2024-02-04_246933d89f4b5ceffde6a391d70123cc_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_246933d89f4b5ceffde6a391d70123cc_mafia
Size

8.0MB
MD5

246933d89f4b5ceffde6a391d70123cc
SHA1

038e1ed333c838e3db733ad25e26882cd1aed78e
SHA256

600666cb31d05987996a09a7ab5d5b8cd1e1bda05a38919441c1a5efa0034654
SHA512

1981e6d27dbd31da9786929e8f429b930c09b8441eeb3d05c050ef4f90f690ee428aee2a70d9a2e1d4b2df8c62aebd543a755ed3fc40cdc8ef0bc29673c72a2c
SSDEEP

196608:ye1sP51wCez0MwTeJFYvZ5V4S9IeYojDIg9Cbk/V82:y3P51wCez0liJFYvrIerD9

Score

1^/10

Malware Config

Signatures

Files

2024-02-04_246933d89f4b5ceffde6a391d70123cc_mafia
.exe windows:5 windows x86 arch:x86

fde5d8cd1d28707fbd6b81aac614e065

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:b2:26:5e:70:61:ab:2e:ff:21:db:85:bc:95:16:11
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/12/2012, 00:00

Not After

16/02/2015, 23:59

Subject

CN=厦门美图网科技有限公司,OU=产品部,O=厦门美图网科技有限公司,L=Xiamen,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:a6:68:7c:61:52:f6:72:a8:13:21:c3:dc:2c:d2:dc:a2:4c:a2:cf
Signer

Actual PE Digest

6c:a6:68:7c:61:52:f6:72:a8:13:21:c3:dc:2c:d2:dc:a2:4c:a2:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MeiTu\xiuxiu\XiuXiu.pdb

Imports

pcfile

?OnSaveHDJpeg@PC_File@@SAHPB_WPAVBitmap@Gdiplus@@HHPAVCObjProgress@@HH@Z
?OnLoadImage@PC_File@@SAPAVBitmap@Gdiplus@@HHPAK@Z
?OnLoadImage@PC_File@@SAPAVBitmap@Gdiplus@@PB_WPAVCObjProgress@@HH0@Z
?GetImageFormat@PC_File@@SA?AW4MT_IMAGE_FORMAT@@XZ
?GetImageInfo@PC_File@@SAPAUtag_ImageInfo@@XZ
?OnLoadImage@PC_File@@SAPAVBitmap@Gdiplus@@PB_WHHPAVCObjProgress@@HH@Z
?ImageSaveTobinary@PC_File@@SAHPAVBitmap@Gdiplus@@PB_W@Z
?ImageReadFrombinary@PC_File@@SAPAVBitmap@Gdiplus@@PB_W@Z
?OnSaveQuick@PC_File@@SAHPB_WPAVBitmap@Gdiplus@@W4MT_IMAGE_FORMAT@@H@Z
?OnLoadImage@PC_File@@SAPAVBitmap@Gdiplus@@PAEHW4MT_IMAGE_FORMAT@@PAVCObjProgress@@HH@Z
?GetEncoderClsid@PC_File@@SAHPB_WPAU_GUID@@@Z
?OnSaveQuick@PC_File@@SAHPB_WPAVBitmap@Gdiplus@@HHW4MT_IMAGE_FORMAT@@H@Z

