dfc6d9e8f45193c258fe8051a14e096b

Sharing

Copy URL Twitter E-mail

General

Target

dfc6d9e8f45193c258fe8051a14e096b
Size

1.3MB
MD5

dfc6d9e8f45193c258fe8051a14e096b
SHA1

705136f55ac42ab7adaddb11803031fc6c5ed7d5
SHA256

13ced5b2c79d394136edc678e61cf0dab27f42b649c97263dbfe824bccfbbf4a
SHA512

d29a48d780b79cd2907611917bc1109a2ec80a55f96873c4effeecb272170de989833471fdf1038e4aecd82c41e16e0de307fdc8d2eb1a43ef0a8e593bba6f17
SSDEEP

24576:oBegwYiwPFEbRputrFTbKrhzFT0IJ12DF4ln1gVIHvQOoxyGrO0a:oNj+PutrAdtuDGZ1gVII/xvrOD

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FeiQ/Plugins/OfficeChat.dll
unpack001/FeiQ/Plugins/OthelloGame.dll
unpack001/FeiQ/Plugins/ProgramShortCut.dll
unpack001/FeiQ/飞秋c.exe

Files

dfc6d9e8f45193c258fe8051a14e096b
.rar
FeiQ/Plugins/OfficeChat.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d1b9224380ce34fb4ff5f0c1d30745bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapSize
HeapReAlloc
GetACP
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
TerminateProcess
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExitProcess
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
RtlUnwind
GetShortPathNameA
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetLastError
lstrcpynA
lstrlenW
MulDiv
SetLastError
GlobalUnlock
GlobalFree
GetModuleFileNameA
GlobalLock
GlobalAlloc
lstrcmpA
GetCurrentThread
LocalFree
WideCharToMultiByte
InterlockedIncrement
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
lstrlenA
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetVersion
FindFirstFileA
FindClose
CreateFileA
GetFileInformationByHandle
CloseHandle
HeapCreate
GetFileAttributesA

user32

GetSysColorBrush
LoadCursorA
GetClassNameA
UnregisterClassA
LoadStringA
PtInRect
FillRect
DrawFocusRect
DestroyMenu
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
EndDialog
CreateDialogIndirectParamA
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
SetCursor
PostQuitMessage
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
GetTopWindow
MessageBoxA
SendMessageA
InvalidateRect
EnableWindow
SystemParametersInfoA
GetWindowRect
PostMessageA
LoadIconA
SetTimer
KillTimer
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DestroyWindow
CreateWindowExA
DestroyIcon
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
IsWindowVisible
InflateRect
GetClientRect
GetCursorPos
GetSubMenu
LoadMenuA
GetMenuItemID
GetMenuItemCount
GetMenu
SetForegroundWindow
GetDesktopWindow
FlashWindow
GetParent
GetKeyState
ReleaseDC
GetDC
CopyRect
GetSystemMetrics
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
IsIconic
GetWindowPlacement

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
BitBlt
GetTextMetricsA
GetDeviceCaps
DeleteObject
CreateCompatibleDC
CreateFontIndirectA
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateSolidBrush

comdlg32

ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegSetValueA
RegCloseKey
RegQueryValueA

shell32

ExtractIconA
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileA
DragFinish

comctl32

ImageList_Destroy
ord17

ole32

CoTaskMemAlloc
StringFromCLSID
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringByteLen
VariantClear
VariantCopy
SysAllocStringByteLen
VariantChangeType
SysStringLen
LoadTypeLi
GetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetPluginClsids
DllRegisterServer

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FeiQ/Plugins/OthelloGame.dll
.dll regsvr32 windows:4 windows x86 arch:x86

