abe91ca2d8c162bc993f57a70546ccc8

Sharing

Copy URL Twitter E-mail

General

Target

abe91ca2d8c162bc993f57a70546ccc8
Size

415KB
MD5

abe91ca2d8c162bc993f57a70546ccc8
SHA1

a73a39a6808ef56abb1ebf33108b4234c73af0ee
SHA256

807d23e10c0e8220959b19e9b6e06bd272155fdcce3963c27512a88310793299
SHA512

45cc83ae5f6102a072f87d187a994210e8ae96340013873deb840d4924e8b5f824731824e59bf449d2d16d2bb3690827fd5f4a4fedef4e2e8cb74e1375c3af91
SSDEEP

12288:jrmJjBnE7QcEXoMx4Late41SkAt+6oSWKr:jWjaQMMAatgVnr

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MFC42D.DLL
unpack001/MSVCRTD.DLL
unpack001/myhook.dll
unpack001/模拟幽灵.exe

Files

abe91ca2d8c162bc993f57a70546ccc8
.rar
MFC42D.DLL
.dll windows:4 windows x86 arch:x86

9f3980d49f12d0c47b136a2f3127c31f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrtd

_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
_adjust_fdiv
??1type_info@@UAE@XZ
_splitpath
_fullpath
__CxxFrameHandler
_CrtDbgReport
atol
__p___argc
__p___argv
_beginthreadex
_endthreadex
_mbsdec
_strdup
_expand
strtod
strtol
strtoul
abs
calloc
_msize
_purecall
strftime
_mbctype
ctime
localtime
gmtime
time
mktime
_ismbcspace
_mbclen
_mbsnbcmp
atoi
_ismbcdigit
sprintf
strlen
vsprintf
_mbsrchr
_mbscspn
_mbsspn
_mbsstr
_mbsrev
_mbslwr
_mbsupr
_mbschr
wcslen
free
realloc
malloc
fclose
fflush
fseek
ftell
fgets
fputs
fwrite
fread
clearerr
_open_osfhandle
_fdopen
__doserrno
_get_osfhandle
_mbsinc
_mbsicoll
_mbscoll
_mbsicmp
_mbscmp
abort
_CrtDoForAllClientObjects
_CrtMemDumpAllObjectsSince
_CrtMemCheckpoint
_CrtMemDumpStatistics
_CrtMemDifference
memset
_CrtIsMemoryBlock
_CrtCheckMemory
_CrtSetBreakAlloc
_CrtSetAllocHook
_malloc_dbg
_free_dbg
_vsnprintf
_CrtDumpMemoryLeaks
_CrtSetDbgFlag
_CrtSetDumpClient
_CrtSetReportHook
_CrtSetReportMode
_except_handler3
memcmp
memmove
memcpy
_gcvt
_mbspbrk
_CxxThrowException

kernel32

GetProfileIntA
SizeofResource
GetProcessVersion
GlobalFlags
GetTempFileNameA
GetDiskFreeSpaceA
LocalUnlock
FileTimeToSystemTime
VirtualProtect
FindResourceExA
InterlockedExchange
SetErrorMode
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
FindNextFileA
GetSystemDirectoryA
MulDiv
FreeLibrary
FindResourceA
LoadResource
LockResource
FreeResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
WaitForMultipleObjects
CreateEventA
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
PulseEvent
SetEvent
WaitForSingleObject
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetOEMCP
FileTimeToLocalFileTime
SearchPathA
WideCharToMultiByte
FormatMessageA
LocalFree
SetFileAttributesA
InterlockedDecrement
InterlockedIncrement
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
GetFileAttributesA
GetFileTime
GetFileSize
GlobalReAlloc
GlobalFree
GlobalUnlock
GlobalSize
GlobalAlloc
GlobalLock
lstrcmpiA
GetModuleFileNameA
GetShortPathNameA
GetFullPathNameA
GetThreadLocale
GetStringTypeExA
FindClose
GetVolumeInformationA
FindFirstFileA
LoadLibraryA
lstrcpyA
MultiByteToWideChar
MoveFileA
GetProcAddress
DeleteFileA
LockFile
SetEndOfFile
UnlockFile
SetFilePointer
CloseHandle
FlushFileBuffers
CreateFileA
WriteFile
ReadFile
SuspendThread
GetCurrentProcess
DuplicateHandle
SetThreadPriority
ResumeThread
GetThreadPriority
lstrlenA
GetPrivateProfileIntA
lstrcmpA
IsBadStringPtrA
IsBadReadPtr
IsBadWritePtr
GetLastError
IsBadStringPtrW
lstrcpynA
LocalLock
SetLastError
GetTempPathA
GetCPInfo
GetCurrentThread
RaiseException

