0411ca58b4d99f9f7abc6854b675547dbfd34dac076109b4b97466094163db19

Sharing

Copy URL Twitter E-mail

General

Target

0411ca58b4d99f9f7abc6854b675547dbfd34dac076109b4b97466094163db19
Size

1.0MB
MD5

689e434c67cff5f4f78e291424a9e3cb
SHA1

2a82a8fc5ca49b23517a68dfcba1183da73de01d
SHA256

0411ca58b4d99f9f7abc6854b675547dbfd34dac076109b4b97466094163db19
SHA512

7228564ac5c85c4328556410bded42da2286c57cf73f1b90bee132eb424def84deb10ae5ed7bfb2d542294f99f507f559cdbdd2a65513ac4e20f4841cf82140d
SSDEEP

24576:rWN/mEUGrvz/myivTS2u5fYKjHeWBaNzjGaF5roJm/89IwcuvNL:e7U4ruyirSXVDepNfGaF5roW8Bcuvx

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
0411ca58b4d99f9f7abc6854b675547dbfd34dac076109b4b97466094163db19
unpack001/$PLUGINSDIR/Inetc.dll
unpack001/$PLUGINSDIR/Md5dll.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/xID.dll
unpack001/GreenDou.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

0411ca58b4d99f9f7abc6854b675547dbfd34dac076109b4b97466094163db19
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/open.ini
$PLUGINSDIR/xID.dll
.dll windows:4 windows x86 arch:x86

715be865ece3b4ce0e06723171737a50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
CreateFileA
CloseHandle

user32

IsCharAlphaNumericA
wsprintfA

iphlpapi

GetAdaptersInfo

Exports

Exports

GetHardDiskID
GetNetCardID

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 415B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GreenDou.exe
.exe windows:4 windows x86 arch:x86

044ca93f34942708226bc464922f7940

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FindCloseUrlCache
InternetSetOptionW
InternetGetConnectedState
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetQueryOptionW
GetUrlCacheEntryInfoW

