b94385716b28904ec6e4de10c5eccc68

Sharing

Copy URL

Twitter E-mail

General

Target

b94385716b28904ec6e4de10c5eccc68
Size

1.4MB
MD5

b94385716b28904ec6e4de10c5eccc68
SHA1

9b55d16e9f8928b8cf49cf2dee1c888c8467b292
SHA256

8558086e8b762394d46b5951a7a0e7066a509ed4d4f49c85d1dc7f75ddf65ef6
SHA512

43d8402103129cabc4f4be094c742a826060fbeddceb08061534dad9216bdad4a37a77200dec4cc81d76e27f4eae9c1d002435afb24d63e054d36ba2080e03a2
SSDEEP

24576:tgN04tPKRFNizEub5/PB7bjC39hRg6bXG8Bb1HGN/5sKOdNr4E2XdYIxfSRY34j:l4tCTizEub5H9bj6bXBjmNRsKoemU4j

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/keygen注册机.exe	aspack_v212_v242

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FinalData.exe
unpack001/INFDRV.dll
unpack001/NtFsLdf20.sys
unpack001/NtFsLdf20_40.sys
unpack001/WDelMgr20.exe
unpack001/keygen注册机.exe
unpack001/ntfsldf20.exe

Files

b94385716b28904ec6e4de10c5eccc68
.rar
FINALDATA.GID
FinalData.cnt
FinalData.exe
.exe windows:4 windows x86 arch:x86

3e19f6d8072c013ab8be1e5067f82b80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum

kernel32

SetConsoleCtrlHandler
GetStringTypeW
GetLocaleInfoW
GetProfileStringA
InterlockedExchange
GetLocaleInfoA
SetEnvironmentVariableA
EnumSystemLocalesA
SetStdHandle
IsValidCodePage
IsValidLocale
FindResourceA
IsBadCodePtr
FreeResource
LoadResource
LockResource
HeapAlloc
RemoveDirectoryA
GetProcessHeap
CompareFileTime
HeapFree
GetCurrentProcess
MulDiv
LocalFileTimeToFileTime
SetFileTime
FormatMessageA
InterlockedDecrement
Sleep
IsBadWritePtr
GetModuleHandleA
GetWindowsDirectoryA
GlobalAlloc
GlobalHandle
GlobalSize
GetCurrentDirectoryA
GlobalLock
lstrcmpA
lstrcmpiA
lstrcatA
lstrcpynA
LocalFree
FlushFileBuffers
LocalAlloc
DeviceIoControl
GetLastError
GetDiskFreeSpaceA
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalUnlock
GlobalFree
FindNextFileA
GetLogicalDrives
FindFirstFileA
GetVolumeInformationA
FindClose
GetSystemDirectoryA
MoveFileA
GetDriveTypeA
SetFilePointer
WideCharToMultiByte
OutputDebugStringA
CreateDirectoryA
ReadFile
MultiByteToWideChar
DeleteFileA
GetTimeFormatA
WriteFile
lstrlenA
GetDateFormatA
DosDateTimeToFileTime
FileTimeToSystemTime
SystemTimeToFileTime
CreateFileA
GetSystemTime
GetFileTime
FileTimeToDosDateTime
GetFileSize
lstrcpyA
CloseHandle
FileTimeToLocalFileTime
OpenFile
SetFileAttributesA
GetUserDefaultLCID
CompareStringA
GetStringTypeA
CompareStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
SetCurrentDirectoryA
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
HeapCreate
LCMapStringW
LCMapStringA
VirtualAlloc
HeapDestroy
GetEnvironmentVariableA
FatalAppExitA
VirtualFree
HeapReAlloc
GetACP
ExitThread
CreateThread
TerminateProcess
GetStdHandle
DebugBreak
GetStartupInfoA
ExitProcess
GetCommandLineA
GetTimeZoneInformation
RaiseException
HeapValidate
lstrcpyW
GetLocalTime
RtlUnwind
CopyFileA
LocalLock
LocalUnlock
TlsGetValue
FindResourceExA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
LeaveCriticalSection
TlsAlloc
EnterCriticalSection
GetOEMCP
DeleteCriticalSection
InitializeCriticalSection
SizeofResource
GetCPInfo
GetProcessVersion
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
WaitForSingleObject
CreateEventA
SetEvent
GetProfileIntA
GetCurrentThread
GetTickCount
IsBadStringPtrA
GlobalFlags
IsBadReadPtr
GetFileAttributesA
IsBadStringPtrW
GetTempFileNameA
VirtualProtect
GlobalReAlloc
lstrlenW
GetThreadLocale
SetLastError
GetShortPathNameA
SetEndOfFile
GetStringTypeExA
GetFullPathNameA
DuplicateHandle
UnlockFile
LockFile
SuspendThread
GetModuleFileNameA
InterlockedIncrement
SetThreadPriority
ResumeThread
GetThreadPriority
GlobalGetAtomNameA
GetVersion
GetCurrentThreadId
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
_hwrite