92a1e00edd78f5bf872936a7e76d4b86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3742
ord3663
ord3626
ord818
ord2414
ord825
ord4275
ord1168
ord2864
ord4224
ord1641
ord1146
ord800
ord6442
ord537
ord1233
ord283
ord755
ord640
ord5785
ord1640
ord323
ord470
ord2379
ord2863
ord2652
ord823
ord6199
ord3092
ord860
ord2582
ord4402
ord3370
ord3640
ord693
ord541
ord567
ord801
ord4243
ord6907
ord536
ord5861
ord3996
ord6143
ord6696
ord3998
ord6215
ord540
ord5265
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord3571
ord641
ord324
ord2370
ord2302
ord4234
ord5953
ord2818
ord4710
ord2546
ord1176
ord291
ord2086
ord858
ord4376
ord3089
ord4476
ord535
ord2814
ord3810
ord6283
ord6334
ord939
ord4274
ord2976
ord4837
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord5500
ord1132
ord6467
ord1131
ord6354
ord2915
ord3579
ord614
ord2623
ord290
ord4226
ord4003
ord1113
ord3237
ord1114
ord2486
ord1799
ord2727
ord2730
ord2729
ord1206
ord1223
ord446
ord743
ord1601
ord2393
ord924
ord3301
ord1200
ord3402
ord3721
ord3619
ord809
ord795
ord2614
ord556
ord5875
ord1088
ord2122
ord2860
ord3874
ord3797
ord6358
ord6197
ord2859
ord6880
ord941
ord5572
ord926
ord3081
ord2985
ord3262
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord6375
ord4441
ord826
ord269
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord4486
ord6055

msvcrt

__CxxFrameHandler
clock
_mbscmp
wcslen
_CxxThrowException
_mbsstr
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv

kernel32

LocalFree
lstrcatA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
lstrlenA
MultiByteToWideChar
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetLastError
WideCharToMultiByte
LocalAlloc

user32

GetSubMenu
EnableMenuItem
MessageBeep
GetMenu
MessageBoxA
GetParent
SendMessageA
InvalidateRect
UpdateWindow
PostMessageA
EnableWindow
LoadCursorA
CopyIcon
GetWindowRect
GetDC
ReleaseDC
InflateRect
PeekMessageA
PostQuitMessage
IsWindow
SetWindowLongA
SetCursor
PtInRect
ReleaseCapture
RedrawWindow
SetCapture
GetDesktopWindow
IsWindowVisible
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetMenuItemCount
GetMenuItemID
LoadBitmapA
LoadIconA

gdi32

CreateFontIndirectA
GetStockObject
CreateSolidBrush
GetTextExtentPoint32A
GetObjectA
BitBlt
CreateCompatibleDC

advapi32

RegQueryValueA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

ole32

OleRun
CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
GetErrorInfo
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetPluginClsids
DllRegisterServer

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FeiQ/Plugins/ProgramShortCut.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ed5153bf5057b08b5b37021603098148

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3631
ord800
ord683
ord641
ord860
ord540
ord567
ord324
ord825
ord2370
ord2302
ord4234
ord4710
ord4853
ord3226
ord1200
ord6283
ord6334
ord858
ord3499
ord2515
ord355
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord5500
ord1132
ord6467
ord1131
ord6354
ord2915
ord537
ord3579
ord614
ord2623
ord290
ord4226
ord4003
ord1113
ord3237
ord1114
ord2486
ord3663
ord541
ord801
ord341
ord654
ord823
ord926
ord2818
ord1799
ord2727
ord2730
ord4441
ord1206
ord6140
ord1775
ord1223
ord446
ord743
ord1601
ord2393
ord5861
ord5858
ord6883
ord2086
ord924
ord2764
ord693
ord1619
ord1622
ord5440
ord6383
ord5450
ord6394
ord2582
ord4402
ord3370
ord3640
ord3996
ord6696
ord6907
ord3998
ord5603
ord5608
ord4224
ord5981
ord6905
ord535
ord4220
ord2584
ord3654
ord2438
ord2455
ord6270
ord2863
ord1644
ord1146
ord4299
ord2379
ord668
ord1980
ord3181
ord2781
ord2770
ord356
ord1168
ord6453
ord1771
ord6366
ord2413
ord2024
ord4401
ord692
ord2841
ord1847
ord4275
ord3089
ord2864
ord4124
ord2380
ord2860
ord5875
ord2754
ord2859
ord2099
ord2107
ord755
ord470
ord3626
ord3571
ord640
ord2405
ord2414
ord5785
ord1641
ord6021
ord1640
ord323
ord5148
ord4837
ord3798
ord5290
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3597
ord4425
ord2729
ord5280
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord6052
ord2514
ord4998
ord4376
ord6143
ord5265