pcdsp

?CompositeWord@PC_Dsp@@SAHPAVGraphics@Gdiplus@@PAUtagFontObj@@PAUtagPathObj@@HNNMM@Z
?GetWordSize@PC_Dsp@@SAHPAUHWND__@@AAUtagFontObj@@AAUtagPathObj@@H@Z
?CreatNetWord@PC_Dsp@@SAHAAUtagFontObj@@AAUtagPathObj@@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAVCObjProgress@@HHPB_W@Z
?WC2MB@PC_Dsp@@SAPADPB_W@Z
?ResizeBitmap@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HH@Z
?Clone@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HHHHPAPAV23@@Z
?GaussIIRBlur@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HHPAVCObjProgress@@HH@Z
?ExecInpainting@PC_Dsp@@SA_NPAEHHH0HPAVCObjProgress@@HH@Z
?RedEyeRemove@PC_Dsp@@SAHPAVBitmap@Gdiplus@@ABUtagRECT@@@Z
?CompositeAlphaLevel@PC_Dsp@@SAHPAVBitmap@Gdiplus@@0PAVCObjProgress@@HH@Z
?Color_Channel_Composite@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@EEEPAVCObjProgress@@HH@Z
?LightNew@PC_Dsp@@SAHPAEHHJHPAVCObjProgress@@HH@Z
?Circle_Gradient_Alpha@PC_Dsp@@SA_NPAPAEH@Z
?CannyDericheBlur@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@MMPAEPAVCObjProgress@@HH@Z
?CreateArray@PC_Dsp@@SAHPAEJJ@Z
?DisplayImageUseGDIPLUS@PC_Dsp@@SAHPAVGraphics@Gdiplus@@PAVBitmap@3@HHNHN@Z
?GetBits@CyImage@@QAEPAEK@Z
?CalSuitRectForScene@PC_Dsp@@SAHHHHHPAUtagRECT@@AAN@Z
?GetBpp@CyImage@@QBEGXZ
??0CyImage@@QAE@XZ
??1CyImage@@UAE@XZ
?CreateFromHBITMAP@CyImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
??0CyImage@@QAE@ABV0@_N11@Z
?GaussDenoise@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HNNNNPAVCObjProgress@@HH@Z
?SimilarTopaz@PC_Dsp@@SAHPAVBitmap@Gdiplus@@PAVCObjProgress@@HH@Z
?CurveDenoise@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HHHPAVCObjProgress@@HH@Z
?SkinDenoise@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HHHHPAVCObjProgress@@HH@Z
?GrayScale@PC_Dsp@@SAHPAVBitmap@Gdiplus@@PAVCObjProgress@@HH@Z
?BitCrop@PC_Dsp@@SAPAVBitmap@Gdiplus@@PAV23@HHHH@Z
?WhiteBank@PC_Dsp@@SAHPAVBitmap@Gdiplus@@@Z
?IncreaseBpp@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@H@Z
?Negative@PC_Dsp@@SAHPAVBitmap@Gdiplus@@PAVCObjProgress@@HH@Z
?Mix@PC_Dsp@@SAHPAVBitmap@Gdiplus@@0JJ@Z
?GetBitDib@PC_Dsp@@SAPAUtagBITMAPINFOHEADER@@PAVBitmap@Gdiplus@@AAH@Z
?CropBitmap@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HHHH@Z
?NaturalSkin@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@H@Z
?DrawImage@PC_Dsp@@SAHPAVBitmap@Gdiplus@@PAPAV23@HHHH@Z
?Circle_Gradient_Alpha2Eye@PC_Dsp@@SA_NPAPAEH@Z
?CompositeColor@PC_Dsp@@SAHPAVBitmap@Gdiplus@@EEEPAVCObjProgress@@HH@Z
?Mosaic@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HPAVCObjProgress@@HH@Z
?WholeWhitening@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@HHHPAVCObjProgress@@HH@Z
?Overlay_Channel_Composite@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@EEEPAVCObjProgress@@HH@Z
