815a05296ecd22c5e588331d8
SHA512

d1f8e419faa8f215458f50a1f8bb1e65305bca1a21ad1cb6fc64f97d7c748e133188f0aee36b9ce626b66585184363bac468b31d61ecb0da4c22ce4f47c06f98
SSDEEP

24576:wWzz+DciYWzi3Aj3+vY/6h5JVISk+rOqmFZO93W7gVCBgs:wWvyciNDig/6hvKSJrQZO9mV3

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NCSetup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/nsWeb.dll
unpack002/$TEMP/fzhnc/1.exe
unpack002/$TEMP/fzhnc/QQBQ.exe
unpack002/NC.exe
unpack002/NCDLL.DLL
unpack002/NCDLLchs.DLL
unpack002/key.exe
unpack002/uninst.exe
unpack002/unrar.dll
unpack002/xcdsfx32.bin

Files

7f8f07231e2bbe5cc48b0143d8ac9b4c
.rar
NCSetup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

FOX!
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FOX!
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Lasefox
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsWeb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/xceedzip.dll
.dll regsvr32 windows:4 windows x86 arch:x86

19b65baa7ae6fd735a9a9018efe8a691

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

01
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

0a:0f:31
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

24/03/2003, 22:45

Not After

11/04/2004, 20:46

Subject

CN=Xceed Software Inc.,OU=Application and component development,O=Xceed Software Inc.,L=Longueuil,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
CreateThread
GetShortPathNameA
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
DisableThreadLibraryCalls
HeapDestroy
GetDiskFreeSpaceA
GetVolumeInformationA
GetWindowsDirectoryA
GetSystemInfo
GetVolumeInformationW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
CreateFileA
CreateFileW
SetLastError
CreateDirectoryA
CreateDirectoryW
GetFullPathNameA
GetFullPathNameW
GetTempPathA
GetTempPathW
GetModuleFileNameW
GetDriveTypeA
GetDriveTypeW
MoveFileA
MoveFileW
GetDiskFreeSpaceW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
DeleteFileA
DeleteFileW
RemoveDirectoryA
RemoveDirectoryW
SetVolumeLabelA
SetVolumeLabelW
lstrcatA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetStringTypeW
GetStringTypeA
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
TerminateProcess
ExitProcess
GetVersionExA
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
GetVersion
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileInformationByHandle
GetFileTime
SetFileTime
SetEndOfFile
lstrcmpiA
DeviceIoControl
DosDateTimeToFileTime
lstrcmpA
FileTimeToDosDateTime
SetFilePointer
GetFileSize
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
WideCharToMultiByte
GetLastError
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
lstrcpyA
lstrlenA
lstrcpynA
CloseHandle
FindClose
GetLocalTime
WriteFile
ReadFile
GetTickCount

user32

SetFocus
SetCursor
OemToCharA
CharToOemA
DispatchMessageA
TranslateMessage
PeekMessageA
ReleaseDC
GetDC
EndDialog
GetIconInfo
DefWindowProcA
LoadBitmapA
GetKeyState
PtInRect
UnionRect
RegisterClassExA
wsprintfA
LoadCursorA
GetClassInfoExA
FillRect
SendMessageA
GetParent
GetUserObjectInformationA
GetProcessWindowStation
MessageBoxA
MapWindowPoints
SystemParametersInfoA
GetWindowRect
GetWindow
ShowWindow
SetDlgItemTextA
GetWindowTextA
GetClassNameA
DrawFocusRect
DrawTextA
SendDlgItemMessageA
GetDlgItem
CharNextA
MsgWaitForMultipleObjects
wsprintfW
LoadImageA
LoadImageW
CharUpperA
CharUpperW
DestroyIcon
IsChild
GetFocus
DestroyWindow
IsWindow
SetWindowPos
SetWindowRgn
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
SetRectEmpty
GetActiveWindow
DialogBoxParamA
CreateWindowExA
CallWindowProcA
GetWindowLongA
SetWindowLongA
BeginPaint
GetClientRect
EndPaint
InvalidateRect
IntersectRect
EqualRect
OffsetRect
GetWindowTextLengthA

gdi32

CreateFontA
SetBkMode
SetTextColor
DeleteObject
GetDIBits
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetDeviceCaps
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileA
SetViewportOrgEx
SetMapMode
LPtoDP
CreateDCA
GetObjectA
CreateFontIndirectA