user32

AppendMenuA
CheckMenuItem
DrawIcon
InvertRect
FrameRect
DeleteMenu
FillRect
ExcludeUpdateRgn
WindowFromDC
GetSysColorBrush
SubtractRect
UnionRect
InflateRect
SetRectEmpty
DestroyIcon
DestroyCursor
DestroyMenu
PeekMessageA
TranslateMessage
DispatchMessageA
SetRect
PtInRect
IsRectEmpty
LoadStringA
wvsprintfA
OemToCharA
CharToOemA
TabbedTextOutA
DrawStateA
IsMenu
SetMenuItemBitmaps
OpenIcon
CloseWindow
PostThreadMessageA
MapDialogRect
GetWindowContextHelpId
SetWindowContextHelpId
SendNotifyMessageA
GetForegroundWindow
SetForegroundWindow
ShowCaret
CreateMenu
SetCaretPos
GetCaretPos
CreateCaret
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
OpenClipboard
SetClipboardViewer
ChangeClipboardChain
FlashWindow
WindowFromPoint
SetParent
GetLastActivePopup
FindWindowA
ChildWindowFromPointEx
ChildWindowFromPoint
ShowScrollBar
DrawEdge
DrawFrameControl
DrawFocusRect
DrawTextA
GetTabbedTextExtentA
GrayStringA
ScrollDC
LoadBitmapA
GetMenuCheckMarkDimensions
HideCaret
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
GetDesktopWindow
SetCapture
KillTimer
SetTimer
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
ValidateRect
InvalidateRgn
InvalidateRect
GetUpdateRgn
GetUpdateRect
UpdateWindow
GetWindowDC
EndPaint
EnableMenuItem
IsZoomed
BringWindowToTop
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
CreatePopupMenu
HiliteMenuItem
GetSystemMenu
DrawMenuBar
SetMenu
GetMenu
PostMessageA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconA
SendDlgItemMessageA
GetClientRect
MapWindowPoints
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
GetTopWindow
IsChild
GetParent
GetWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
DefWindowProcA
GetClassNameA
GetDlgCtrlID
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
EndDialog
IsWindow
EnableWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetDC
ReleaseDC
GetWindowLongA
CallWindowProcA
SetWindowLongA
SetScrollInfo
EnableScrollBar
DragDetect
SetScrollPos
DestroyCaret
GetWindowTextA
GetActiveWindow
SetActiveWindow
SetClipboardData
EmptyClipboard
CloseClipboard
LoadCursorA
ReleaseCapture
RegisterClipboardFormatA
GetKeyState
GetCursorPos
MessageBoxA
SendMessageA
wsprintfA
LoadMenuA
GetIconInfo
LoadImageA
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
ModifyMenuA
GetMenuItemInfoA
InsertMenuA
SetMenuContextHelpId
RemoveMenu
LoadMenuIndirectA
CharUpperA
GetMenuContextHelpId
CheckMenuRadioItem
InSendMessage
PostQuitMessage
GetAsyncKeyState
MessageBeep
IsClipboardFormatAvailable
CountClipboardFormats
GetMessageA
GetSubMenu
SetCursor
ReuseDDElParam
LoadAcceleratorsA
TranslateAcceleratorA
CopyAcceleratorTableA
UnpackDDElParam
SetCursorPos
WaitMessage
GetDialogBaseUnits
GetClipboardFormatNameA
GetWindowThreadProcessId
CharNextA
BeginPaint
GetSysColor
ClientToScreen
TrackPopupMenuEx
UnregisterClassA
DefDlgProcA
IsWindowUnicode