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup

mfc42u

ord3494
ord2507
ord355
ord4273
ord6279
ord6278
ord6445
ord2719
ord6466
ord2722
ord2721
ord6919
ord6868
ord6004
ord3282
ord3292
ord3298
ord2755
ord801
ord5857
ord541
ord2644
ord1662
ord3909
ord5031
ord4450
ord1833
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4334
ord4341
ord4714
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord5236
ord3743
ord1718
ord4426
ord818
ord1235
ord365
ord784
ord4236
ord2680
ord465
ord466
ord2233
ord1594
ord610
ord841
ord6285
ord6135
ord968
ord287
ord857
ord856
ord850
ord1565
ord3465
ord455
ord2756
ord3000
ord2127
ord5277
ord5256
ord4875
ord2842
ord6139
ord927
ord6655
ord5438
ord3313
ord2776
ord6654
ord1197
ord1196
ord3993
ord5852
ord5506
ord2449
ord1640
ord429
ord4606
ord4604
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord5303
ord5285
ord5710
ord3733
ord815
ord561
ord4041
ord2137
ord2136
ord6221
ord5227
ord5243
ord2124
ord4595
ord2550
ord617
ord1131
ord824
ord2613
ord1215
ord5208
ord296
ord5431
ord1676
ord1666
ord2620
ord5976
ord2633
ord4117
ord6210
ord6192
ord4293
ord5944
ord3083
ord3866
ord3869
ord3868
ord6194
ord4281
ord4278
ord3132
ord3791
ord5715
ord6088
ord3519
ord4027
ord6091
ord4030
ord2541
ord2425
ord426
ord726
ord826
ord2717
ord1105
ord1563
ord1194
ord3025
ord1220
ord1203
ord2812
ord3806
ord3568
ord4470
ord843
ord271
ord2350
ord2290
ord860
ord536
ord4109
ord6871
ord3792
ord6867
ord4199
ord3087
ord4770
ord4718
ord4532
ord6617
ord397
ord699
ord1851
ord4241
ord3864
ord2119
ord2383
ord5096
ord5099
ord3345
ord975
ord2875
ord2375
ord4431
ord700
ord802
ord398
ord542
ord4462
ord4148
ord5251
ord3368
ord4422
ord3646
ord5597
ord5651
ord2225
ord4451
ord1202
ord6238
ord4184
ord6565
ord2757
ord5491
ord2078
ord4219
ord693
ord6374
ord5480
ord6865
ord5026
ord4767
ord5280
ord5605
ord2769
ord6498
ord5618
ord1229
ord4331
ord912
ord5589
ord6563
ord4616
ord804
ord609
ord798
ord1989
ord6403
ord924
ord5188
ord533
ord616
ord5461
ord4183
ord690
ord1980
ord5201
ord389
ord4078
ord2862
ord4270
ord3737
ord2836
ord2099
ord3716
ord3393
ord3728
ord772
ord810
ord795
ord6138
ord500
ord5274
ord3808
ord5856
ord2637
ord1808
ord326
ord2579
ord4400
ord3389
ord3724
ord6898
ord1771
ord6777
ord3991
ord3296
ord6879
ord6896
ord6667
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord2567
ord4390
ord3569
ord2291
ord2634
ord6399
ord2574
ord4396
ord3365
ord3635
ord2140
ord3905
ord1941
ord2115
ord4238
ord3281
ord6003
ord4029
ord6732
ord6776
ord3133
ord6597
ord4524
ord729
ord809
ord430
ord556
ord1088
ord2114
ord2496
ord1699
ord2423
ord2559
ord2746
ord2706
ord562
ord5777
ord3701
ord5778
ord2855
ord4128
ord4292
ord2373
ord2400
ord539
ord3348
ord470
ord384
ord2088
ord2857
ord2445
ord5879
ord4279
ord4282
ord5867
ord5878
ord6354
ord686
ord3211
ord940
ord5679
ord4272
ord4155
ord941
ord3867
ord6375
ord6193
ord354
ord3871
ord922
ord925
ord5180
ord6381
ord1971
ord665
ord6451
ord2294
ord3747
ord6190
ord3879
ord4221
ord1158
ord4015
ord1191
ord956
ord293
ord2505
ord2112
ord2916
ord5880
ord2108
ord3725
ord5058
ord1708
ord1703
ord5080
ord4360
ord3290
ord4263
ord1921
ord3170
ord1657
ord3443
ord6237
ord5886
ord2932
ord4055
ord1712
ord3572
ord3347
ord4391
ord807
ord736
ord439
ord567
ord554
ord656
ord3574
ord3269
ord5681
ord4538
ord3605
ord3397
ord6330
ord2914
ord2606
ord1225
ord4197
ord4124
ord5706
ord6874
ord942
ord2910
ord5568
ord4294
ord4788
ord5048
ord6211
ord4766
ord6195
ord537
ord5977
ord4421
ord4407
ord1165
ord1230
ord5250
ord4211
ord674
ord401
ord2437
ord4430
ord1658
ord2641
ord5279
ord2374
ord5233
ord4072
ord4147
ord2873
ord2874
ord3398
ord5468
ord976
ord5006
ord3346
ord4298
ord5098
ord5094
ord3054
ord2382
ord2715
ord2093
ord5095
ord4240
ord1850
ord2859
ord4704
ord4229
ord2362
ord2293
ord324
ord641
ord3592
ord4419
ord4621
ord3257
ord5059
ord5276
ord5157
ord1767
ord6048
ord2506
ord4992
ord4847
ord4370
ord4768
ord5261
ord2568
ord4212
ord4638
ord1569
ord4253