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
GetSecurityDescriptorLength
GetSecurityDescriptorControl
SetKernelObjectSecurity
GetKernelObjectSecurity
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemRealloc
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
OleSaveToStream
WriteClassStm
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
OleLoadFromStream

oleaut32

SafeArrayAccessData
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
VariantCopy
OleCreatePropertyFrame
SafeArrayAllocData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
SafeArrayAllocDescriptor
SafeArrayDestroyDescriptor
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantClear
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VariantTimeToSystemTime
SysFreeString
SysAllocString
SystemTimeToVariantTime

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
XcCalculateCrc
XcCompress
XcCreateXceedCompressionA
XcCreateXceedCompressionW
XcDestroyXceedCompression
XcGetCompressionLevel
XcGetCompressionMethod
XcGetEncryptionPasswordA
XcGetEncryptionPasswordW
XcGetErrorDescriptionA
XcGetErrorDescriptionW
XcSetCompressionLevel
XcSetCompressionMethod
XcSetEncryptionPasswordA
XcSetEncryptionPasswordW
XcUncompress
XceedZipInitDLL
XceedZipShutdownDLL
XzAddFilesToExcludeA
XzAddFilesToExcludeW
XzAddFilesToProcessA
XzAddFilesToProcessW
XzAlloc
XzConvertA
XzConvertW
XzCreateXceedZipA
XzCreateXceedZipW
XzDestroyXceedZip
XzFree
XzGetAbort
XzGetBackgroundProcessing
XzGetBasePathA
XzGetBasePathW
XzGetCompressionLevel
XzGetCompressionMethod
XzGetCurrentOperation
XzGetDeleteZippedFiles
XzGetEncryptionPasswordA
XzGetEncryptionPasswordW
XzGetErrorDescriptionA
XzGetErrorDescriptionW
XzGetEventsToTrigger
XzGetExcludedFileAttributes
XzGetExtraHeaders
XzGetFilesToExcludeA
XzGetFilesToExcludeW
XzGetFilesToProcessA
XzGetFilesToProcessW
XzGetFirstDiskFreeSpace
XzGetMaxDateToProcess
XzGetMaxSizeToProcess
XzGetMinDateToProcess
XzGetMinDiskFreeSpace
XzGetMinSizeToProcess
XzGetPreservePaths
XzGetProcessSubfolders
XzGetRequiredFileAttributes
XzGetSfxBinaryModuleA
XzGetSfxBinaryModuleW
XzGetSfxButtonsA
XzGetSfxButtonsW
XzGetSfxDefaultPasswordA
XzGetSfxDefaultPasswordW
XzGetSfxDefaultUnzipToFolderA
XzGetSfxDefaultUnzipToFolderW
XzGetSfxExecuteAfterA
XzGetSfxExecuteAfterW
XzGetSfxExistingFileBehavior
XzGetSfxExtensionsToAssociateA
XzGetSfxExtensionsToAssociateW
XzGetSfxFilesToCopyA
XzGetSfxFilesToCopyW
XzGetSfxFilesToRegisterA
XzGetSfxFilesToRegisterW
XzGetSfxIconFilenameA
XzGetSfxIconFilenameW
XzGetSfxInstallMode
XzGetSfxMessagesA
XzGetSfxMessagesW
XzGetSfxProgramGroupA
XzGetSfxProgramGroupItemsA
XzGetSfxProgramGroupItemsW
XzGetSfxProgramGroupW
XzGetSfxReadmeFileA
XzGetSfxReadmeFileW