gdi32

ResetDCA
GetOutlineTextMetricsA
GetTextExtentPoint32A
PlayMetaFile
EnumMetaFile
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
EnumFontFamiliesExA
DeleteMetaFile
IntersectClipRect
SetWindowOrgEx
MoveToEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
DeleteObject
StretchDIBits
DeleteDC
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
PlayEnhMetaFile
GdiComment
WidenPath
StrokePath
StrokeAndFillPath
SetMiterLimit
GetPath
GetMiterLimit
FlattenPath
FillPath
EndPath
CloseFigure
BeginPath
AbortPath
GetCharWidthFloatA
GetCharABCWidthsFloatA
ExtEscape
DrawEscape
PolyBezier
GetCurrentObject
GetColorAdjustment
PolyPolyline
GetArcDirection
AngleArc
SetPixelV
PlgBlt
MaskBlt
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocA
GetGlyphOutlineA
GetKerningPairsA
GetFontData
GetCharABCWidthsA
GetBoundsRect
SetBoundsRect
Escape
GetAspectRatioFilterEx
GetCharWidthA
GetTextCharacterExtra
GetTextMetricsA
GetTextFaceA
GetTextAlign
FloodFill
SetPixel
ExtFloodFill
StretchBlt
BitBlt
GetPixel
RoundRect
Rectangle
PatBlt
Polygon
Pie
PolyPolygon
Chord
Polyline
Ellipse
GetCurrentPositionEx
RectVisible
Arc
PaintRgn
InvertRgn
PtVisible
FillRgn
LPtoDP
FrameRgn
GetWindowExtEx
GetWindowOrgEx
DPtoLP
GetViewportOrgEx
GetMapMode
GetViewportExtEx
GetStretchBltMode
GetROP2
GetTextColor
GetBkMode
GetBkColor
GetPolyFillMode
RealizePalette
GetNearestColor
UpdateColors
EnumObjects
SetBrushOrgEx
SelectObject
GetDeviceCaps
CreateCompatibleDC
GetBrushOrgEx
CreateDCA
RectInRegion
CreateICA
GetRgnBox
OffsetRgn
PtInRegion
CombineRgn
SetRectRgn
EqualRgn
ExtCreateRegion
PathToRegion
GetRegionData
CreatePolyPolygonRgn
CreatePolygonRgn
CreateRoundRectRgn
TextOutA
CreateEllipticRgnIndirect
CreateEllipticRgn
CreateRectRgnIndirect
CreateRectRgn
ResizePalette
GetNearestPaletteIndex
AnimatePalette
SetPaletteEntries
GetPaletteEntries
CreateHalftonePalette
CreatePalette
CreateDiscardableBitmap
CreateCompatibleBitmap
GetBitmapDimensionEx
SetBitmapDimensionEx
GetBitmapBits
SetBitmapBits
CreateBitmapIndirect
CreateBitmap
CreateFontA
CreateFontIndirectA
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBrushIndirect
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePenIndirect
CreatePen
GetObjectType
UnrealizeObject
GetStockObject
GetObjectA
ExtTextOutA
CloseEnhMetaFile
CreateEnhMetaFileA
CloseMetaFile
CreateMetaFileA