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
__CxxFrameHandler
_mbscmp
_CxxThrowException
wcslen
_onexit
??1type_info@@UAE@XZ
free

kernel32

LocalFree
lstrlenA
GetModuleFileNameA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersion
GetLastError
WideCharToMultiByte
LocalAlloc

user32

PtInRect
KillTimer
GetSystemMetrics
RegisterHotKey
LoadMenuA
GetSubMenu
GetCursorPos
SetCursorPos
MessageBoxA
EnableWindow
SendMessageA
UnregisterHotKey
InvalidateRect
GetSysColor
SetTimer
GetParent
DestroyIcon
GetClientRect
LoadImageA
CopyRect
DrawIcon
DrawEdge
GetWindowRect

gdi32

GetStockObject
CreateCompatibleBitmap
GetMapMode
CreateCompatibleDC
BitBlt

shell32

ExtractIconA
SHGetFileInfoA

ole32

CoCreateInstance
OleRun

oleaut32

GetErrorInfo
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetPluginClsids
DllRegisterServer

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FeiQ/新云软件.url
.url
FeiQ/飞秋c.exe
.exe windows:4 windows x86 arch:x86

5b42189de7923afbf07ce8e906bb60cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveInOpen
waveOutClose
waveOutOpen
waveInClose
sndPlaySoundA
PlaySoundA
waveInPrepareHeader
waveInUnprepareHeader
waveInReset
waveInStart
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveInAddBuffer
mixerGetNumDevs