XzGetSfxRegistryKeysA
XzGetSfxRegistryKeysW
XzGetSfxStringsA
XzGetSfxStringsW
XzGetSkipIfExisting
XzGetSkipIfNotExisting
XzGetSkipIfOlderDate
XzGetSkipIfOlderVersion
XzGetSpanMultipleDisks
XzGetSplitSize
XzGetTempFolderA
XzGetTempFolderW
XzGetUnzipToFolderA
XzGetUnzipToFolderW
XzGetUse64BitEvents
XzGetUseTempFile
XzGetZipContents
XzGetZipFileInformation
XzGetZipFileInformation64
XzGetZipFilenameA
XzGetZipFilenameW
XzGetZipOpenedFiles
XzListZipContents
XzPreviewFiles
XzRemoveFiles
XzSetAbort
XzSetBackgroundProcessing
XzSetBasePathA
XzSetBasePathW
XzSetCompressionLevel
XzSetCompressionMethod
XzSetDeleteZippedFiles
XzSetEncryptionPasswordA
XzSetEncryptionPasswordW
XzSetEventsToTrigger
XzSetExcludedFileAttributes
XzSetExtraHeaders
XzSetFilesToExcludeA
XzSetFilesToExcludeW
XzSetFilesToProcessA
XzSetFilesToProcessW
XzSetFirstDiskFreeSpace
XzSetMaxDateToProcess
XzSetMaxSizeToProcess
XzSetMinDateToProcess
XzSetMinDiskFreeSpace
XzSetMinSizeToProcess
XzSetPreservePaths
XzSetProcessSubfolders
XzSetRequiredFileAttributes
XzSetSfxBinaryModuleA
XzSetSfxBinaryModuleW
XzSetSfxButtonsA
XzSetSfxButtonsW
XzSetSfxDefaultPasswordA
XzSetSfxDefaultPasswordW
XzSetSfxDefaultUnzipToFolderA
XzSetSfxDefaultUnzipToFolderW
XzSetSfxExecuteAfterA
XzSetSfxExecuteAfterW
XzSetSfxExistingFileBehavior
XzSetSfxExtensionsToAssociateA
XzSetSfxExtensionsToAssociateW
XzSetSfxFilesToCopyA
XzSetSfxFilesToCopyW
XzSetSfxFilesToRegisterA
XzSetSfxFilesToRegisterW
XzSetSfxIconFilenameA
XzSetSfxIconFilenameW
XzSetSfxInstallMode
XzSetSfxMessagesA
XzSetSfxMessagesW
XzSetSfxProgramGroupA
XzSetSfxProgramGroupItemsA
XzSetSfxProgramGroupItemsW
XzSetSfxProgramGroupW
XzSetSfxReadmeFileA
XzSetSfxReadmeFileW
XzSetSfxRegistryKeysA
XzSetSfxRegistryKeysW
XzSetSfxStringsA
XzSetSfxStringsW
XzSetSkipIfExisting
XzSetSkipIfNotExisting
XzSetSkipIfOlderDate
XzSetSkipIfOlderVersion
XzSetSpanMultipleDisks
XzSetSplitSize
XzSetTempFolderA
XzSetTempFolderW
XzSetUnzipToFolderA
XzSetUnzipToFolderW
XzSetUse64BitEvents
XzSetUseTempFile
XzSetXceedZipCallback
XzSetXceedZipWindow
XzSetZipFilenameA
XzSetZipFilenameW
XzSetZipOpenedFiles
XzSfxAddExecuteAfterA
XzSfxAddExecuteAfterW
XzSfxAddExtensionToAssociateA
XzSfxAddExtensionToAssociateW
XzSfxAddFileToCopyA
XzSfxAddFileToCopyW
XzSfxAddFileToRegisterA
XzSfxAddFileToRegisterW
XzSfxAddProgramGroupItemA
XzSfxAddProgramGroupItemW
XzSfxAddRegistryKeyA
XzSfxAddRegistryKeyW
XzSfxClearButtons
XzSfxClearMessages
XzSfxClearStrings
XzSfxLoadConfigA
XzSfxLoadConfigW
XzSfxResetButtons
XzSfxResetMessages
XzSfxResetStrings
XzSfxSaveConfigA
XzSfxSaveConfigW
XzTestZipFile
XzUnzip
XzZip
XziDestroyXceedZipItems
XziGetFirstItemA
XziGetFirstItemW
XziGetNextItemA
XziGetNextItemW
g_xzFunctions