gdi32

ResetDCA
SetPolyFillMode
SetROP2
Polygon
ExtSelectClipRgn
SelectClipPath
PlayMetaFileRecord
DrawEscape
BeginPath
GetCurrentObject
GetColorAdjustment
PolyBezier
GetArcDirection
AngleArc
PolyPolyline
PlgBlt
MaskBlt
SetPixelV
AbortDoc
SetAbortProc
EndDoc
StartPage
StartDocA
EndPage
GetKerningPairsA
GetFontData
GetGlyphOutlineA
GetOutlineTextMetricsA
ExtEscape
GetCharABCWidthsA
SetBoundsRect
Escape
GetBoundsRect
GetCharWidthA
GetTextCharacterExtra
GetAspectRatioFilterEx
GetTextFaceA
GetTextAlign
GetTextMetricsA
ExtFloodFill
FloodFill
TextOutA
StretchBlt
PatBlt
GetPixel
Rectangle
PolyPolygon
RoundRect
Pie
Ellipse
CloseFigure
Polyline
Arc
Chord
RectVisible
PtVisible
GetCurrentPositionEx
InvertRgn
FrameRgn
PaintRgn
LPtoDP
DPtoLP
FillRgn
GetWindowOrgEx
GetViewportExtEx
GetWindowExtEx
GetMapMode
GetTextColor
GetViewportOrgEx
GetROP2
GetPolyFillMode
GetStretchBltMode
GetBkColor
UpdateColors
GetBkMode
EnumObjects
SetBrushOrgEx
GetNearestColor
CreateICA
CreateDCA
GetBrushOrgEx
PtInRegion
GetRgnBox
RectInRegion
EqualRgn
CombineRgn
OffsetRgn
GetRegionData
ExtCreateRegion
SetRectRgn
CreateRoundRectRgn
CreatePolyPolygonRgn
PathToRegion
CreateEllipticRgnIndirect
CreateEllipticRgn
CreatePolygonRgn
CreateRectRgn
ResizePalette
CreateRectRgnIndirect
AnimatePalette
SetPaletteEntries
GetNearestPaletteIndex
AbortPath
GetCharWidthFloatA
GetCharABCWidthsFloatA
GetClipRgn
CreateHalftonePalette
CreateDiscardableBitmap
GetPaletteEntries
GetBitmapDimensionEx
SetBitmapDimensionEx
CreateCompatibleBitmap
SetBitmapBits
CreateBitmapIndirect
GetBitmapBits
CreateFontIndirectA
CreateDIBPatternBrushPt
CreateFontA
CreateBrushIndirect
CreateHatchBrush
CreatePatternBrush
ExtCreatePen
CreatePenIndirect
CreateSolidBrush
GetObjectType
UnrealizeObject
CreatePen
CloseEnhMetaFile
CreateEnhMetaFileA
ExtTextOutA
CreateMetaFileA
GetClipBox
CloseMetaFile
GetTextCharset
CreateDIBitmap
GetDCOrgEx
CreatePalette
GetDIBits
RealizePalette
SetPixel
StretchDIBits
SetDIBits
GetSystemPaletteEntries
SelectPalette
GetDeviceCaps
PlayEnhMetaFile
DeleteEnhMetaFile
SetWinMetaFileBits
GetObjectA
CreateBitmap
GetTextExtentPoint32A
SelectObject
SetBkColor
CreateCompatibleDC
SetTextColor
DeleteDC
BitBlt
DeleteObject
EndPath
GetStockObject
FlattenPath
GetMiterLimit
FillPath
SetMiterLimit
StrokeAndFillPath
GetPath
WidenPath
GdiComment
StrokePath
RestoreDC
SetBkMode
SaveDC
SetMapMode
SetViewportOrgEx
SetStretchBltMode
SetViewportExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
OffsetWindowOrgEx
SetWindowExtEx
SetWindowOrgEx
SelectClipRgn
ExcludeClipRect
ScaleWindowExtEx
OffsetClipRgn
MoveToEx
IntersectClipRect
SetTextAlign
GetTextExtentPointA
CopyMetaFileA
EnumFontFamiliesExA
DeleteMetaFile
PlayMetaFile
EnumMetaFile
PolylineTo
SetColorAdjustment
SetTextJustification
LineTo
PolyBezierTo
SetMapperFlags
SetTextCharacterExtra
PolyDraw
SetArcDirection
ArcTo