iphlpapi

SendARP
GetAdaptersInfo

shlwapi

PathFileExistsA

mfc42

ord6061
ord5864
ord3596
ord2860
ord4133
ord4297
ord5788
ord472
ord283
ord6194
ord2859
ord5572
ord2915
ord5683
ord3706
ord3573
ord4299
ord6197
ord6380
ord2564
ord3817
ord6267
ord3911
ord5926
ord3619
ord2243
ord700
ord801
ord5594
ord6143
ord398
ord541
ord2841
ord2448
ord668
ord6883
ord6877
ord5710
ord2044
ord2107
ord1980
ord2781
ord2770
ord356
ord5861
ord6282
ord3055
ord924
ord4204
ord3439
ord2764
ord5440
ord6383
ord5450
ord6394
ord5834
ord922
ord2586
ord4405
ord3723
ord686
ord809
ord797
ord384
ord556
ord2135
ord2546
ord1176
ord291
ord4538
ord4123
ord1088
ord2122
ord2862
ord2096
ord5655
ord6241
ord6215
ord2116
ord5937
ord3061
ord3283
ord1768
ord2652
ord1669
ord3771
ord2431
ord3693
ord5787
ord6178
ord926
ord4278
ord4220
ord2584
ord3654
ord2814
ord2438
ord2455
ord6270
ord6605
ord1644
ord6134
ord6675
ord2935
ord2516
ord361
ord4202
ord4277
ord6136
ord4224
ord5608
ord4284
ord6453
ord6907
ord6696
ord6888
ord3452
ord665
ord1979
ord6010
ord837
ord920
ord5442
ord3318
ord5186
ord354
ord833
ord1572
ord1105
ord692
ord2380
ord5631
ord2393
ord816
ord562
ord4317
ord539
ord2358
ord2575
ord5053
ord6880
ord4160
ord6358
ord2567
ord2763
ord5781
ord1175
ord2919
ord2408
ord807
ord2097
ord554
ord6157
ord1187
ord2513
ord293
ord3692
ord802
ord542
ord1085
ord5601
ord5791
ord5356
ord5207
ord389
ord1228
ord5651
ord3127
ord3616
ord350
ord940
ord6663
ord859
ord536
ord1567
ord1997
ord6407
ord268
ord798
ord5194
ord533
ord5465
ord1264
ord2803
ord6385
ord3719
ord793
ord2086
ord3939
ord5632
ord6781
ord2713
ord3610
ord656
ord3301
ord3910
ord6007
ord3286
ord6762
ord1795
ord1871
ord6571
ord3920
ord2645
ord1929
ord4023
ord5271
ord3089
ord2917
ord1990
ord961
ord6312
ord4177
ord5773
ord2601
ord5187
ord3180
ord3183
ord3176
ord3507
ord3614
ord603
ord1969
ord273
ord2098
ord5571
ord6379
ord1949
ord772
ord500
ord6142
ord6442
ord2714
ord5860
ord3986
ord5606
ord1570
ord1197
ord4287
ord2089
ord3733
ord810
ord4271
ord6008
ord4000
ord3287
ord1269
ord2566
ord6743
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord6515
ord3803
ord6669
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord699
ord815
ord5593
ord397
ord561
ord617
ord2621
ord5214
ord296
ord1134
ord6438
ord1199
ord1247
ord912
ord2725
ord1622
ord3181
ord3185
ord1223
ord1206
ord3903
ord614
ord619
ord790
ord3175
ord3370
ord2582
ord4402
ord3640
ord693
ord4243
ord3996
ord3998
ord2077
ord3398
ord683
ord3303
ord3914
ord6905
ord538
ord3938
ord4694
ord5148
ord4188
ord3290
ord3752
ord3296
ord5786
ord3297
ord3702
ord773
ord2571
ord3754
ord501
ord5607
ord2762
ord1083
ord5600
ord1858
ord3495
ord1842
ord4216
ord4083
ord1859
ord1816
ord2580
ord4400
ord3630
ord3711
ord783
ord682
ord1270
ord1232
ord4285
ord2112
ord2093
ord3584
ord543
ord803
ord3223
ord3221
ord4386
ord1093
ord2593
ord777
ord2042
ord2753
ord6876
ord6740
ord6502
ord6784
ord275
ord3908
ord3698
ord765
ord326
ord3744
ord4047
ord836
ord5308
ord4779
ord5811
ord5482
ord2032
ord4411
ord4447
ord4335
ord4863
ord4975
ord5797
ord5479
ord1995
ord967
ord3717
ord791
ord523
ord4919
ord1948
ord5303
ord4699
ord5715
ord565
ord1576
ord817
ord4226
ord2256
ord3708
ord781
ord3763
ord1756
ord3317
ord5810
ord5481
ord2031
ord5796
ord5478
ord1971
ord966
ord3570
ord278
ord605
ord2299
ord3631
ord3226
ord2298
ord6889
ord6676
ord3716
ord6111
ord1908
ord4259
ord2291
ord2367
ord923
ord6662
ord3353
ord3741
ord5809
ord3438
ord4034
ord1601
ord6467
ord1799
ord2727
ord2730
ord2729
ord3237
ord5431
ord3348
ord4351
ord2989
ord3579
ord2625
ord2623
ord297
ord290
ord2486
ord2033
ord4003
ord446
ord743
ord3258
ord5575
ord2464
ord4033
ord1656
ord3443
ord3786
ord434
ord2029
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord2379
ord609
ord3574
ord4396
ord3874
ord6172
ord2452
ord2405
ord795
ord3721
ord2863
ord6128
ord6129
ord2864
ord3797

msvcrt

_setmbcp
__p__commode
_stricmp
_strdup
__p__fmode
__set_app_type
_controlfp
__CxxFrameHandler
_mbscmp
free
realloc
memmove
wcslen
strchr
atoi
strtoul
rand
srand
time
_ftol
sscanf
rename
_mbsnbcpy
toupper
strstr
malloc
_CxxThrowException
_mbsstr
_mbsicmp
_atoi64
strncpy
fclose
sprintf
fopen
_setjmp3
__CxxLongjmpUnwind
longjmp
_i64toa
atol
strtol
_CIpow
fread
ftell
fseek
fwrite
_mbccpy
_mbclen
_mbschr
_mbsnbcmp
wctomb
strerror
_errno
_mbsncmp
_mbsnicmp
_itoa
strcmp
_mbsicoll
_CIacos
_beginthreadex
_purecall
strtod
getenv
exit
printf
memcpy
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