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/fzhnc/1.exe
.exe windows:5 windows x86 arch:x86

c56a25fa4336eeb10723b3537ba4876d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
LocalAlloc
GetLastError
GetCurrentProcess
GetPrivateProfileIntA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetPrivateProfileStringA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
GetProcAddress
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
LoadLibraryA
FindClose
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
CloseHandle
GetStartupInfoA
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
LocalFree
FormatMessageA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
CreateDirectoryA
ExpandEnvironmentStringsA
GetVersionExA
GetDiskFreeSpaceA
MulDiv

gdi32

GetDeviceCaps

user32

wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
EndDialog
GetDesktopWindow
CharPrevA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
SetWindowLongA
EnableWindow
SendMessageA
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetDlgItemTextA
DispatchMessageA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/fzhnc/QQBQ.exe
.exe windows:4 windows x86 arch:x86

1bed3305885b0ca596d9cbba22baf78a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
SetFileTime
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
CreateWindowExA
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
GetDlgItem
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
SetClipboardData
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LICENSE.RTF
.rtf
NC.CNT
NC.GID
NC.HLP
NC.exe
.exe windows:4 windows x86 arch:x86

04564af00a96c5b7c5a9ce19e84d98a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetGetConnectionA
WNetConnectionDialog
WNetDisconnectDialog
WNetGetLastErrorA

wsock32

inet_addr
socket
htons
connect
select
WSACleanup
WSAIsBlocking
accept
WSACancelBlockingCall
getsockname
closesocket
getservbyname
recv
listen
bind
send
gethostbyname
gethostname
gethostbyaddr
getpeername
inet_ntoa
ntohs
ioctlsocket
setsockopt
WSAStartup
WSAGetLastError

xceedzip

ord206
ord141
ord125
ord167
ord5
ord8
ord18
ord147
ord24
ord26
ord127
ord115
ord61
ord31
ord168
ord6
ord149
ord35
ord53
ord9
ord55
ord39
ord43
ord131
ord13

unrar

RARReadHeader
RARSetPassword
RARCloseArchive
RARProcessFile
RARReadHeaderEx
RAROpenArchiveEx

kernel32

IsBadWritePtr
GetTickCount
_lwrite
GetTempFileNameA
FreeLibrary
GetWindowsDirectoryA
WinExec
SetFilePointer
GetSystemDirectoryA
CreateEventA
GetExitCodeThread
FindCloseChangeNotification
PulseEvent
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
FindNextFileA
GetCurrentProcess
GetCurrentThread
GetVersion
IsBadReadPtr
CreateFileW
DeleteFileA
DeleteFileW
GetTempFileNameW
GetCurrentThreadId
IsBadHugeReadPtr
RaiseException
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileIntA
WritePrivateProfileStringA
SetLastError
MulDiv
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
lstrcmpA
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsAlloc
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
SizeofResource
CopyFileA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetCurrentDirectoryA
RtlUnwind
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFileType
HeapFree
HeapAlloc
CreateDirectoryA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
GetACP
TerminateProcess
HeapSize
HeapReAlloc
FatalAppExitA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetStdHandle
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadCodePtr
SetConsoleCtrlHandler
GetLocaleInfoW
RemoveDirectoryA
GetFileSize
GlobalReAlloc
SetFileAttributesA
GetModuleFileNameA
MultiByteToWideChar
lstrcatA
lstrcmpiA
CompareFileTime
GetTempPathA
GetLocaleInfoA
DosDateTimeToFileTime
ExitProcess
DeleteCriticalSection
GetModuleHandleA
LocalHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrlenA
FormatMessageA
LoadLibraryA
GetProcAddress
GetDiskFreeSpaceA
GlobalSize
LocalAlloc
LocalLock
LocalUnlock
LocalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GlobalMemoryStatus
GetSystemInfo
GetPrivateProfileStringA
GetProfileStringA
WriteProfileStringA
_lopen
GlobalAlloc
GlobalLock
_lread
GlobalFree
_llseek
Sleep
lstrcpynA
SetFileTime
GetFileAttributesA
GetVersionExA
GetLogicalDriveStringsA
GetDriveTypeA
CreateFileA
GetLastError
DeviceIoControl
GetVolumeInformationA
WriteFile
ReadFile
OpenFile
CloseHandle
OutputDebugStringA
_lcreat
_lclose
CreateProcessA
GlobalHandle
GlobalUnlock
WideCharToMultiByte
lstrcpyA
QueryPerformanceCounter
QueryPerformanceFrequency
FindFirstFileA
FindClose
GetShortPathNameA
SetErrorMode
GetEnvironmentVariableA
WaitForSingleObject
GetTempPathW