comdlg32

PrintDlgA
PageSetupDlgA
FindTextA
ReplaceTextA
CommDlgExtendedError
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA
GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueA
RegQueryValueExA
GetFileSecurityA
RegCreateKeyA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegEnumValueA
RegSetValueExA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
ControlService
StartServiceA
QueryServiceStatus
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
SetSecurityDescriptorOwner
GetTokenInformation
SetFileSecurityA
InitializeSecurityDescriptor
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
AddAccessAllowedAce
LookupPrivilegeValueA
GetLengthSid
LookupAccountNameA
InitializeAcl
GetSidSubAuthority
GetSidSubAuthorityCount
CopySid
FreeSid
EqualSid
GetSidIdentifierAuthority
RegGetKeySecurity
AddAce
RegSetValueA
RegCreateKeyExA
AllocateAndInitializeSid
GetUserNameA
RegSetKeySecurity
RegQueryInfoKeyA

shell32

DragQueryFileA
DragFinish
ExtractIconA
DragAcceptFiles
SHGetFileInfoA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA

comctl32

_TrackMouseEvent
ord13
ImageList_GetIcon
ord17
ImageList_LoadImageA
ImageList_Destroy
ImageList_Create
ImageList_Write
ImageList_Merge
ImageList_Read
ImageList_Add
ord14
ImageList_GetImageCount
ImageList_Replace
ImageList_AddMasked
ImageList_Remove
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetBkColor
ImageList_SetOverlayImage
ImageList_DragMove
ImageList_BeginDrag
ImageList_EndDrag
ImageList_GetDragImage
ImageList_SetDragCursorImage
ImageList_DragShowNolock
ImageList_SetImageCount
ImageList_DragEnter
ImageList_DragLeave
PropertySheetA
ImageList_Copy
ord8
DestroyPropertySheetPage
CreatePropertySheetPageA

wsock32

htonl
setsockopt
socket
getsockname
closesocket
bind
inet_addr
WSAAsyncSelect
WSAGetLastError
recvfrom
connect
ioctlsocket
recv
shutdown
send
htons
sendto

oledlg

ord9
ord3
ord7
ord6
ord5
ord1
ord4
ord11
ord12
ord8

ole32

OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreateFromFile
OleSetContainedObject
StringFromCLSID
OleLockRunning
OleGetClipboard
RevokeDragDrop
RegisterDragDrop
OleIsRunning
OleRun
CoLockObjectExternal
WriteClassStg
GetRunningObjectTable
OleFlushClipboard
OleSetClipboard
OleIsCurrentClipboard
OleLoad
OleCreateLinkToFile
GetHGlobalFromILockBytes
CoGetMalloc
CoDisconnectObject
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CreateItemMoniker
CreateGenericComposite
CreateStreamOnHGlobal
CLSIDFromString
WriteClassStm
CoTaskMemFree
ReleaseStgMedium
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoCreateInstance
StgCreateDocfile
OleCreate
StgIsStorageILockBytes
OleSave
StgOpenStorageOnILockBytes
OleGetIconOfClass
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CLSIDFromProgID
CreateFileMoniker
OleSaveToStream
OleQueryCreateFromData
OleQueryLinkFromData
OleSetMenuDescriptor
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
SetConvertStg
WriteFmtUserTypeStg
ReadFmtUserTypeStg
ReadClassStg
CoTreatAsClass
DoDragDrop
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoRegisterClassObject
CoRevokeClassObject
GetClassFile
CoGetClassObject
StringFromGUID2
CoRegisterMessageFilter
StgIsStorageFile
StgOpenStorage
CreateOleAdviseHolder