kernel32

GetTickCount
CreateThread
ResumeThread
GetLastError
ExitThread
GetVersionExA
Sleep
FindResourceA
WriteProfileStringA
GetProfileStringA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GlobalLock
GetVersion
GetFileSize
UnmapViewOfFile
GetExitCodeThread
LocalAlloc
DeleteFileA
TerminateThread
SetFileTime
SetFileAttributesA
CreateFileA
CreateDirectoryA
WriteFile
WaitForSingleObject
SetProcessWorkingSetSize
GetCurrentProcess
WinExec
GetSystemDirectoryA
GlobalSize
FreeLibrary
GetProcAddress
LoadLibraryA
LockResource
LoadResource
GlobalFree
GlobalReAlloc
GlobalAlloc
lstrcpyA
SystemTimeToFileTime
GetFileAttributesA
GetFileInformationByHandle
FindClose
FindFirstFileA
GetFullPathNameA
IsDBCSLeadByte
GetTempPathA
GlobalUnlock
GetTempFileNameA
LocalFree
FormatMessageA
ReadFile
CreateProcessA
GetStartupInfoA
CreatePipe
FindNextFileA
GetDriveTypeA
lstrlenA
lstrcatA
SizeofResource
GetWindowsDirectoryA
InterlockedDecrement
ExitProcess
CreateMutexA
GetCommandLineA
HeapDestroy
DeleteCriticalSection
CopyFileA
lstrcmpiA
GetCurrentThreadId
InitializeCriticalSection
lstrlenW
GetShortPathNameA
GetModuleHandleA
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
SetEvent
ResetEvent
MulDiv
CreateEventA
GetVolumeInformationA
LocalFlags
GetSystemTime
GetComputerNameA
lstrcmpA
GetLocalTime
GetPrivateProfileStringA
IsBadReadPtr
CloseHandle
CreateFileMappingA
MapViewOfFile

user32

GetWindowDC
keybd_event
InsertMenuA
SetFocus
GetMenuItemInfoA
SetPropA
SetMenuItemInfoA
IsMenu
GetMenuItemRect
SetWindowsHookExA
UnhookWindowsHookEx
EqualRect
CallNextHookEx
CallWindowProcA
DefWindowProcA
GetClassInfoA
GetSysColorBrush
HideCaret
ClipCursor
SetWindowRgn
PostThreadMessageA
SetMenu
RegisterClipboardFormatA
CheckMenuItem
EnableMenuItem
CreatePopupMenu
DeleteMenu
TrackMouseEvent
SetWindowPos
GetAsyncKeyState
SetParent
WindowFromPoint
GetNextDlgTabItem
DestroyMenu
IsWindow
mouse_event
MessageBeep
SetWindowLongA
GetKeyState
SetCursorPos
ScreenToClient
PostMessageA
GetFocus
FlashWindow
IsZoomed
ShowWindow
GetForegroundWindow
SetForegroundWindow
GetWindowThreadProcessId
GetLastInputInfo
PeekMessageA
TranslateMessage
DispatchMessageA
IsClipboardFormatAvailable
FindWindowA
GetClassNameA
ModifyMenuA
KillTimer
DrawIconEx
DestroyIcon
IsWindowVisible
UpdateWindow
GetDesktopWindow
SetRectEmpty
SetTimer
SystemParametersInfoA
GetMenuItemCount
GetSubMenu
GetMenuItemID
wsprintfA
InvalidateRgn
GetCursorPos
IsRectEmpty
MessageBoxA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsIconic
DrawIcon
GetWindowRect
SetRect
LoadIconA
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowLongA
CopyRect
FrameRect
InflateRect
FillRect
GetSysColor
OffsetRect
DrawStateA
DrawFocusRect
GetActiveWindow
GetCapture
SetCapture
PtInRect
ReleaseCapture
LoadImageA
RedrawWindow
DestroyCursor
LoadBitmapA
GetWindowTextA
CopyImage
CopyIcon
EnableWindow
SendMessageA
LoadCursorA
GetClientRect
GetSystemMetrics
GetParent
InvalidateRect
ShowScrollBar
GetMenu
SetCursor
FindWindowExA
EnumWindows
EnumThreadWindows
GetPropA
RemovePropA
SetClassLongA
TrackPopupMenu
RegisterWindowMessageA
GetSystemMenu
UnregisterHotKey
RegisterHotKey
LoadMenuA
CharNextA
GetCursor
IsChild
AdjustWindowRectEx
UnionRect
DrawEdge
IntersectRect
ChildWindowFromPoint
GetMessagePos
GetMessageA
GetDlgCtrlID
DrawFrameControl
ScrollDC
GetDC
ReleaseDC
AppendMenuA
GetMenuStringA
GetTabbedTextExtentA
GetIconInfo
TrackPopupMenuEx
GetClipboardData
ClientToScreen