user32

UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetDlgCtrlID
GetWindowTextLengthA
SetWindowPlacement
TrackPopupMenu
GetClassInfoA
IsChild
GetScrollPos
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
IsWindowVisible
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EqualRect
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
OemToCharA
TabbedTextOutA
GrayStringA
CheckRadioButton
GetDlgItemInt
SetDlgItemInt
SetDlgItemTextA
ScrollWindowEx
IsWindowEnabled
CreateDialogIndirectParamA
GetActiveWindow
GetNextDlgTabItem
ValidateRect
GetMessageA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
DestroyMenu
WaitMessage
GetWindowThreadProcessId
PostQuitMessage
ShowOwnedPopups
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
SetRectEmpty
SetMenu
ReuseDDElParam
UnpackDDElParam
GetSysColorBrush
GetDialogBaseUnits
GetTabbedTextExtentA
IsClipboardFormatAvailable
AppendMenuA
GetMenuStringA
RemoveMenu
PostThreadMessageA
CopyAcceleratorTableA
GetNextDlgGroupItem
DestroyIcon
IsIconic
GetWindowDC
GetWindowTextA
SystemParametersInfoA
SetRect
LoadIconA
WinHelpA
CopyIcon
GetMessagePos
MessageBeep
SetWindowLongA
CharLowerA
DefWindowProcA
CharUpperA
DestroyWindow
UnregisterClassA
RegisterClassA
DrawFocusRect
GetMenuItemCount
FrameRect
GetAsyncKeyState
GetCursorPos
WindowFromPoint
GetPropA
DestroyCursor
GetKeyState
VkKeyScanA
GetParent
LoadStringA
CharNextA
GetWindow
GetClassNameA
GetTopWindow
ScreenToClient
CharToOemBuffA
DrawEdge
GetClipboardData
DialogBoxParamA
GetCapture
SetCapture
ReleaseCapture
CheckDlgButton
IsDlgButtonChecked
SetFocus
GetDlgItemTextA
EndDialog
InvertRect
SetCaretPos
SetWindowTextA
GetMenu
BeginPaint
EndPaint
UpdateWindow
CharToOemA
ScrollWindow
HideCaret
DestroyCaret
CreateCaret
ShowCaret
GetDC
ReleaseDC
IsZoomed
SetScrollRange
GetFocus
CreateWindowExA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
ExitWindowsEx
SetScrollPos
GetDlgItem
ShowWindow
IsWindow
OpenClipboard
SetActiveWindow
KillTimer
SetTimer
RedrawWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
BringWindowToTop
OffsetRect
PtInRect
PostMessageA
EnableMenuItem
CheckMenuItem
MessageBoxA
MoveWindow
InflateRect
EmptyClipboard
SetClipboardData
CloseClipboard
LoadCursorA
SetCursor
LoadAcceleratorsA
GetSystemMetrics
TranslateAcceleratorA
InsertMenuA
GetMenuItemID
DeleteMenu
CreatePopupMenu
GetDesktopWindow
RegisterWindowMessageA
EnableWindow
SendMessageA
CallWindowProcA
RemovePropA
GetMessageTime
SetWindowPos
IntersectRect
GetWindowPlacement
IsWindowUnicode
GetWindowTextW
wvsprintfA
DrawTextExA
ChildWindowFromPoint
LoadMenuA
GetSubMenu
MsgWaitForMultipleObjects
SetForegroundWindow
GetLastActivePopup
DrawTextA
FillRect
CopyRect
WaitForInputIdle
GetSysColor
DrawIconEx
wsprintfA
FindWindowA
GetWindowLongA
GetForegroundWindow
GetMenuItemInfoA