user32

SetClipboardViewer
SendMessageA
IsWindow
PostMessageA
TabbedTextOutA
CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
OffsetRect
IntersectRect
UnionRect
SubtractRect
GetSysColorBrush
LoadBitmapA
WindowFromDC
ExcludeUpdateRgn
FillRect
FrameRect
InvertRect
DrawIcon
DrawStateA
DrawEdge
DrawFrameControl
DrawFocusRect
DrawTextA
GetTabbedTextExtentA
GrayStringA
ScrollDC
CreateMenu
CreatePopupMenu
IsMenu
DeleteMenu
AppendMenuA
CheckMenuItem
EnableMenuItem
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
GetMenuItemInfoA
GetSubMenu
InsertMenuA
ModifyMenuA
RemoveMenu
SetMenuItemBitmaps
LoadMenuA
LoadMenuIndirectA
SetMenuContextHelpId
GetMenuContextHelpId
CheckMenuRadioItem
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
HiliteMenuItem
IsIconic
IsZoomed
ArrangeIconicWindows
SetWindowRgn
GetWindowRgn
BringWindowToTop
GetWindowRect
GetClientRect
MapWindowPoints
ClientToScreen
ScreenToClient
BeginPaint
EndPaint
GetDC
GetWindowDC
ReleaseDC
UpdateWindow
GetUpdateRect
GetUpdateRgn
InvalidateRect
InvalidateRgn
ValidateRect
ValidateRgn
IsWindowVisible
ShowOwnedPopups
GetDCEx
LockWindowUpdate
RedrawWindow
EnableScrollBar
SetTimer
KillTimer
GetActiveWindow
SetActiveWindow
GetCapture
SetCapture
GetFocus
GetDesktopWindow
DlgDirListA
DlgDirListComboBoxA
DlgDirSelectExA
DlgDirSelectComboBoxExA
GetNextDlgGroupItem
GetNextDlgTabItem
ShowScrollBar
ChildWindowFromPoint
ChildWindowFromPointEx
FindWindowA
GetWindow
GetTopWindow
GetLastActivePopup
IsChild
GetParent
SetParent
WindowFromPoint
FlashWindow
ChangeClipboardChain
PeekMessageA
OpenClipboard
GetOpenClipboardWindow
GetClipboardOwner
GetClipboardViewer
CreateCaret
GetCaretPos
SetCaretPos
HideCaret
ShowCaret
SetForegroundWindow
GetForegroundWindow
SendNotifyMessageA
SetWindowContextHelpId
GetWindowContextHelpId
EnableWindow
MapDialogRect
GetWindowLongA
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
PostThreadMessageA
LoadCursorA
LoadIconA
CloseWindow
OpenIcon
CharUpperA
GetSystemMetrics
CharToOemA
OemToCharA
UnhookWindowsHookEx
MsgWaitForMultipleObjects
GetWindowPlacement
SystemParametersInfoA
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetDlgCtrlID
GetClassNameA
DefWindowProcA
DestroyWindow
GetKeyState
GetWindowTextA
GetWindowTextLengthA
GetDlgItem
SetWindowPlacement
TrackPopupMenu
RegisterClassA
GetClassInfoA
WinHelpA
MessageBoxA
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
AdjustWindowRectEx
SetFocus
DispatchMessageA
GetSysColor
SendDlgItemMessageA
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
SetCursor
IsWindowEnabled
ShowWindow
DestroyMenu
ReuseDDElParam
UnpackDDElParam
WaitMessage
GetCursorPos
TranslateMessage
GetMessageA
GetWindowThreadProcessId
DefFrameProcA
TranslateMDISysAccel
DefMDIChildProcA
CreateDialogIndirectParamA
EndDialog
wvsprintfA
GetAsyncKeyState
GetDialogBaseUnits
GetClipboardFormatNameA
SetWindowTextA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
MoveWindow
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
IsClipboardFormatAvailable
MessageBeep
UnregisterClassA
LoadStringA
PostQuitMessage
wsprintfA

Sections

.text
Size: 680KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSVCRTD.DLL
.dll windows:4 windows x86 arch:x86

265cd32afd4d72991a91eb9bf6c51bae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEnvironmentVariableW
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
ResumeThread
GetLastError
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
HeapValidate
GetProcAddress
LoadLibraryA
DebugBreak
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
RaiseException
FlushFileBuffers
SetFilePointer
SetStdHandle
Sleep
CompareStringA
CompareStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetSystemTimeAsFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime
GetSystemTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CrtCheckMemory
_CrtDbgBreak
_CrtDbgReport
_CrtDoForAllClientObjects
_CrtDumpMemoryLeaks
_CrtIsMemoryBlock
_CrtIsValidHeapPointer
_CrtIsValidPointer
_CrtMemCheckpoint
_CrtMemDifference
_CrtMemDumpAllObjectsSince
_CrtMemDumpStatistics
_CrtSetAllocHook
_CrtSetBreakAlloc
_CrtSetDbgBlockType
_CrtSetDbgFlag
_CrtSetDumpClient
_CrtSetReportFile
_CrtSetReportHook
_CrtSetReportMode
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__crtAssertBusy
__p__crtBreakAlloc
__p__crtDbgFlag
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_calloc_dbg
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_crtAssertBusy
_crtBreakAlloc
_crtDbgFlag
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_expand_dbg
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_free_dbg
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_malloc_dbg
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_msize_dbg
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_realloc_dbg
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone

Sections

.text
Size: 340KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
myhook.dll
.dll windows:4 windows x86 arch:x86

af5a8dcd2288e59d6fa90024eca97010

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42d

ord4415
ord3231
ord1033
ord4130
ord1789
ord2661
ord4227
ord4229
ord2104
ord3366
ord3826
ord4239
ord4215
ord4408
ord3244
ord2340
ord2481
ord2584
ord3691
ord2473
ord2585
ord2341
ord2432
ord2339
ord2715
ord3143
ord3144
ord3142
ord2431
ord3367
ord1860
ord3657
ord2021
ord1285
ord4492
ord2986
ord528
ord706
ord728
ord711
ord721
ord593
ord2133
ord345
ord590
ord1510
ord5086
ord714
ord4123
ord342
ord4258
ord1110
ord1189
ord1191
ord1087
ord1114
ord1041
ord719
ord333
ord1157
ord1880
ord3702
ord3784
ord5077
ord1101
ord1179
ord1129
ord1186
ord285
ord726
ord551
ord550
ord1192
ord284
ord1166
ord1164
ord1050

msvcrtd

__CxxFrameHandler
__dllonexit
_onexit
??1type_info@@UAE@XZ
_adjust_fdiv
_malloc_dbg
_initterm
_free_dbg

kernel32

LocalFree
GetTickCount
LocalAlloc

user32

SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx

Exports

Exports

readHook
starHook
starPlay
stopHook
writeHook

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myhook
Size: 4KB - Virtual size: 266B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
模拟幽灵.exe
.exe windows:4 windows x86 arch:x86

adb31796972d50aa956c8fa436415405

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

myhook

ord5
ord1
ord3
ord4
ord2

mfc42

ord1576
ord6175
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord2558
ord6215
ord617
ord5301
ord5214
ord296
ord5503
ord2635
ord986
ord520
ord823
ord4159
ord6117
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord2399
ord4387
ord3454
ord3198
ord6080
ord1168
ord4623
ord4426
ord338
ord652
ord4823
ord1200
ord4160
ord800
ord5710
ord540
ord537
ord1841
ord4241
ord4589
ord4588
ord4899
ord4370
ord4892
ord4533
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord2091
ord4432
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord609
ord567
ord364
ord784
ord2302
ord5260
ord5953
ord5677
ord3495
ord4720
ord2642
ord3097
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord674
ord4457
ord5252

msvcrt

__p__commode
__CxxFrameHandler
_mbscmp
atoi
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_controlfp
__p__fmode
__set_app_type
_except_handler3
_setmbcp

kernel32

GetStartupInfoA
GetModuleHandleA

user32

EnableWindow
UpdateWindow

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
科达论坛-论坛首页.url
.url

Sharing

General

Malware Config

Signatures

Files

9f3980d49f12d0c47b136a2f3127c31f

Headers

File Characteristics

Imports

msvcrtd

kernel32

gdi32

user32

Sections

.text Size: 680KB - Virtual size: 676KB

.rdata Size: 132KB - Virtual size: 130KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 32KB - Virtual size: 29KB

.reloc Size: 52KB - Virtual size: 49KB

265cd32afd4d72991a91eb9bf6c51bae

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 340KB - Virtual size: 338KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 24KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 16KB - Virtual size: 15KB

af5a8dcd2288e59d6fa90024eca97010

Headers

File Characteristics

Imports

mfc42d

msvcrtd

kernel32

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 6KB

.idata Size: 4KB - Virtual size: 1KB

.myhook Size: 4KB - Virtual size: 266B

.reloc Size: 4KB - Virtual size: 1KB

adb31796972d50aa956c8fa436415405

Headers

File Characteristics

Imports

myhook

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 404B

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 680KB - Virtual size: 676KB

.rdata
Size: 132KB - Virtual size: 130KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 32KB - Virtual size: 29KB

.reloc
Size: 52KB - Virtual size: 49KB

.text
Size: 340KB - Virtual size: 338KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 24KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 1KB

.myhook
Size: 4KB - Virtual size: 266B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 404B

.rsrc
Size: 12KB - Virtual size: 10KB