?CreatSmallestRegion@PC_Dsp@@SAHHHPAUtagPOINT@@HPAUtagRECT@@@Z
?GeneralGifByCxs@PC_Dsp@@SAHPAPAVCyImage@@HHHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAHPAVCObjProgress@@HH@Z
?GeneralGifByCxs@PC_Dsp@@SAHPAPAVCyImage@@HHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAHPAVCObjProgress@@HH@Z
?CropImageByPoint@PC_Dsp@@SAPAVBitmap@Gdiplus@@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAUtagPOINT@@HAAUtagRECT@@@Z
?CalSuitNewRat@PC_Dsp@@SAHHHHHAAN@Z
?CalSuitNewPosition@PC_Dsp@@SAHHHHHAAH0@Z
?SetPaletteColor@CyImage@@QAEXEUtagRGBQUAD@@@Z
?ColorEqual@PC_Dsp@@SAHUtagRGBQUAD@@0@Z
?SetPixelIndex@CyImage@@QAEXJJE@Z
?SetTransColor@CyImage@@QAEXUtagRGBQUAD@@@Z
??0CQuantizer@@QAE@II@Z
??1CQuantizer@@UAE@XZ
?SetColorTable@CQuantizer@@QAEXPAUtagRGBQUAD@@@Z
?ProcessImage@CQuantizer@@QAEHPAX@Z
?DecreaseBpp@CyImage@@QAE_NK_NPAUtagRGBQUAD@@KPAVCObjProgress@@HH@Z
?Normal_Channel_Composite@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@EEEPAVCObjProgress@@HH@Z
?GeneralGifByBmp@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HHHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAHPAVCObjProgress@@HH@Z
?ConvertTo32Bits@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@@Z
?Light@PC_Dsp@@SAHPAVBitmap@Gdiplus@@JJPAVCObjProgress@@HH@Z
?Multiple@PC_Dsp@@SAHPAVBitmap@Gdiplus@@0PAVCObjProgress@@HH@Z
?SetColorWithBitmap@PC_Dsp@@SAHPAVBitmap@Gdiplus@@EEE@Z
?DrawByAlphaChange@PC_Dsp@@SAHPAVBitmap@Gdiplus@@0N@Z
?ExpandFrame@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HHHHUtagRGBQUAD@@@Z
?ShowShadow@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HHHHHK@Z
?SetNewCrop@PC_Dsp@@SAHPAPAVBitmap@Gdiplus@@HHHHHHHH@Z
??0CCUSMSharp@@QAE@XZ
??1CCUSMSharp@@QAE@XZ
?useEffect@CCUSMSharp@@QAEPAVBitmap@Gdiplus@@PAV23@MM@Z
?CreateGif@PC_Dsp@@SAHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAPAVBitmap@Gdiplus@@HHPAVCObjProgress@@HH@Z
?Light@PC_Dsp@@SAHPAEHHJJPAVCObjProgress@@HH@Z
?Saturateconst@PC_Dsp@@SAHPAEHHJJPAVCObjProgress@@HH@Z
?SetHue@PC_Dsp@@SAHPAEHHHPAVCObjProgress@@HH@Z
?UsmSharp@PC_Dsp@@SAHPAEHHMMPAVCObjProgress@@HH@Z
?SetColor@PC_Dsp@@SAHPAEHHHHHPAVCObjProgress@@HH@Z
?ExposureFilter@PC_Dsp@@SAHPAEHHMPAVCObjProgress@@HH@Z
?AutoColorLevel@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HPAVCObjProgress@@HH@Z
?AutoConstrast@PC_Dsp@@SAHPAVBitmap@Gdiplus@@PAVCObjProgress@@HH@Z
?BlackEye@PC_Dsp@@SA_NPAEHH0HHPAVCObjProgress@@HH@Z
?ImageProcessWithInpaint@PC_Dsp@@SA_NPAEHH0HPAVCObjProgress@@HH@Z
?SingleRotate@PC_Dsp@@SAHPAVBitmap@Gdiplus@@W4RotateFlipType@3@@Z
?MultiRotate@PC_Dsp@@SAPAVBitmap@Gdiplus@@PAV23@HHHHH@Z
?MultiRotateEx@PC_Dsp@@SAPAVBitmap@Gdiplus@@PAV23@HHHHEEE@Z
?SoftLight_Channel_Composite@PC_Dsp@@SA_NPAVBitmap@Gdiplus@@HPAVCObjProgress@@HH@Z
?AutoColor@PC_Dsp@@SAHPAVBitmap@Gdiplus@@HHPAVCObjProgress@@HH@Z

