df829cf9b99d4df1f0bb71814f68db29

Sharing

Copy URL Twitter E-mail

General

Target

df829cf9b99d4df1f0bb71814f68db29
Size

1.1MB
MD5

df829cf9b99d4df1f0bb71814f68db29
SHA1

b5aab3d34515b65a43e91921c50b48f570fb5d22
SHA256

6d533073b665a3b389c4af7ad65d739ac82deb235b21d467f7f36552de09a5e3
SHA512

a5e81657cfdf778dc6595f69e8c8d2596a5f556fbdbfd56ac20618e33ad91483984816a384d40fd4661169fca3912d54259a3c4781cacf6cfe9e9f80bffd36a9
SSDEEP

24576:8ooGRS55SVcFEs2CHlrWodsHj+MdGWm/NhZ+kefH6:VoKWFSuBPsSMYXN/+kei

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/封包工具----CF1.70刷枪黄金百城茉莉粉红系列村正等/cc/CCProxy.exe

Files

df829cf9b99d4df1f0bb71814f68db29
.rar
封包工具----CF1.70刷枪黄金百城茉莉粉红系列村正等/11.jpg
.jpg
封包工具----CF1.70刷枪黄金百城茉莉粉红系列村正等/cc/AccInfo.ini
封包工具----CF1.70刷枪黄金百城茉莉粉红系列村正等/cc/CCProxy.exe
.exe windows:4 windows x86 arch:x86

1d7a96a8343bed9223f3902c680fe19e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAAccept
WSARecvFrom
WSASocketA
gethostbyname
setsockopt
recv
__WSAFDIsSet
select
closesocket
sendto
htons
socket
ntohs
send
recvfrom
WSAGetLastError
WSAAddressToStringA
getsockname
accept
listen
WSAConnect
bind
ntohl
inet_addr
htonl
inet_ntoa
WSASendTo
WSAStartup
connect

kernel32

TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
FindResourceExA
GetCurrentDirectoryA
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesA
GetFileTime
LocalReAlloc
SetErrorMode
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalFlags
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
FileTimeToLocalFileTime
VirtualProtect
SetLastError
MulDiv
FormatMessageA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalDeleteAtom
lstrcmpW
lstrcpynA
GetModuleHandleA
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSize
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
CreateNamedPipeA
ConnectNamedPipe
FlushFileBuffers
DisconnectNamedPipe
CreateFileA
ResetEvent
FileTimeToSystemTime
MapViewOfFile
GetCurrentProcessId
DuplicateHandle
DeviceIoControl
UnmapViewOfFile
GetProcessHeap
HeapFree
OpenProcess
TerminateProcess
lstrcmpiA
LocalAlloc
GlobalFree
LocalFree
GetPrivateProfileIntA
LeaveCriticalSection
CreateDirectoryA
SetEvent
CreateEventA
WaitForSingleObject
GetProcAddress
FindFirstFileA
FindNextFileA
FindClose
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
TerminateThread
CreateThread
WinExec
GetCurrentProcess
GetTickCount
GlobalFindAtomA
GlobalAddAtomA
RaiseException
DeleteCriticalSection
InitializeCriticalSection
WriteFile
ReadFile
lstrcpyA
lstrcatA
CreateMutexA
GetLastError
CloseHandle
Sleep
GetComputerNameA
lstrlenA
GetSystemTime
DeleteFileA
InterlockedDecrement
CopyFileA
WritePrivateProfileStringA
EnterCriticalSection
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetLocalTime
GetModuleFileNameA
GetPrivateProfileStringA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

CharNextA
IsRectEmpty
SetRect
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
WindowFromPoint
DestroyMenu
SetWindowContextHelpId
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
MapDialogRect
GetAsyncKeyState
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuStringA
SetMenuItemBitmaps
GetMenuState
EnableMenuItem
GetMenuCheckMarkDimensions
ShowWindow
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
IsWindowVisible
GetMenu
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
CallWindowProcA
SetWindowPos
OffsetRect
IntersectRect
GetWindowPlacement
CopyRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharUpperA
LoadBitmapA
UpdateWindow
MsgWaitForMultipleObjects
KillTimer
MessageBoxA
FillRect
DefWindowProcA
RegisterClassA
SetCapture
RedrawWindow
ReleaseDC
GetDC
InflateRect
LoadCursorA
CopyIcon
GetSysColor
SetWindowLongA
SetCursor
ReleaseCapture
MessageBeep
LoadIconA
SetForegroundWindow
IsIconic
GetSystemMenu
LoadMenuA
ModifyMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
CheckMenuItem
AppendMenuA
DrawIcon
ExitWindowsEx
SetWindowTextA
GetCursorPos
UnregisterHotKey
RegisterHotKey
GetSystemMetrics
LoadImageA
wsprintfA
UnregisterClassA
GetClassInfoA
FindWindowA
PostMessageA
SetTimer
InvalidateRect
PtInRect
LoadStringA
GetKeyState
MoveWindow
GetWindowRect
ScreenToClient
GetDlgItem
IsWindow
GetClientRect
EnableWindow
GetParent
GetWindow
SendMessageA
SystemParametersInfoA

gdi32

EnumFontFamiliesExA
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
GetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateHatchBrush
CreatePen
DeleteDC
ExtSelectClipRgn
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetStockObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
QueryServiceStatus
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueA
CreateServiceA
DeleteService
ControlService
RegCreateKeyExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegSetValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
EnumServicesStatusA
QueryServiceConfigA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
Shell_NotifyIconA
ShellExecuteA

comctl32

ord17
ImageList_Destroy
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Duplicate

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CLSIDFromString
CoUninitialize

oleaut32

SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocString
VariantCopy
SafeArrayDestroy

wininet

HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
HttpSendRequestA
InternetOpenUrlA
InternetGetLastResponseInfoA
GetUrlCacheEntryInfoA

wsock32

WSACleanup

iphlpapi

GetIfTable
SendARP

Sections

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
封包工具----CF1.70刷枪黄金百城茉莉粉红系列村正等/cc/CCProxy.ini
封包工具----CF1.70刷枪黄金百城茉莉粉红系列村正等/cc/Language/ChineseGB.ini
封包工具----CF1.70刷枪黄金百城茉莉粉红系列村正等/eg/Config.ini
封包工具----CF1.70刷枪黄金百城茉莉粉红系列村正等/eg/data/Lang

Sharing

General

Malware Config

Signatures

Files

1d7a96a8343bed9223f3902c680fe19e

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

wsock32

iphlpapi

Sections

.text Size: 596KB - Virtual size: 595KB

.rdata Size: 124KB - Virtual size: 120KB

.data Size: 16KB - Virtual size: 210KB

.rsrc Size: 428KB - Virtual size: 424KB

.text
Size: 596KB - Virtual size: 595KB

.rdata
Size: 124KB - Virtual size: 120KB

.data
Size: 16KB - Virtual size: 210KB

.rsrc
Size: 428KB - Virtual size: 424KB