gdi32

GetDCOrgEx
FillRgn
LineTo
MoveToEx
CreateEllipticRgn
CreateRoundRectRgn
ExtFloodFill
PolyBezier
PatBlt
GetTextCharsetInfo
EnumFontFamiliesA
SetStretchBltMode
StretchDIBits
SetDIBitsToDevice
CreateDIBitmap
PtInRegion
CreatePolygonRgn
FrameRgn
CreatePatternBrush
LPtoDP
GetMapMode
DPtoLP
SetPixel
GetTextColor
GetCurrentObject
CreateSolidBrush
GetClipBox
SelectPalette
GetDIBits
CreateHalftonePalette
GetDIBColorTable
CreatePalette
GetBkColor
RealizePalette
CreateBitmap
SetBkColor
SetTextColor
Ellipse
Polygon
CreatePen
RoundRect
CreateFontA
CreateFontIndirectA
CreateRectRgnIndirect
CombineRgn
GetTextMetricsA
GetTextExtentPoint32A
GetDeviceCaps
GetStockObject
Rectangle
GetPixel
CreateDCA
DeleteDC
CreateRectRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SelectObject
GetObjectA
StretchBlt
DeleteObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegDeleteValueA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegRestoreKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSaveKeyA
GetUserNameA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconA
ExtractIconA
ShellExecuteExA
SHFileOperationA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
DragQueryFileA
DragFinish
ShellExecuteA
SHChangeNotify

comctl32

_TrackMouseEvent
ImageList_Remove
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIconSize

ole32

CreateStreamOnHGlobal
CoCreateGuid
OleSetContainedObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleDuplicateData
OleCreateStaticFromData
ProgIDFromCLSID
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoRegisterClassObject
CoUninitialize
CoRevokeClassObject
CoCreateInstance
OleRun
CoInitialize

olepro32

ord251

oleaut32

RegisterTypeLi
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SysAllocString
LoadTypeLi
LoadRegTypeLi
VariantCopy
SafeArrayPutElement
SafeArrayCreate

wsock32

send
htonl
ioctlsocket
inet_addr
WSAGetLastError
select
closesocket
ntohl
gethostbyname
gethostname
htons
listen
setsockopt
inet_ntoa
bind
socket
WSAStartup
WSACleanup
WSAAsyncSelect
sendto
recvfrom
accept
connect
getpeername
recv

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msimg32

GradientFill

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1b9224380ce34fb4ff5f0c1d30745bd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 20KB - Virtual size: 30KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 24KB - Virtual size: 22KB

92a1e00edd78f5bf872936a7e76d4b86

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 116KB - Virtual size: 112KB

.reloc Size: 8KB - Virtual size: 6KB

ed5153bf5057b08b5b37021603098148

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 5KB

5b42189de7923afbf07ce8e906bb60cb

Headers

File Characteristics

Imports

winmm

iphlpapi

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 20KB - Virtual size: 30KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 116KB - Virtual size: 112KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 316KB - Virtual size: 313KB

.data
Size: 84KB - Virtual size: 107KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB