2024-02-03_23a3c10f52e7695312565a0202750cc5_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_23a3c10f52e7695312565a0202750cc5_mafia
Size

8.0MB
MD5

23a3c10f52e7695312565a0202750cc5
SHA1

1d57e35ad4c3a8759ca6ab4bef8cd6407d5d3f45
SHA256

5fd47cb5f88d9ee18a0159a7a143debe22881bd794a890c55a09f91becde4081
SHA512

5dee6299cd679fc4b0230645cebf9e161f6c4c57886f527be75ae559aee2a599aaa0e87f4da1a3cf916a7b30bc374b5f210dda71deca4cdaad76dda8aa057ec8
SSDEEP

196608:gbwWj8JkuJ3CTmNhSdMLACbqaqvMew0cKpHSebdfLPjOqYy/ojDIg9Cbk/V8P:gbx8JkuJ3CT6sdMLAChew0cKpHSebdfQ

Score

1^/10

Malware Config

Signatures

Files

2024-02-03_23a3c10f52e7695312565a0202750cc5_mafia
.exe windows:5 windows x86 arch:x86

620eb8e641ef907bc11d664f31c389b1

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:b2:26:5e:70:61:ab:2e:ff:21:db:85:bc:95:16:11
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/12/2012, 00:00

Not After

16/02/2015, 23:59

Subject

CN=厦门美图网科技有限公司,OU=产品部,O=厦门美图网科技有限公司,L=Xiamen,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:b7:d1:d2:ff:3c:65:00:04:01:9f:b0:2f:f7:f3:e7:f3:a1:47:b0
Signer

Actual PE Digest

b7:b7:d1:d2:ff:3c:65:00:04:01:9f:b0:2f:f7:f3:e7:f3:a1:47:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MeiTu\xiuxiu\XiuXiu.pdb

Imports

pcfile

?OnSaveHDJpeg@PC_File@@SAHPB_WPAVBitmap@Gdiplus@@HHPAVCObjProgress@@HH@Z
?OnLoadImage@PC_File@@SAPAVBitmap@Gdiplus@@HHPAK@Z
?OnLoadImage@PC_File@@SAPAVBitmap@Gdiplus@@PB_WPAVCObjProgress@@HH0@Z
?GetImageFormat@PC_File@@SA?AW4MT_IMAGE_FORMAT@@XZ
?GetImageInfo@PC_File@@SAPAUtag_ImageInfo@@XZ
?OnLoadImage@PC_File@@SAPAVBitmap@Gdiplus@@PB_WHHPAVCObjProgress@@HH@Z
?ImageSaveTobinary@PC_File@@SAHPAVBitmap@Gdiplus@@PB_W@Z
?ImageReadFrombinary@PC_File@@SAPAVBitmap@Gdiplus@@PB_W@Z
?OnSaveQuick@PC_File@@SAHPB_WPAVBitmap@Gdiplus@@W4MT_IMAGE_FORMAT@@H@Z
?OnLoadImage@PC_File@@SAPAVBitmap@Gdiplus@@PAEHW4MT_IMAGE_FORMAT@@PAVCObjProgress@@HH@Z
?GetEncoderClsid@PC_File@@SAHPB_WPAU_GUID@@@Z
?OnSaveQuick@PC_File@@SAHPB_WPAVBitmap@Gdiplus@@HHW4MT_IMAGE_FORMAT@@H@Z

pcdsp

?ExecInpainting@PC_Dsp@@SA_NPAEHHH0HPAVCObjProgress@@HH@Z
?RedEyeRemove@PC_Dsp@@SAHPAVBitmap@Gdiplus@@ABUtagRECT@@@Z
?GeneralGifByBmp@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HHHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAHPAVCObjProgress@@HH@Z
?GaussIIRBlur@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HHPAVCObjProgress@@HH@Z
?Clone@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HHHHPAPAV23@@Z
?ResizeBitmap@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HH@Z
?WC2MB@PC_Dsp@@SAPADPB_W@Z
?CreatNetWord@PC_Dsp@@SAHAAUtagFontObj@@AAUtagPathObj@@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAVCObjProgress@@HHPB_W@Z
?GetWordSize@PC_Dsp@@SAHPAUHWND__@@AAUtagFontObj@@AAUtagPathObj@@H@Z
?CompositeWord@PC_Dsp@@SAHPAVGraphics@Gdiplus@@PAUtagFontObj@@PAUtagPathObj@@HNNMM@Z
?Color_Channel_Composite@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@EEEPAVCObjProgress@@HH@Z
?LightNew@PC_Dsp@@SAHPAEHHJHPAVCObjProgress@@HH@Z
?Circle_Gradient_Alpha@PC_Dsp@@SA_NPAPAEH@Z
?CannyDericheBlur@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@MMPAEPAVCObjProgress@@HH@Z
?CalSuitRectForScene@PC_Dsp@@SAHHHHHPAUtagRECT@@AAN@Z
?CreateArray@PC_Dsp@@SAHPAEJJ@Z
?DisplayImageUseGDIPLUS@PC_Dsp@@SAHPAVGraphics@Gdiplus@@PAVBitmap@3@HHNHN@Z
?GetBits@CyImage@@QAEPAEK@Z
?GetBpp@CyImage@@QBEGXZ
??0CyImage@@QAE@XZ
??1CyImage@@UAE@XZ
?CreateFromHBITMAP@CyImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
??0CyImage@@QAE@ABV0@_N11@Z
?GaussDenoise@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HNNNNPAVCObjProgress@@HH@Z
?SimilarTopaz@PC_Dsp@@SAHPAVBitmap@Gdiplus@@PAVCObjProgress@@HH@Z
?CurveDenoise@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HHHPAVCObjProgress@@HH@Z
?SkinDenoise@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HHHHPAVCObjProgress@@HH@Z
?GrayScale@PC_Dsp@@SAHPAVBitmap@Gdiplus@@PAVCObjProgress@@HH@Z
?BitCrop@PC_Dsp@@SAPAVBitmap@Gdiplus@@PAV23@HHHH@Z
?WhiteBank@PC_Dsp@@SAHPAVBitmap@Gdiplus@@@Z
?IncreaseBpp@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@H@Z
?Negative@PC_Dsp@@SAHPAVBitmap@Gdiplus@@PAVCObjProgress@@HH@Z
?Mix@PC_Dsp@@SAHPAVBitmap@Gdiplus@@0JJ@Z
?GetBitDib@PC_Dsp@@SAPAUtagBITMAPINFOHEADER@@PAVBitmap@Gdiplus@@AAH@Z
?CropBitmap@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HHHH@Z
?NaturalSkin@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@H@Z
?DrawImage@PC_Dsp@@SAHPAVBitmap@Gdiplus@@PAPAV23@HHHH@Z
?Circle_Gradient_Alpha2Eye@PC_Dsp@@SA_NPAPAEH@Z
?CompositeColor@PC_Dsp@@SAHPAVBitmap@Gdiplus@@EEEPAVCObjProgress@@HH@Z
?Mosaic@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HPAVCObjProgress@@HH@Z
?WholeWhitening@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@HHHPAVCObjProgress@@HH@Z
?Overlay_Channel_Composite@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@EEEPAVCObjProgress@@HH@Z
?CreatSmallestRegion@PC_Dsp@@SAHHHPAUtagPOINT@@HPAUtagRECT@@@Z
?GeneralGifByCxs@PC_Dsp@@SAHPAPAVCyImage@@HHHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAHPAVCObjProgress@@HH@Z
?GeneralGifByCxs@PC_Dsp@@SAHPAPAVCyImage@@HHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAHPAVCObjProgress@@HH@Z
?CropImageByPoint@PC_Dsp@@SAPAVBitmap@Gdiplus@@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAUtagPOINT@@HAAUtagRECT@@@Z
?CalSuitNewRat@PC_Dsp@@SAHHHHHAAN@Z
?CalSuitNewPosition@PC_Dsp@@SAHHHHHAAH0@Z
?SetPaletteColor@CyImage@@QAEXEUtagRGBQUAD@@@Z
?ColorEqual@PC_Dsp@@SAHUtagRGBQUAD@@0@Z
?SetPixelIndex@CyImage@@QAEXJJE@Z
?SetTransColor@CyImage@@QAEXUtagRGBQUAD@@@Z
??0CQuantizer@@QAE@II@Z
??1CQuantizer@@UAE@XZ
?SetColorTable@CQuantizer@@QAEXPAUtagRGBQUAD@@@Z
?ProcessImage@CQuantizer@@QAEHPAX@Z
?CompositeAlphaLevel@PC_Dsp@@SAHPAVBitmap@Gdiplus@@0PAVCObjProgress@@HH@Z
?DecreaseBpp@CyImage@@QAE_NK_NPAUtagRGBQUAD@@KPAVCObjProgress@@HH@Z
?Normal_Channel_Composite@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@EEEPAVCObjProgress@@HH@Z
?ConvertTo32Bits@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@@Z
?Light@PC_Dsp@@SAHPAVBitmap@Gdiplus@@JJPAVCObjProgress@@HH@Z
?Multiple@PC_Dsp@@SAHPAVBitmap@Gdiplus@@0PAVCObjProgress@@HH@Z
?SetColorWithBitmap@PC_Dsp@@SAHPAVBitmap@Gdiplus@@EEE@Z
?DrawByAlphaChange@PC_Dsp@@SAHPAVBitmap@Gdiplus@@0N@Z
?ExpandFrame@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HHHHUtagRGBQUAD@@@Z
?ShowShadow@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HHHHHK@Z
?SetNewCrop@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HHHHHHHH@Z
??0CCUSMSharp@@QAE@XZ
??1CCUSMSharp@@QAE@XZ
?useEffect@CCUSMSharp@@QAEPAVBitmap@Gdiplus@@PAV23@MM@Z
?CreateGif@PC_Dsp@@SAHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAPAVBitmap@Gdiplus@@HHPAVCObjProgress@@HH@Z
?Light@PC_Dsp@@SAHPAEHHJJPAVCObjProgress@@HH@Z
?Saturateconst@PC_Dsp@@SAHPAEHHJJPAVCObjProgress@@HH@Z
?SetHue@PC_Dsp@@SAHPAEHHHPAVCObjProgress@@HH@Z
?BlackEye@PC_Dsp@@SA_NPAEHH0HHPAVCObjProgress@@HH@Z
?ImageProcessWithInpaint@PC_Dsp@@SA_NPAEHH0HPAVCObjProgress@@HH@Z
?SingleRotate@PC_Dsp@@SAHPAVBitmap@Gdiplus@@W4RotateFlipType@3@@Z
?MultiRotate@PC_Dsp@@SAPAVBitmap@Gdiplus@@PAV23@HHHHH@Z
?MultiRotateEx@PC_Dsp@@SAPAVBitmap@Gdiplus@@PAV23@HHHHEEE@Z
?SoftLight_Channel_Composite@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@HPAVCObjProgress@@HH@Z
?AutoColor@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HHPAVCObjProgress@@HH@Z
?AutoConstrast@PC_Dsp@@SAHPAVBitmap@Gdiplus@@PAVCObjProgress@@HH@Z
?AutoColorLevel@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HPAVCObjProgress@@HH@Z
?ExposureFilter@PC_Dsp@@SAHPAEHHMPAVCObjProgress@@HH@Z
?SetColor@PC_Dsp@@SAHPAEHHHHHPAVCObjProgress@@HH@Z
?UsmSharp@PC_Dsp@@SAHPAEHHMMPAVCObjProgress@@HH@Z

