86f36c1bc89f2508008256a688d55a1e

Sharing

Copy URL

Twitter E-mail

General

Target

86f36c1bc89f2508008256a688d55a1e
Size

283KB
MD5

86f36c1bc89f2508008256a688d55a1e
SHA1

b0e6d464a7cff0255a380bf3ec7204875cb32486
SHA256

33343d5ef5714998ebf1f42df580bd8ed29faf976aab379e0509a4ada9f28695
SHA512

3839288f5c7e7cd554c2b19c9adcc1e26cc9ccc1a09d78f6759b6de60a744544177a29525617c06a01dff33dd2fe9922e48eed66e8ffa6bbcfdac1620986c0a3
SSDEEP

6144:/vfPOcEkevPKscbWPJ84Tl0JhkJQxMHny0AN210sfb7fi:nftVevP3cbOJooJ8MHy0A8tfnK

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/youhua/win.dll
unpack001/youhua/百度排名优化工具.exe

Files

86f36c1bc89f2508008256a688d55a1e
.rar
youhua/win.dll
.exe windows:4 windows x86 arch:x86

26c174d33ab28caa85031047988c7da0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
HeapFree
CreateThread
ExitThread
HeapAlloc
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
TerminateProcess
ExitProcess
RtlUnwind
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetOEMCP
GetCPInfo
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
lstrcpynA
EnterCriticalSection
MulDiv
SetLastError
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
MoveFileA
DeleteFileA
GetModuleFileNameA
SetCurrentDirectoryA
FormatMessageA
lstrlenA
LocalFree
SetConsoleCtrlHandler
Sleep
CreateFileA
DuplicateHandle
LoadLibraryA
GetProcAddress
GetLastError
OpenProcess
GetCurrentProcess
GetVersionExA
CloseHandle

user32

IsDialogMessageA
SetWindowTextA
ShowWindow
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CharUpperA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
DestroyMenu
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
CopyRect
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
SetCursor
PostQuitMessage
PostMessageA
LoadStringA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
RegisterWindowMessageA
GetPropA
SetWindowLongA
RemovePropA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
EnableWindow
LoadIconA
SetWindowPos
UnregisterClassA

gdi32

DeleteObject
DeleteDC
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCreateKeyExA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegSetValueExA

shell32

Shell_NotifyIconA

comctl32

ord17

wininet

InternetGetLastResponseInfoA
InternetOpenUrlA
InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetCloseHandle
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
youhua/youhua.jpg
.jpg
youhua/新云软件.url
.url
youhua/百度排名优化工具.exe
.exe windows:4 windows x86 arch:x86

763d9b4fc4d990492bd6e7bdbe5334e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\张伟平\T01\运行程序\文件7-免驱动\NetBoy解决翻页问题\NetBoy\Release\NetBoy.pdb

Imports

kernel32

GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetSystemTimeAsFileTime
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
SetErrorMode
GetTickCount
FileTimeToLocalFileTime
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetVolumeInformationA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
GetThreadLocale
InterlockedIncrement
GetFullPathNameA
GetFileTime
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
WritePrivateProfileStringA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
LoadLibraryA
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
SetLastError
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersion
CompareStringA
InterlockedExchange
CompareStringW
LocalFree
GetLastError
FormatMessageA
Sleep
DuplicateHandle
CreateFileA
OpenProcess
CloseHandle
GetCurrentProcess
SetCurrentDirectoryA
GetModuleFileNameA
FindClose
GetFileAttributesA
FindFirstFileA
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
GetEnvironmentStrings
SizeofResource

user32

PostThreadMessageA
InflateRect
GetSysColorBrush
CharNextA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
InvalidateRgn
SetRect
CopyAcceleratorTableA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetCursorPos
ReleaseCapture
SetCursor
LoadCursorA
SetCapture
KillTimer
SetTimer
ClientToScreen
FillRect
IsRectEmpty
FindWindowA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
EnableWindow
LoadIconA
IsIconic
SendMessageA
GetSystemMetrics
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
GetMenu
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
ScreenToClient
EqualRect
DeferWindowPos
CopyRect
RegisterClipboardFormatA
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
SetWindowRgn
GetMenuItemInfoA
GetClientRect
DrawIcon
CharUpperA
AdjustWindowRectEx
IsWindow
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UpdateWindow
InvalidateRect
GetParent
IsChild
GetFocus
GetDlgCtrlID
GetWindow
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
PtInRect
SetScrollInfo
GetScrollInfo

gdi32

CreateSolidBrush
CreateRectRgnIndirect
GetRgnBox
CreateCompatibleBitmap
GetStockObject
GetTextColor
CreateFontIndirectA
GetTextExtentPoint32A
GetMapMode
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
GetBkColor
GetDeviceCaps
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
Ellipse
LPtoDP
CreateEllipticRgn
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
PtVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
RegCreateKeyA
RegSetValueExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

DragFinish
DragQueryFileA
SHFileOperationA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
VariantClear
VariantInit
VarCmp
SysStringLen
SysAllocStringByteLen
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
OleCreateFontIndirect

Sections

.text
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26c174d33ab28caa85031047988c7da0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

wininet

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 12KB - Virtual size: 9KB

763d9b4fc4d990492bd6e7bdbe5334e3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 244KB - Virtual size: 242KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 12KB - Virtual size: 9KB

.text
Size: 244KB - Virtual size: 242KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 20KB - Virtual size: 18KB