olepro32

ord253

oleaut32

SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayPutElement
SafeArrayAllocData
SafeArrayCopy
SafeArrayAllocDescriptor
VarDateFromStr
VarBstrFromCy
VarBstrFromDate
SysStringByteLen
VariantChangeType
VarCyFromStr
SysAllocString
VariantCopy
SysAllocStringByteLen
SafeArrayRedim
SafeArrayGetLBound
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetDim
DosDateTimeToVariantTime
SafeArrayGetElemsize
SysAllocStringLen
SysFreeString
VariantClear
LoadTypeLi
SysStringLen
VariantTimeToSystemTime
SysReAllocStringLen
SafeArrayCreateVector
VariantInit
SafeArrayDestroyDescriptor
GetErrorInfo
SetErrorInfo
CreateErrorInfo

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 372KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 972KB - Virtual size: 969KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INFDRV.dll
.dll windows:4 windows x86 arch:x86

4d9dbab255f9bb83059660eeba980a77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SUnMapLS_IP_EBP_12
SMapLS_IP_EBP_16
SUnMapLS_IP_EBP_16
SMapLS_IP_EBP_20
SUnMapLS_IP_EBP_20
SMapLS_IP_EBP_24
SUnMapLS_IP_EBP_24
SMapLS_IP_EBP_28
SUnMapLS_IP_EBP_28
ThunkConnect32
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SMapLS_IP_EBP_12
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
GetModuleFileNameA
SUnMapLS_IP_EBP_12
SMapLS_IP_EBP_16
SUnMapLS_IP_EBP_16
SMapLS_IP_EBP_20
SUnMapLS_IP_EBP_20
SMapLS_IP_EBP_24
SUnMapLS_IP_EBP_24
SMapLS_IP_EBP_28
SUnMapLS_IP_EBP_28
ThunkConnect32
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SMapLS_IP_EBP_12
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Exports

Exports

CheckExtensionsPresent32
DllGetVersion
ExtGetDriveParameter32
ExtLockDrive32
ExtReadPhysicalSector32
ExtUnlockDrive32
ExtWritePhysicalSector32
GetDriveParameter32
GetDriveType32
ReadPhysicalSector32
ReadSectorsFromCD
ResetDrive32
WritePhysicalSector32

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
INFTHK.dll
NtFsLdf20.sys
.sys windows:5 windows x86 arch:x86

84bd2e1222f17498e66db2fd8771c868

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
DbgPrint
IofCallDriver
memmove
IofCompleteRequest
swprintf
_except_handler3
_allmul
IoDetachDevice
ZwClose
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
KeQuerySystemTime
PsGetCurrentThreadId
PsGetCurrentProcessId
wcslen
RtlAnsiStringToUnicodeString
sprintf
IoRegisterBootDriverReinitialization
IoDeleteDevice
ExAllocatePoolWithTag
_wcsnicmp
RtlEqualUnicodeString
ObfDereferenceObject
IoAttachDeviceToDeviceStack
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
wcscpy
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
KeGetCurrentThread
IoAllocateIrp
wcscmp
ZwReadFile
_aullshr
ZwWriteFile
ExReleaseResourceLite
wcsncmp
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
_alldiv
strncmp
KeInitializeSpinLock
ExInitializeResourceLite
ExInitializeNPagedLookasideList
ExFreePool
ZwQueryValueKey
ZwOpenKey

hal

KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NtFsLdf20_40.sys
.sys windows:4 windows x86 arch:x86

c67b62d215a84625daed72173b72c9eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeSpinLock
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCallDriver
memmove
IofCompleteRequest
swprintf
IoDetachDevice
ZwClose
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
KeQuerySystemTime
PsGetCurrentThreadId
PsGetCurrentProcessId
wcslen
RtlAnsiStringToUnicodeString
sprintf
ZwQueryValueKey
KeInitializeEvent
ExAllocatePoolWithTag
RtlEqualUnicodeString
IoAttachDeviceToDeviceStack
ObfDereferenceObject
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
wcscpy
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
KeGetCurrentThread
IoAllocateIrp
wcscmp
ZwReadFile
ZwWriteFile
ExReleaseResourceLite
wcsncmp
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
strncmp
RtlUnwind
ExInitializeResourceLite
ExInitializeNPagedLookasideList
DbgPrint
ExFreePool
ZwOpenKey
_wcsnicmp

hal

ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.TXT
Uninst.isu
WDelMgr20.exe
.exe windows:4 windows x86 arch:x86