pceffect

?paper@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?ResizeMainToSuit@CMathDefine@@SAHHHHHPAVCRect@@AAN@Z
?PtChangeByRotate@CMathDefine@@SAXAAVPoint@Gdiplus@@HHN@Z
?AverageRandom@CMathDefine@@SAHHH@Z
?ChannelBlend_X@CEffect@@SAHPAE0HHHPAVCObjProgress@@HH@Z
?Effect_RouGuang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_NuanHua@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_HeiBai@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ZaoDian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_RuiHua@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_QuWu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_RouHe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_DuiBiQiangLie@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ZhiNengHuiSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_QuanCai@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JingdianLomo@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_Hdr@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YaoGun@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JiuShiGuang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_HouQingChun@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_80S@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_HuiYi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FuGuLomo@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_GeTeFeng@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YinXiang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YiZhou@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JingDianHDR@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ShiGuangSuiDao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ShenLanLeiYu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JiaoPian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FanHuangAnJiao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FanZhuanSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_HuaiJiu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ZiSeQingMi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_GuTongSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LengDiaoSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FuGuHeiBai@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XuanCaiLomo@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YunDuan@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LiuNian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ABaoSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YouGe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_NingXia@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FanSe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LaBi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ManHua@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XinRiXi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_MoRan@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FenHongJiaRen@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FuGu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_BingLing@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FenNenXi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JingDianYingLou@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LanDiao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_DanYa@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LaoZhaoPian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XiaoQingXin@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_RiXi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_NuanHuang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LengLan@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LengLv@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ZiSeHuanXiang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LengZi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_LiangHong@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_PingAnYe@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_FeiXue@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YeJing@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XingMang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_NiGuang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_JianGuang@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XiYangJianBian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_GuangShuJianBian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_BoLiShuiZhu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_XieShengSuMiao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_YouHua@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_GuDianSuMiao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_CaiQian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_DianShiXian@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_SuMiao@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_GuangHuaMeiFu@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_WeiMei@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_AlphaAdJust@CEffect@@SAHPAE0HHN@Z
?Effect_KuAi@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_ZiRanMeiBai@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z
?Effect_Bali@CEffect@@SAHPAEHHPAXPAVCObjProgress@@HH@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

WriteConsoleW
InterlockedCompareExchange
SetEnvironmentVariableA
GetDriveTypeW
TerminateThread
SizeofResource
LockResource
LoadResource
FindResourceW
GetPrivateProfileStringW
DeleteFileW
WritePrivateProfileStringW
MultiByteToWideChar
GetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LoadLibraryW
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
FreeLibrary
GetPrivateProfileIntW
Sleep
SetLastError
DeactivateActCtx
GetModuleHandleW
ActivateActCtx
GetVersion
CopyFileW
InterlockedDecrement
InterlockedIncrement
GetFileAttributesW
lstrlenW
WideCharToMultiByte
lstrcpynA
LCMapStringA
GlobalFree
GetVersionExW
lstrlenA
GetCPInfo
lstrcmpiW
SetEvent
WaitForSingleObject
GetModuleFileNameW
CreateDirectoryW
CreateFileW
ReadFile
SetFilePointer
WriteFile
CloseHandle
RemoveDirectoryW
GlobalMemoryStatus
GetFileSize
OutputDebugStringW
FormatMessageW
GetProcessHeap
HeapFree
CreateFileA
HeapAlloc
CreateEventW
ResetEvent
SetEndOfFile
SetThreadPriority
WaitForMultipleObjects
GetCurrentThreadId
InitializeCriticalSection
lstrcpyW
VirtualAlloc
VirtualFree
GlobalMemoryStatusEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTickCount
GetExitCodeThread
CreateSemaphoreW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
lstrcpynW
lstrcatW
LocalFree
GlobalReAlloc
GlobalSize
LocalAlloc
GetWindowsDirectoryW
SetFileAttributesW
DeviceIoControl
LoadLibraryA
ResumeThread
MulDiv
GetLocalTime
GetCurrentProcess
GetProcessTimes
FileTimeToSystemTime
FileTimeToLocalFileTime
AreFileApisANSI
VirtualProtect
FlushInstructionCache
VirtualQuery
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentProcessId
SuspendThread
CreateActCtxW
ReleaseActCtx
lstrcmpA
FindClose
FindNextFileW
FindFirstFileW
CreateMutexW
ReleaseMutex
GlobalGetAtomNameW
GetThreadLocale
MoveFileW
FlushFileBuffers
LockFile
UnlockFile
GetTimeZoneInformation
GetVolumeInformationW
GetFullPathNameW
InterlockedExchange
CompareStringA
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCurrentDirectoryW
GetUserDefaultLCID
GetFileTime
GetTempFileNameW
GetFileAttributesExW
GetFileSizeEx
SetErrorMode
GetNumberFormatW
GetTempPathW
GetProfileIntW
SearchPathW
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
ExitProcess
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetTimeFormatW
GetDateFormatW
RtlUnwind
RaiseException
HeapReAlloc
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
GetSystemInfo
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
DuplicateHandle