msvcrt

__CxxFrameHandler
_wcsicmp
wcscmp
_ftol
fclose
fwrite
_wfopen
_itow
wcsstr
wcslen
memmove
strstr
sprintf
wcscpy
malloc
_wstat
_wmkdir
wcsncpy
wcschr
swprintf
wcscat
free
_wcsnicmp
_except_handler3
rand
srand
time
_wcsdup
realloc
_purecall
wcsncmp
strlen
strtod
_iob
fprintf
longjmp
fabs
_setjmp3
abort
strcpy
wcstod
swscanf
qsort
_wcslwr
sqrt
iswalpha
wcstok
vswprintf
pow
memcmp
memcpy
abs
memset
_wtoi
_wtol
wcsrchr
wcstol
atof
fread
strncpy
_vsnprintf
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
calloc
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc
IsDBCSLeadByteEx
ReadFile
SetFilePointer
ResumeThread
GetPrivateProfileIntW
GetVersion
ExpandEnvironmentStringsW
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetWindowsDirectoryW
UnmapViewOfFile
OpenProcess
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrcatW
lstrcpyW
GetModuleHandleW
GetShortPathNameW
InitializeCriticalSection
GetCurrentThreadId
lstrcmpiW
GetFileAttributesW
SetFileAttributesW
TerminateThread
DeleteCriticalSection
HeapDestroy
GetCommandLineW
CreateSemaphoreW
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
ReleaseMutex
CreateThread
QueryPerformanceFrequency
GetVersionExW
SetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
GlobalSize
GlobalAlloc
QueryPerformanceCounter
GetModuleFileNameW
GetPrivateProfileStringW
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
lstrlenW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
GlobalLock
MultiByteToWideChar
GlobalUnlock
CreateFileW
GetFileSize
CloseHandle
CopyFileW
GetLastError
GetLocalTime
GetCurrentProcess
SetProcessWorkingSetSize
Sleep
GlobalMemoryStatus
MulDiv
LockResource
LoadResource
FindResourceW
GetModuleHandleA
SizeofResource
GetTickCount
GetCurrentProcessId
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
lstrcmpA
GetPrivateProfileSectionNamesW
GetTempFileNameW
GetTempPathW
SetThreadPriority
GetExitCodeThread
GetCurrentDirectoryW
CompareStringW
LoadLibraryExW
VirtualProtect
VirtualQuery
lstrcpynW
LocalSize
GetStartupInfoW

user32

GetCursorPos
PtInRect
SendMessageW
ClientToScreen
CreateMenu
AppendMenuW
IsZoomed
DestroyIcon
LoadMenuW
wsprintfW
ScreenToClient
UpdateWindow
SetMenu
GetLastActivePopup
SetForegroundWindow
IsIconic
FindWindowW
GetSystemMetrics
CharNextW
DestroyWindow
ReleaseDC
GetDC
DefWindowProcW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
EndPaint
BeginPaint
IsChild
GetFocus
CallWindowProcW
GetWindowRect
SetCapture
EnumChildWindows
FindWindowExW
WindowFromPoint
InvalidateRect
GetWindowDC
GetDesktopWindow
RegisterWindowMessageW
OffsetRect
SetPropW
LoadStringW
UnregisterHotKey
CheckMenuItem
SetWindowRgn
BringWindowToTop
GetClassInfoW
GetWindowTextW
GetClassNameW
RegisterHotKey
keybd_event
MapVirtualKeyW
LoadImageW
CreatePopupMenu
MoveWindow
SystemParametersInfoW
GetMonitorInfoW
MonitorFromRect
InflateRect
SetFocus
SetWindowPos
GetSysColor
PeekMessageW
SetCursor
SetRectEmpty
SetClassLongW
GetClassLongW
SetRect
DrawFrameControl
DrawFocusRect
GetSystemMenu
EnableWindow
IntersectRect
GetClientRect
LoadIconW
DrawIconEx
PostMessageW
GetParent
IsWindow
IsWindowVisible
GetWindow
SetTimer
KillTimer
GetMenuStringW
RegisterClipboardFormatW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetKeyState
RedrawWindow
ReleaseCapture
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DestroyMenu
IsMenu
GetMenuDefaultItem
DrawStateW
GetMenu
GetMenuItemInfoW
IsRectEmpty
MessageBeep
GetNextDlgTabItem
ShowCaret
HideCaret
GetDlgCtrlID
GetWindowRgn
CopyRect
SetParent
GetForegroundWindow
EqualRect
DispatchMessageW
GetMessageW
GetCapture
TranslateMessage
InvertRect
GetDCEx
LockWindowUpdate
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
TabbedTextOutW
DrawTextW
GrayStringW
CreateIconFromResourceEx
CopyIcon
GetIconInfo
CreateIconIndirect
TrackPopupMenu
GetMessagePos
DestroyAcceleratorTable
TranslateAcceleratorW
CopyAcceleratorTableW
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
ToUnicodeEx
GetKeyboardState
GetKeyboardLayoutList
CharUpperW
CreateAcceleratorTableW
InsertMenuW
MapWindowPoints
ShowWindow
IsClipboardFormatAvailable
IsDialogMessageW
FillRect
UnionRect
EndDeferWindowPos
BeginDeferWindowPos
SetCursorPos
LookupIconIdFromDirectoryEx
SetActiveWindow
GetActiveWindow
GetCursor
GetDoubleClickTime
GetDlgItem
DrawEdge
SendMessageTimeoutW
AdjustWindowRectEx
SetWindowLongA
GetWindowLongA
IsWindowUnicode
EnableMenuItem
DeleteMenu
IsWindowEnabled
GetClipboardFormatNameW
GetScrollInfo
GetNextDlgGroupItem
GetClipboardData
GetMenuItemID
ModifyMenuW
GetMenuState
GetMenuItemCount
GetSubMenu