pceffect

?paper@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?ResizeMainToSuit@CMathDefine@@SAHHHHHPAVCRect@@AAN@Z
?PtChangeByRotate@CMathDefine@@SAXAAVPoint@Gdiplus@@HHN@Z
?AverageRandom@CMathDefine@@SAHHH@Z
?ChannelBlend_X@CEffect@@SAHPAE0HHHPAVCObjProgress@@HH@Z
?Effect_RouGuang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JingdianLomo@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FuGu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FenHongJiaRen@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_DanYa@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_Hdr@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YunDuan@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ABaoSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_HouQingChun@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_HeiBai@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_NuanHua@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ZaoDian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_RuiHua@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_QuWu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_DuiBiQiangLie@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ZhiNengHuiSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_QuanCai@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FanSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YaoGun@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JiuShiGuang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_KuAi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_80S@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_HuiYi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FuGuLomo@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_GeTeFeng@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YinXiang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_Bali@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YiZhou@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JingDianHDR@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ShiGuangSuiDao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ShenLanLeiYu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JiaoPian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FanHuangAnJiao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FanZhuanSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_HuaiJiu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ZiSeHuanXiang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_GuTongSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LengDiaoSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_AlphaAdJust@CEffect@@SAHPAE0HHN@Z
?Effect_ZiSeQingMi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FuGuHeiBai@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XuanCaiLomo@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_GuangHuaMeiFu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ZiRanMeiBai@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LiuNian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YouGe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_NingXia@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XinRiXi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_MoRan@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_BingLing@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FenNenXi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JingDianYingLou@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LanDiao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LaoZhaoPian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XiaoQingXin@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_RiXi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_NuanHuang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LengLan@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LengLv@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LengZi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LiangHong@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_PingAnYe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FeiXue@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YeJing@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XingMang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_NiGuang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JianGuang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XiYangJianBian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_GuangShuJianBian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_BoLiShuiZhu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XieShengSuMiao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YouHua@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_GuDianSuMiao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_CaiQian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_DianShiXian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_RouHe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_SuMiao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

InterlockedCompareExchange
SetEnvironmentVariableA
TerminateThread
SizeofResource
LockResource
LoadResource
FindResourceW
GetPrivateProfileStringW
DeleteFileW
WritePrivateProfileStringW
MultiByteToWideChar
GetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LoadLibraryW
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
FreeLibrary
GetPrivateProfileIntW
Sleep
SetLastError
DeactivateActCtx
GetModuleHandleW
ActivateActCtx
GetVersion
CopyFileW
InterlockedDecrement
InterlockedIncrement
GetFileAttributesW
lstrlenW
WideCharToMultiByte
lstrcpynA
LCMapStringA
GlobalFree
GetVersionExW
lstrlenA
GetCPInfo
lstrcmpiW
SetEvent
WaitForSingleObject
GetModuleFileNameW
CreateDirectoryW
CreateFileW
ReadFile
SetFilePointer
WriteFile
CloseHandle
RemoveDirectoryW
GlobalMemoryStatus
GetFileSize
OutputDebugStringW
FormatMessageW
GetProcessHeap
HeapFree
CreateFileA
HeapAlloc
CreateEventW
ResetEvent
SetThreadPriority
WaitForMultipleObjects
GetCurrentThreadId
InitializeCriticalSection
lstrcpyW
VirtualAlloc
VirtualFree
GlobalMemoryStatusEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTickCount
GetExitCodeThread
CreateSemaphoreW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
lstrcpynW
lstrcatW
LocalFree
GlobalReAlloc
GlobalSize
LocalAlloc
GetWindowsDirectoryW
SetFileAttributesW
DeviceIoControl
LoadLibraryA
ResumeThread
MulDiv
GetLocalTime
GetCurrentProcess
GetProcessTimes
FileTimeToSystemTime
FileTimeToLocalFileTime
AreFileApisANSI
VirtualProtect
FlushInstructionCache
VirtualQuery
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentProcessId
SuspendThread
CreateActCtxW
ReleaseActCtx
lstrcmpA
FindClose
FindNextFileW
FindFirstFileW
CreateMutexW
ReleaseMutex
GlobalGetAtomNameW
GetThreadLocale
MoveFileW
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
SetEndOfFile
InterlockedExchange
CompareStringA
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCurrentDirectoryW
GetUserDefaultLCID
GetFileTime
GetTempFileNameW
GetFileAttributesExW
GetFileSizeEx
SetErrorMode
GetNumberFormatW
GetTempPathW
GetProfileIntW
SearchPathW
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
ExitProcess
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetTimeFormatW
GetDateFormatW
RtlUnwind
RaiseException
HeapReAlloc
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
GetSystemInfo
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
WriteConsoleW
GetDriveTypeW

user32

GetMenuDefaultItem
SetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
CharNextW
UnregisterClassW
RealChildWindowFromPoint
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
MessageBeep
PostQuitMessage
MonitorFromPoint
GetSystemMenu
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
DestroyAcceleratorTable
NotifyWinEvent
CharUpperW
DrawIcon
DestroyMenu
DrawStateW
MapVirtualKeyW
GetKeyNameTextW
InvalidateRgn
CopyAcceleratorTableW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
CheckDlgButton
ValidateRect
GetWindowThreadProcessId
EndPaint
BeginPaint
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuStringW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
GetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
LockWindowUpdate
GetClassInfoExW
GetClassInfoW
RegisterClassW
DeferWindowPos
SetWindowPlacement
GetDlgCtrlID
CheckMenuItem
GetIconInfo
WindowFromPoint
GetWindowRgn
CreateWindowExW
RegisterClassExW
DefWindowProcW
RegisterClipboardFormatW
LoadMenuW
ClipCursor
LoadImageW
DestroyCursor
GetMessagePos
DrawFrameControl
InflateRect
SetRectEmpty
CreateIconIndirect
DrawFocusRect
IsZoomed
SetForegroundWindow
SetScrollInfo
GetScrollInfo
EnableScrollBar
ShowScrollBar
SetScrollRange
SetScrollPos
GetScrollRange
GetScrollPos
ShowWindow
IsIconic
FindWindowW
IsMenu
EnumWindows
UnhookWindowsHookEx
RemovePropW
SetWindowsHookExW
OffsetRect
MoveWindow
GetClassNameA
SetPropA
RemovePropA
CallWindowProcA
SendMessageA
GetMenu
GetWindowTextW
EnableMenuItem
SetFocus
DestroyWindow
LoadIconW
FrameRect
GetCapture
UpdateLayeredWindow
GetWindowDC
MsgWaitForMultipleObjects
PeekMessageW
ReleaseCapture
SetCapture
EqualRect
UnionRect
SetParent
IsClipboardFormatAvailable
WaitMessage
SetClassLongW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CharUpperBuffW
SetCursorPos
IsRectEmpty
IntersectRect
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
IsWindowVisible
GetClassNameW
AdjustWindowRectEx
CallWindowProcW
EnumDisplaySettingsW
wsprintfW
EnumChildWindows
CopyImage
GetNextDlgGroupItem
InvertRect
HideCaret
CopyIcon
GetDoubleClickTime
GetUpdateRect
SubtractRect
IsCharLowerW
MapVirtualKeyExW
SetMenu
GetPropA
GetWindowLongA
SetWindowLongA
GetClientRect
InvalidateRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetTimer
PtInRect
KillTimer
GetWindowPlacement
GetCursorPos
ScreenToClient
SetCursor
LoadCursorW
EnableWindow
SetWindowPos
GetDC
GetWindowRect
GetWindowLongW
SetWindowLongW
ReleaseDC
GetKeyState
PostMessageW
UpdateWindow
RedrawWindow
IsWindow
ClientToScreen
GetWindow
SendMessageW
SetWindowRgn
SetRect
MessageBoxW
GetSystemMetrics
GetAsyncKeyState
BringWindowToTop
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CopyRect
FillRect
DrawEdge
GetSysColor
GetMenuItemInfoW
SystemParametersInfoW
DrawIconEx
DestroyIcon
GetDesktopWindow
AppendMenuW
GetMenuItemCount
InsertMenuW
ModifyMenuW
GetMenuState
GetMenuItemID
CreateMenu
CreatePopupMenu
GetSysColorBrush
LoadBitmapW
RemoveMenu
DeleteMenu
GetSubMenu
GetDlgItem
GetParent