user32

SetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
CharNextW
UnregisterClassW
RealChildWindowFromPoint
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
MessageBeep
PostQuitMessage
MonitorFromPoint
GetSystemMenu
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
DestroyAcceleratorTable
NotifyWinEvent
CharUpperW
DrawIcon
DestroyMenu
DrawStateW
MapVirtualKeyW
GetKeyNameTextW
InvalidateRgn
CopyAcceleratorTableW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
CheckDlgButton
ValidateRect
GetWindowThreadProcessId
EndPaint
BeginPaint
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuStringW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
GetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetParent
GetClassInfoW
RegisterClassW
DeferWindowPos
SetWindowPlacement
GetWindowPlacement
CheckMenuItem
LockWindowUpdate
GetIconInfo
WindowFromPoint
GetWindowRgn
CreateWindowExW
RegisterClassExW
DefWindowProcW
RegisterClipboardFormatW
LoadMenuW
ClipCursor
LoadImageW
DestroyCursor
GetMessagePos
DrawFrameControl
InflateRect
SetRectEmpty
CreateIconIndirect
DrawFocusRect
IsZoomed
SetForegroundWindow
SetScrollInfo
GetScrollInfo
EnableScrollBar
ShowScrollBar
SetScrollRange
SetScrollPos
GetScrollRange
GetScrollPos
ShowWindow
IsIconic
FindWindowW
IsMenu
EnumWindows
UnhookWindowsHookEx
RemovePropW
RegisterDeviceNotificationW
SetWindowsHookExW
OffsetRect
MoveWindow
GetClassNameA
SetPropA
RemovePropA
CallWindowProcA
SendMessageA
GetMenu
GetWindowTextW
EnableMenuItem
SetFocus
DestroyWindow
LoadIconW
FrameRect
GetCapture
UpdateLayeredWindow
GetWindowDC
MsgWaitForMultipleObjects
PeekMessageW
ReleaseCapture
SetCapture
EqualRect
UnionRect
IsClipboardFormatAvailable
WaitMessage
SetClassLongW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CharUpperBuffW
SetCursorPos
IsRectEmpty
IntersectRect
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
IsWindowVisible
GetClassNameW
AdjustWindowRectEx
CallWindowProcW
EnumDisplaySettingsW
wsprintfW
EnumChildWindows
CopyImage
GetNextDlgGroupItem
InvertRect
HideCaret
CopyIcon
GetDoubleClickTime
GetUpdateRect
SubtractRect
IsCharLowerW
MapVirtualKeyExW
GetClassInfoExW
GetPropA
GetWindowLongA
SetWindowLongA
GetClientRect
InvalidateRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetTimer
PtInRect
KillTimer
GetDlgCtrlID
GetCursorPos
ScreenToClient
SetCursor
LoadCursorW
EnableWindow
SetWindowPos
GetDC
GetWindowRect
GetWindowLongW
SetWindowLongW
ReleaseDC
GetKeyState
PostMessageW
UpdateWindow
RedrawWindow
IsWindow
ClientToScreen
GetWindow
SendMessageW
SetWindowRgn
SetRect
MessageBoxW
GetSystemMetrics
GetAsyncKeyState
BringWindowToTop
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CopyRect
FillRect
DrawEdge
GetSysColor
GetMenuItemInfoW
SystemParametersInfoW
DrawIconEx
DestroyIcon
GetDesktopWindow
AppendMenuW
GetMenuItemCount
InsertMenuW
ModifyMenuW
GetMenuState
GetMenuItemID
CreateMenu
CreatePopupMenu
GetSysColorBrush
LoadBitmapW
RemoveMenu
DeleteMenu
GetSubMenu
GetDlgItem
GetParent
GetMenuDefaultItem