6187c0a569e08be68c323793702fe9c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDrives
GetDriveTypeA
MultiByteToWideChar
DeviceIoControl
CreateFileA
GetLastError
GetModuleFileNameA
CloseHandle
OutputDebugStringA
HeapFree
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
LCMapStringA
LCMapStringW
SetFilePointer
GetStringTypeA
GetStringTypeW
GetProcAddress
LoadLibraryA
SetStdHandle
FlushFileBuffers

advapi32

RegCreateKeyExA
DeregisterEventSource
QueryServiceStatus
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegisterEventSourceA
ReportEventA
StartServiceA
ControlService
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
CreateServiceA
DeleteService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegCreateKeyA

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
keygen注册机.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ntfsldf20.exe
.exe windows:4 windows x86 arch:x86

969e1ef90df89c671c3b07077d62a0c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord3567
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord2621
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3698
ord1146
ord1168
ord567
ord324
ord2302
ord4234
ord2076
ord3092
ord4710
ord2379
ord755
ord470
ord6334
ord4047
ord2362
ord2301
ord3095
ord1199
ord2642
ord2514
ord765
ord602
ord641
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5065
ord4673
ord1576

msvcrt

_setmbcp
_access
__CxxFrameHandler
system
sprintf
_execl
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_except_handler3
__set_app_type
__p__fmode
__p__commode
_controlfp

kernel32

GetWindowsDirectoryA
GetModuleFileNameA
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetDriveTypeA
GetLogicalDrives
CloseHandle
WriteFile
CreateFileA
SetFileAttributesA
CreateDirectoryA
GetLastError
GetCurrentProcess
LocalFree
FormatMessageA
Sleep
CopyFileA
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
GetSystemDirectoryA
GetStartupInfoA
GetModuleHandleA

user32

EnableWindow
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
IsWindowVisible
KillTimer
IsIconic
GetSystemMetrics
DrawIcon
SendMessageA
GetClientRect
SetTimer
BringWindowToTop
LoadIconA

advapi32

RegCreateKeyA
CreateServiceA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
ControlService
StartServiceA
QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitiateSystemShutdownA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
RegQueryValueExA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html
中文README.TXT
使用说明.txt

Sharing

General

Malware Config

Signatures

Files

3e19f6d8072c013ab8be1e5067f82b80

Headers

File Characteristics

Imports

mpr

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

wsock32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 288KB - Virtual size: 285KB

.data Size: 372KB - Virtual size: 2.3MB

.rsrc Size: 972KB - Virtual size: 969KB

4d9dbab255f9bb83059660eeba980a77

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

84bd2e1222f17498e66db2fd8771c868

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 416B - Virtual size: 388B

.data Size: 5KB - Virtual size: 5KB

PAGE Size: 4KB - Virtual size: 4KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 960B - Virtual size: 960B

.reloc Size: 1KB - Virtual size: 1KB

c67b62d215a84625daed72173b72c9eb

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 5KB

PAGE Size: 8KB - Virtual size: 8KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 960B - Virtual size: 936B

.reloc Size: 1KB - Virtual size: 1KB

6187c0a569e08be68c323793702fe9c7

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 456B

Headers

File Characteristics

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 288KB - Virtual size: 285KB

.data
Size: 372KB - Virtual size: 2.3MB

.rsrc
Size: 972KB - Virtual size: 969KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 416B - Virtual size: 388B

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 960B - Virtual size: 960B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 8KB - Virtual size: 8KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 960B - Virtual size: 936B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 456B

.text
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 24KB

.aspack
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 28KB