gdi32

PatBlt
CreateHatchBrush
Rectangle
CreatePolygonRgn
PtInRegion
CreateEllipticRgn
GetClipBox
CreateRectRgnIndirect
ExcludeClipRect
SetBkColor
CreateBitmap
CreatePalette
RealizePalette
GetTextMetricsW
Polygon
LineDDA
SetPixelV
CreateFontW
GetDIBits
GetSystemPaletteEntries
SelectPalette
CreateDIBitmap
SetDIBColorTable
SetStretchBltMode
StretchBlt
GetPaletteEntries
CreateDCW
SetPaletteEntries
GetNearestPaletteIndex
SetMapMode
FillRgn
EnumFontsW
SetBkMode
SetTextColor
CopyMetaFileW
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SetPixel
GetLayout
SetLayout
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetObjectType
SetRectRgn
GetRgnBox
GetTextColor
EnumFontFamiliesW
GetTextCharsetInfo
OffsetRgn
Polyline
GetWindowOrgEx
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
GetTextFaceW
GetPixel
CreateDIBSection
Ellipse
GetTextExtentPoint32W
CreateFontIndirectW
GetBkMode
CreatePen
GetDeviceCaps
FrameRgn
CreateSolidBrush
EnumFontFamiliesExW
CombineRgn
CreateRectRgn
GetObjectW
GetStockObject
CreateRoundRectRgn
DeleteDC
DeleteObject
SelectObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
GetBkColor
ExtTextOutA
BitBlt

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegEnumKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueW
RegEnumKeyExW
RegQueryValueExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
DragQueryFileW
DragFinish
SHGetFileInfoW
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW

comctl32

ImageList_GetIconSize
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathIsURLW
PathFindExtensionW
PathRemoveExtensionW
SHGetValueW
SHSetValueW
PathRemoveArgsW
PathUnquoteSpacesW
UrlUnescapeW
PathStripToRootW
PathIsUNCW

ole32

RevokeDragDrop
OleDuplicateData
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitializeEx
OleDraw
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromString
OleLockRunning
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
DoDragDrop
CoLockObjectExternal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoTaskMemAlloc
ReleaseStgMedium
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
RegisterDragDrop
CLSIDFromProgID
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
OleLoadPicture
VariantClear
VarBstrCmp
SysAllocString

oledlg

OleUIBusyW

urlmon

FindMimeFromData

wininet

InternetSetFilePointer
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetErrorDlg
InternetReadFileExA
HttpAddRequestHeadersW
HttpOpenRequestW
InternetQueryOptionW
InternetSetStatusCallbackW
InternetSetOptionW
HttpSendRequestExW
InternetConnectW
HttpEndRequestW
InternetWriteFile
HttpAddRequestHeadersA
HttpOpenRequestA
InternetGetConnectedState
InternetCloseHandle
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW

gdiplus

GdipDrawLine
GdipSetSolidFillColor
GdipTransformMatrixPoints
GdiplusStartup
GdiplusShutdown
GdipStartPathFigure
GdipAddPathArcI
GdipClosePathFigure
GdipAddPathLineI
GdipCreateHatchBrush
GdipAddPathRectangleI
GdipSetPenColor
GdipGetPointCount
GdipGetFontHeightGivenDPI
GdipMeasureString
GdipBitmapSetResolution
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetGenericFontFamilySerif
GdipGetImageThumbnail
GdipDrawRectangle
GdipCreateTexture2I
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipCreateLineBrushFromRectI
GdipCreateTextureIAI
GdipGetPathData
GdipGetPageUnit
GdipGetDpiX
GdipGetDpiY
GdipFillRectanglesI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipSetImagePalette
GdipAddPathLine2I
GdipCreateRegionPath
GdipCreateBitmapFromHBITMAP
GdipAddPathString
GdipCreateRegionRectI
GdipDrawImageRect
GdipIsEmptyRegion
GdipLoadImageFromFile
GdipDrawImagePointsI
GdipCombineRegionRegion
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetImageHeight
GdipGetImageWidth
GdipCreateTexture2
GdipDeleteBrush
GdipCloneBrush
GdipTranslateTextureTransform
GdipFillRectangle
GdipCreateFont
GdipDeleteFont
GdipSetTextRenderingHint
GdipDrawImageRectI
GdipCreateSolidFill
GdipDrawString
GdipReleaseDC
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageRectRect
GdipLoadImageFromStream
GdipDrawImagePointRectI
GdipCreateTexture
GdipFillRectangleI
GdipGetGenericFontFamilySansSerif
GdipDeleteRegion
GdipCreateRegionHrgn
GdipFillRegion
GdipGraphicsClear
GdipSetInterpolationMode
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipCreatePen2
GdipDrawRectangleI
GdipSetPenDashStyle
GdipCreateStringFormat
GdipDeleteStringFormat
GdipAddPathStringI
GdipGetGenericFontFamilyMonospace
GdipCreatePath
GdipDeletePath
GdipGetPathWorldBounds
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipTransformPath
GdipClonePath
GdipSetSmoothingMode
GdipFillPath
GdipAddPathPath
GdipScaleMatrix
GdipCreateLineBrushI
GdipSaveImageToStream
GdipSaveAddImage
GdipSaveAdd
GdipCreateBitmapFromStream
GdipTransformMatrixPointsI
GdipRotateMatrix
GdipSetWorldTransform
GdipDrawImageRectRectI
GdipImageRotateFlip
GdipCloneBitmapAreaI
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipSetCompositingMode
GdipFillEllipseI
GdipResetWorldTransform
GdipDrawImageI
GdipGetInterpolationMode
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipResetPath
GdipDrawPath
GdipDrawPolygonI
GdipCreateHBITMAPFromBitmap
GdipSetClipRectI
GdipDrawEllipseI
GdipAddPathEllipseI
GdipSetPenEndCap
GdipSetPenMode
GdipSetPenLineJoin
GdipDrawLinesI
GdipSetStringFormatFlags

crashreport

Install
TrySwitch
Unstall

setupapi

SetupIterateCabinetW

iphlpapi

GetAdaptersAddresses

winmm

PlaySoundW

netapi32

Netbios

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 964KB - Virtual size: 963KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

620eb8e641ef907bc11d664f31c389b1

Code Sign

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

73:b2:26:5e:70:61:ab:2e:ff:21:db:85:bc:95:16:11Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

b7:b7:d1:d2:ff:3c:65:00:04:01:9f:b0:2f:f7:f3:e7:f3:a1:47:b0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

pcfile

pcdsp

pceffect

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

wininet

gdiplus

crashreport

setupapi

iphlpapi

winmm

netapi32

oleacc

imm32

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.rdata Size: 964KB - Virtual size: 963KB

.data Size: 128KB - Virtual size: 187KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 476KB - Virtual size: 475KB

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

73:b2:26:5e:70:61:ab:2e:ff:21:db:85:bc:95:16:11
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

b7:b7:d1:d2:ff:3c:65:00:04:01:9f:b0:2f:f7:f3:e7:f3:a1:47:b0
Signer

.text
Size: 5.0MB - Virtual size: 5.0MB

.rdata
Size: 964KB - Virtual size: 963KB

.data
Size: 128KB - Virtual size: 187KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 476KB - Virtual size: 475KB