gdi32

PatBlt
CreateHatchBrush
Rectangle
CreatePolygonRgn
PtInRegion
CreateEllipticRgn
GetClipBox
CreateRectRgnIndirect
ExcludeClipRect
SetBkColor
CreateBitmap
CreatePalette
RealizePalette
GetTextMetricsW
Polygon
LineDDA
SetPixelV
CreateFontW
GetDIBits
GetSystemPaletteEntries
SelectPalette
CreateDIBitmap
SetDIBColorTable
SetStretchBltMode
StretchBlt
GetPaletteEntries
CreateDCW
SetPaletteEntries
GetNearestPaletteIndex
SetMapMode
FillRgn
EnumFontsW
SetBkMode
SetTextColor
CopyMetaFileW
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SetPixel
GetLayout
SetLayout
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetObjectType
SetRectRgn
GetRgnBox
GetTextColor
EnumFontFamiliesW
GetTextCharsetInfo
OffsetRgn
Polyline
GetWindowOrgEx
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
GetTextFaceW
GetPixel
CreateDIBSection
Ellipse
GetTextExtentPoint32W
CreateFontIndirectW
GetBkMode
CreatePen
GetDeviceCaps
FrameRgn
CreateSolidBrush
EnumFontFamiliesExW
CombineRgn
CreateRectRgn
GetObjectW
GetStockObject
CreateRoundRectRgn
DeleteDC
DeleteObject
SelectObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
BitBlt
ExtTextOutA
GetBkColor

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegEnumKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueW
RegEnumKeyExW
RegQueryValueExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
DragQueryFileW
DragFinish
SHGetFileInfoW
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW

comctl32

ImageList_GetIconSize
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW
PathIsURLW
PathRemoveExtensionW
SHGetValueW
SHSetValueW
PathRemoveArgsW
PathUnquoteSpacesW
UrlUnescapeW
PathStripToRootW
PathIsUNCW

ole32

RevokeDragDrop
OleDuplicateData
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitializeEx
OleDraw
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromString
OleLockRunning
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
DoDragDrop
CoLockObjectExternal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoTaskMemAlloc
ReleaseStgMedium
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
RegisterDragDrop
CLSIDFromProgID
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
VarBstrCmp
VariantClear
OleCreateFontIndirect
VarBstrFromDate
SysAllocString
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
OleLoadPicture

oledlg

OleUIBusyW

urlmon

FindMimeFromData

wininet

InternetSetFilePointer
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetErrorDlg
InternetReadFileExA
HttpAddRequestHeadersW
HttpOpenRequestW
InternetQueryOptionW
InternetSetStatusCallbackW
InternetSetOptionW
HttpSendRequestExW
InternetConnectW
HttpEndRequestW
InternetWriteFile
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW

gdiplus

GdipDrawLine
GdipSetSolidFillColor
GdipTransformMatrixPoints
GdiplusStartup
GdiplusShutdown
GdipStartPathFigure
GdipAddPathArcI
GdipClosePathFigure
GdipAddPathLineI
GdipCreateHatchBrush
GdipAddPathRectangleI
GdipSetPenColor
GdipGetPointCount
GdipGetFontHeightGivenDPI
GdipMeasureString
GdipBitmapSetResolution
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipAddPathString
GdipCreateBitmapFromHBITMAP
GdipDrawRectangle
GdipCreateTexture2I
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipCreateLineBrushFromRectI
GdipCreateTextureIAI
GdipGetPathData
GdipGetPageUnit
GdipGetDpiX
GdipGetDpiY
GdipFillRectanglesI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetGenericFontFamilySerif
GdipSetImagePalette
GdipAddPathLine2I
GdipDrawImageRect
GdipSetStringFormatFlags
GdipCreateRegionPath
GdipDrawImagePointsI
GdipCombineRegionRegion
GdipLoadImageFromFile
GdipIsEmptyRegion
GdipCreateRegionRectI
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetImageHeight
GdipGetImageWidth
GdipCreateTexture2
GdipDeleteBrush
GdipCloneBrush
GdipTranslateTextureTransform
GdipFillRectangle
GdipCreateFont
GdipDeleteFont
GdipSetTextRenderingHint
GdipDrawImageRectI
GdipCreateSolidFill
GdipDrawString
GdipReleaseDC
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageRectRect
GdipLoadImageFromStream
GdipDrawImagePointRectI
GdipCreateTexture
GdipFillRectangleI
GdipGetGenericFontFamilySansSerif
GdipDeleteRegion
GdipCreateRegionHrgn
GdipFillRegion
GdipGraphicsClear
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipCreatePen2
GdipDrawRectangleI
GdipSetPenDashStyle
GdipCreateStringFormat
GdipDeleteStringFormat
GdipAddPathStringI
GdipGetGenericFontFamilyMonospace
GdipCreatePath
GdipDeletePath
GdipGetPathWorldBounds
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipTransformPath
GdipClonePath
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipFillPath
GdipAddPathPath
GdipScaleMatrix
GdipCreateLineBrushI
GdipSaveImageToStream
GdipSaveAddImage
GdipSaveAdd
GdipCreateBitmapFromStream
GdipTransformMatrixPointsI
GdipRotateMatrix
GdipSetWorldTransform
GdipDrawImageRectRectI
GdipImageRotateFlip
GdipCloneBitmapAreaI
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipSetCompositingMode
GdipFillEllipseI
GdipResetWorldTransform
GdipDrawImageI
GdipGetInterpolationMode
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipResetPath
GdipDrawPath
GdipDrawPolygonI
GdipCreateHBITMAPFromBitmap
GdipSetClipRectI
GdipDrawEllipseI
GdipAddPathEllipseI
GdipSetPenEndCap
GdipSetPenMode
GdipSetPenLineJoin
GdipDrawLinesI

crashreport

Install
TrySwitch
Unstall

setupapi

SetupIterateCabinetW

iphlpapi

GetAdaptersAddresses

winmm

PlaySoundW

netapi32

Netbios

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 967KB - Virtual size: 967KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 477KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fde5d8cd1d28707fbd6b81aac614e065

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

73:b2:26:5e:70:61:ab:2e:ff:21:db:85:bc:95:16:11Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

6c:a6:68:7c:61:52:f6:72:a8:13:21:c3:dc:2c:d2:dc:a2:4c:a2:cfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

pcfile

pcdsp

pceffect

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

wininet

gdiplus

crashreport

setupapi

iphlpapi

winmm

netapi32

oleacc

imm32

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.rdata Size: 967KB - Virtual size: 967KB

.data Size: 129KB - Virtual size: 188KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 477KB - Virtual size: 476KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

73:b2:26:5e:70:61:ab:2e:ff:21:db:85:bc:95:16:11
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

6c:a6:68:7c:61:52:f6:72:a8:13:21:c3:dc:2c:d2:dc:a2:4c:a2:cf
Signer

.text
Size: 5.0MB - Virtual size: 5.0MB

.rdata
Size: 967KB - Virtual size: 967KB

.data
Size: 129KB - Virtual size: 188KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 477KB - Virtual size: 476KB