gdi32

SetTextColor
CreateBitmap
CreateDIBSection
SetStretchBltMode
GetDIBits
SetDIBits
StretchBlt
GetCurrentObject
CreatePatternBrush
GetRgnBox
CreatePolygonRgn
RoundRect
ExtCreateRegion
CreateFontW
GetBitmapBits
CombineRgn
CreateFontIndirectW
Polygon
EnumFontFamiliesExW
Escape
ExtTextOutW
GetViewportOrgEx
GetMapMode
GetTextCharsetInfo
OffsetRgn
CreatePalette
CreateDIBitmap
SelectPalette
ExtFloodFill
Ellipse
SetBrushOrgEx
SetBkMode
GetPixel
PtVisible
RectVisible
SetBkColor
CreateSolidBrush
GetObjectW
GetTextMetricsW
GetTextColor
CreateRectRgnIndirect
SetPixel
CreateRoundRectRgn
GetTextExtentPoint32W
PatBlt
CreatePen
SelectObject
MoveToEx
LineTo
GetDeviceCaps
CreateDCW
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
GetStockObject
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
PtInRegion
CreateRectRgn
TextOutW

advapi32

RegCloseKey
RegOpenKeyW
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueW
RegQueryValueExW

shell32

Shell_NotifyIconW
DragFinish
SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoW
SHGetSpecialFolderPathW
DragQueryFileW

comctl32

ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_GetBkColor
FlatSB_GetScrollProp
ImageList_Remove
ImageList_Draw
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragEnter
_TrackMouseEvent
ImageList_Destroy
ImageList_GetIcon
ImageList_Add
ImageList_Create
ImageList_DrawIndirect
ImageList_ReplaceIcon

ole32

CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoTaskMemFree
CoGetClassObject
CoCreateInstance
OleUninitialize
DoDragDrop
OleInitialize

oleaut32

OleLoadPicturePath
VariantChangeTypeEx
SysAllocStringLen
LoadRegTypeLi
SysStringLen
RegisterTypeLi
LoadTypeLi
VariantInit
VariantClear
SysAllocString
SysFreeString