gdi32

SetDIBColorTable
CreatePalette
GetPaletteEntries
SelectPalette
CreateCompatibleBitmap
CreateDCA
GetSystemPaletteEntries
GetDIBColorTable
RealizePalette
SetDIBitsToDevice
CreateCompatibleDC
BitBlt
CreateDIBSection
SetPixel
StartPage
EndDoc
EndPage
StartDocA
GetDIBits
ResetDCA
CreateFontA
DeleteDC
CreateRectRgnIndirect
MoveToEx
LineTo
SetTextColor
SetBkColor
GetTextExtentPoint32A
GetTextMetricsA
GetStockObject
GetObjectA
CreateFontIndirectA
GetDeviceCaps
StartDocW
AbortDoc
StretchDIBits
SetStretchBltMode
TextOutA
CreateBitmap
SetBitmapBits
Escape
GetDCOrgEx
GetClipBox
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
ExtCreatePen
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
ExtTextOutA
PatBlt
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
GetCharWidthA
CopyMetaFileA
GetTextColor
GetBkColor
LPtoDP
Rectangle
SelectObject
CreateSolidBrush
CreatePen
Polyline
SetAbortProc
DeleteObject
CreateHalftonePalette

comdlg32

GetFileTitleA
PageSetupDlgA
FindTextA
ReplaceTextA
GetSaveFileNameA
PrintDlgA
ChooseColorA
CommDlgExtendedError
GetOpenFileNameA
ChooseFontA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA
EnumPrintersA

advapi32

RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueA
RegCreateKeyA
RegQueryValueA
InitiateSystemShutdownA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA
RegSetValueExA
SetFileSecurityA
GetFileSecurityA
RegEnumKeyA

shell32

SHGetMalloc
SHGetDesktopFolder
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
DragQueryFileA
ShellExecuteExA
SHGetSpecialFolderLocation
DragFinish
ShellAboutA
Shell_NotifyIconA
DragAcceptFiles
ExtractIconA
SHFileOperationA
SHGetFileInfoA
FindExecutableA

comctl32

ImageList_GetIcon
ord17
ord13
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Merge
ImageList_Read
ImageList_Write
ord6

oledlg

ord8

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
OleRun
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
ReadClassStg
OleFlushClipboard
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoRegisterMessageFilter
ReleaseStgMedium
CoTreatAsClass
ReadFmtUserTypeStg
StringFromCLSID
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoUninitialize
OleIsCurrentClipboard
CoTaskMemFree

olepro32

ord253

oleaut32

SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
SysStringLen
SysReAllocStringLen
LoadTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayAllocDescriptor
SafeArrayUnaccessData

Sections

.text
Size: 949KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 55KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
NCDLL.DLL
.dll windows:4 windows x86 arch:x86

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1253
ord342
ord823
ord1182
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv

Sections

.text
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 282B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NCDLLchs.DLL
.dll windows:4 windows x86 arch:x86

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1253
ord342
ord823
ord1182
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv

Sections

.text
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 282B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.TXT
key.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uninst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

FOX!
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FOX!
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Lasefox
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/modern-header.bmp
unrar.dll
.dll windows:4 windows x86 arch:x86