urlmon

CoInternetGetSession
URLDownloadToFileW

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

imagehlp

ImageDirectoryEntryToData

winmm

PlaySoundW

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ico/taobao.ico
profile/Defaults/CommandBars.ini
profile/Defaults/config.ini
profile/Defaults/last.ini
profile/Defaults/searchkeys.ini
profile/SearchEngine/baidu.ico
profile/SearchEngine/config.ini
profile/SearchEngine/google.ico
profile/SearchEngine/taobao.ico
profile/Template/start/images/dian.gif
.gif
profile/Template/start/images/header_bg.gif
.gif
profile/Template/start/images/header_logo.gif
.gif
profile/Template/start/images/logo.gif
.gif
profile/Template/start/images/logo2.gif
.gif
profile/Template/start/index.html
.html
profile/Template/start/left.html
.html .js polyglot
profile/Template/start/style.css
skin/Default/control/Button_Checked.png
.png
skin/Default/control/Button_Hover.png
.png
skin/Default/control/Button_Pressed.png
.png
skin/Default/control/MenuItem_Hover.png
.png
skin/Default/control/combo.png
.png
skin/Default/control/combo_dropdown.png
.png
skin/Default/control/combo_dropdown_hover.png
.png
skin/Default/control/combo_hover.png
.png
skin/Default/control/combosearch_dropdown.png
.png
skin/Default/control/combosearch_dropdown_hover.png
.png
skin/Default/control/mainframe.png
.png
skin/Default/control/progress.png
.png
skin/Default/control/sidebar_tab_active.png
.png
skin/Default/control/sidebar_tab_inactive.png
.png
skin/Default/control/skin_selector.png
.png
skin/Default/control/status_bar_bg.png
.png
skin/Default/control/tab_active.png
.png
skin/Default/control/tab_bg.png
.png
skin/Default/control/tab_close.png
.png
skin/Default/control/tab_close_hover.png
.png
skin/Default/control/tab_hover.png
.png
skin/Default/control/tab_inactive.png
.png
skin/Default/control/tab_new.png
.png
skin/Default/control/tab_new_hover.png
.png
skin/Default/control/tab_sidebar.png
.png
skin/Default/control/tab_sidebar_hover.png
.png
skin/Default/control/title_bg.png
.png
skin/Default/control/win_close.png
.png
skin/Default/control/win_maximum.png
.png
skin/Default/control/win_minimize.png
.png
skin/Default/control/win_restore.png
.png
skin/Default/misc/16_ad_hunter.png
.png
skin/Default/misc/16_folder_closed.png
.png
skin/Default/misc/16_folder_open.png
.png
skin/Default/misc/16_open_in_bg.png
.png
skin/Default/misc/16_open_in_new.png
.png
skin/Default/misc/16_page.png
.png
skin/Default/misc/16_website_info.png
.png
skin/Default/misc/24_go.png
.png
skin/Default/misc/24_go2.png
.png
skin/Default/mskin.ini
skin/Default/shared/16_edit.png
.png
skin/Default/shared/16_new.png
.png
skin/Default/toolbar/16_favorites.png
.png
skin/Default/toolbar/16_favorites2.png
.png
skin/Default/toolbar/16_history.png
.png
skin/Default/toolbar/16_history2.png
.png
skin/Default/toolbar/16_new.png
.png
skin/Default/toolbar/16_new2.png
.png
skin/Default/toolbar/16_page_zoom.png
.png
skin/Default/toolbar/16_page_zoom2.png
.png
skin/Default/toolbar/16_search.png
.png
skin/Default/toolbar/16_search2.png
.png
skin/Default/toolbar/16_undo.png
.png
skin/Default/toolbar/16_undo2.png
.png
skin/Default/toolbar/24_back.png
.png
skin/Default/toolbar/24_back2.png
.png
skin/Default/toolbar/24_back3.png
.png
skin/Default/toolbar/24_forward.png
.png
skin/Default/toolbar/24_forward2.png
.png
skin/Default/toolbar/24_forward3.png
.png
skin/Default/toolbar/24_home.png
.png
skin/Default/toolbar/24_home2.png
.png
skin/Default/toolbar/24_new.png
.png
skin/Default/toolbar/24_new2.png
.png
skin/Default/toolbar/24_new3.png
.png
skin/Default/toolbar/24_refresh.png
.png
skin/Default/toolbar/24_refresh2.png
.png
skin/Default/toolbar/24_stop.png
.png
skin/Default/toolbar/24_stop2.png
.png

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 160KB - Virtual size: 159KB

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 912B

.data Size: 512B - Virtual size: 76B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 134B

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 836B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 160KB - Virtual size: 159KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 76B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 134B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 1024B - Virtual size: 573B

.rdata
Size: 512B - Virtual size: 415B

.reloc
Size: 512B - Virtual size: 48B

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 230KB - Virtual size: 229KB

.data
Size: 58KB - Virtual size: 73KB

.rsrc
Size: 109KB - Virtual size: 108KB