385277c33e14ce37089eb1876b499856

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
Sleep
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
___CPPdebugHook

Sections

.text
Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xcdsfx32.bin
.exe windows:4 windows x86 arch:x86

63a5d7938b5c53bdfc2f46e503f74dd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
lstrcmpiA
lstrcatA
lstrcpyA
WaitForSingleObject
WinExec
OpenFile
_lclose
GetFileAttributesA
_lwrite
GetTimeZoneInformation
_lread
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFileTime
GetFullPathNameA
CreateDirectoryA
GetLastError
SetVolumeLabelA
GetFileSize
GetVolumeInformationA
SetFilePointer
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
lstrlenA
FlushFileBuffers
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapReAlloc
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
HeapDestroy
ExitProcess
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentDirectoryA
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetSystemTime
HeapFree
HeapAlloc
GetVersion
LoadLibraryA
GetProcAddress
CompareFileTime
SetFileAttributesA
CopyFileA
GetTempPathA
DeleteFileA
SetCurrentDirectoryA
RemoveDirectoryA
ReadFile
_llseek
GetVersionExA
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
VirtualAlloc
VirtualFree
Sleep
GetModuleFileNameA
CreateFileA
CloseHandle
GetWindowsDirectoryA
WriteFile
GetSystemDirectoryA

user32

SetActiveWindow
DestroyWindow
EnableWindow
SetWindowPos
EnumWindows
LoadBitmapA
LoadCursorA
OemToCharA
ShowWindow
GetMessageA
IsDialogMessageA
GetDlgCtrlID
EnableMenuItem
KillTimer
SetTimer
GetWindowTextA
PostMessageA
SetFocus
CreateWindowExA
SetCursor
GetParent
AdjustWindowRectEx
DrawFocusRect
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
wsprintfA
DdeCreateDataHandle
DdeClientTransaction
DdeGetLastError
DdeFreeStringHandle
DdeDisconnect
DdeUninitialize
UnregisterClassA
GetClassInfoA
RegisterClassA
MessageBeep
GetWindowLongA
SetWindowLongA
DefWindowProcA
SetWindowWord
GetClientRect
InvalidateRect
UpdateWindow
BeginPaint
FillRect
EndPaint
CallWindowProcA
GetDC
ScreenToClient
GetSysColor
FrameRect
ReleaseDC
MoveWindow
GetWindowWord
SetWindowTextA
SendMessageA
PostQuitMessage
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
DestroyIcon
DestroyCursor
GetDesktopWindow
GetWindowRect
LoadIconA
GetDlgItem

gdi32

SelectObject
CreateCompatibleDC
SetTextColor
SetBkColor
BitBlt
GetStockObject
SetBkMode
TextOutA
CreateSolidBrush
GetTextExtentPoint32A
DeleteObject
MoveToEx
LineTo
CreatePen
GetTextMetricsA
CreateFontIndirectA
DeleteDC
EnumFontFamiliesA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueA
RegCreateKeyA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
FindExecutableA

ole32

CoTaskMemFree

mpr

WNetGetConnectionA

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
˵.txt
snap01.jpg
.jpg
下载说明.htm
.html .js polyglot
汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

FOX! Size: - Virtual size: 576KB

FOX! Size: 19KB - Virtual size: 20KB

Lasefox Size: 6KB - Virtual size: 8KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

urlmon

wininet

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 644B

19b65baa7ae6fd735a9a9018efe8a691

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

01Certificate

0a:0f:31Certificate

Extended Key Usages

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

FOX!
Size: - Virtual size: 576KB

FOX!
Size: 19KB - Virtual size: 20KB

Lasefox
Size: 6KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 644B

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

01
Certificate

0a:0f:31
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 80KB - Virtual size: 77KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 224KB - Virtual size: 228KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 240KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 949KB - Virtual size: 952KB

.rdata
Size: 127KB - Virtual size: 128KB

.data
Size: 55KB - Virtual size: 216KB

.rsrc
Size: 7KB - Virtual size: 8KB