General

Malware Config

Signatures

Files

• ebfc2b62ea889cf96c4eb0b649672c6b713ad163fd5818c2f46a9b5726dd80fb

  .rar
• 客户端/20201108/D3DX81ab.dll

  .dll windows:4 windows x86 arch:x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Exports

  Exports

  D3DXAssembleShader

  D3DXAssembleShaderFromFileA

  D3DXAssembleShaderFromFileW

  D3DXAssembleShaderFromResourceA

  D3DXAssembleShaderFromResourceW

  D3DXBoxBoundProbe

  D3DXCheckCubeTextureRequirements

  D3DXCheckTextureRequirements

  D3DXCheckVolumeTextureRequirements

  D3DXCleanMesh

  D3DXColorAdjustContrast

  D3DXColorAdjustSaturation

  D3DXComputeBoundingBox

  D3DXComputeBoundingSphere

  D3DXComputeNormalMap

  D3DXComputeNormals

  D3DXComputeTangent

  D3DXConvertMeshSubsetToSingleStrip

  D3DXConvertMeshSubsetToStrips

  D3DXCreateBox

  D3DXCreateBuffer

  D3DXCreateCubeTexture

  D3DXCreateCubeTextureFromFileA

  D3DXCreateCubeTextureFromFileExA

  D3DXCreateCubeTextureFromFileExW

  D3DXCreateCubeTextureFromFileInMemory

  D3DXCreateCubeTextureFromFileInMemoryEx

  D3DXCreateCubeTextureFromFileW

  D3DXCreateCubeTextureFromResourceA

  D3DXCreateCubeTextureFromResourceExA

  D3DXCreateCubeTextureFromResourceExW

  D3DXCreateCubeTextureFromResourceW

  D3DXCreateCylinder

  D3DXCreateEffect

  D3DXCreateEffectFromFileA

  D3DXCreateEffectFromFileW

  D3DXCreateEffectFromResourceA

  D3DXCreateEffectFromResourceW

  D3DXCreateFont

  D3DXCreateFontIndirect

  D3DXCreateMatrixStack

  D3DXCreateMesh

  D3DXCreateMeshFVF

  D3DXCreatePMeshFromStream

  D3DXCreatePolygon

  D3DXCreateRenderToEnvMap

  D3DXCreateRenderToSurface

  D3DXCreateSPMesh

  D3DXCreateSkinMesh

  D3DXCreateSkinMeshFVF

  D3DXCreateSkinMeshFromMesh

  D3DXCreateSphere

  D3DXCreateSprite

  D3DXCreateTeapot

  D3DXCreateTextA

  D3DXCreateTextW

  D3DXCreateTexture

  D3DXCreateTextureFromFileA

  D3DXCreateTextureFromFileExA

  D3DXCreateTextureFromFileExW

  D3DXCreateTextureFromFileInMemory

  D3DXCreateTextureFromFileInMemoryEx

  D3DXCreateTextureFromFileW

  D3DXCreateTextureFromResourceA

  D3DXCreateTextureFromResourceExA

  D3DXCreateTextureFromResourceExW

  D3DXCreateTextureFromResourceW

  D3DXCreateTorus

  D3DXCreateVolumeTexture

  D3DXCreateVolumeTextureFromFileA

  D3DXCreateVolumeTextureFromFileExA

  D3DXCreateVolumeTextureFromFileExW

  D3DXCreateVolumeTextureFromFileInMemory

  D3DXCreateVolumeTextureFromFileInMemoryEx

  D3DXCreateVolumeTextureFromFileW

  D3DXCreateVolumeTextureFromResourceA

  D3DXCreateVolumeTextureFromResourceExA

  D3DXCreateVolumeTextureFromResourceExW

  D3DXCreateVolumeTextureFromResourceW

  D3DXDeclaratorFromFVF

  D3DXFVFFromDeclarator

  D3DXFillCubeTexture

  D3DXFillTexture

  D3DXFillVolumeTexture

  D3DXFilterTexture

  D3DXFresnelTerm

  D3DXGeneratePMesh

  D3DXGetErrorStringA

  D3DXGetErrorStringW

  D3DXGetFVFVertexSize

  D3DXGetImageInfoFromFileA

  D3DXGetImageInfoFromFileInMemory

  D3DXGetImageInfoFromFileW

  D3DXGetImageInfoFromResourceA

  D3DXGetImageInfoFromResourceW

  D3DXIntersect

  D3DXIntersectSubset

  D3DXIntersectTri

  D3DXLoadMeshFromX

  D3DXLoadMeshFromXInMemory

  D3DXLoadMeshFromXResource

  D3DXLoadMeshFromXof

  D3DXLoadSkinMeshFromXof

  D3DXLoadSurfaceFromFileA

  D3DXLoadSurfaceFromFileInMemory

  D3DXLoadSurfaceFromFileW

  D3DXLoadSurfaceFromMemory

  D3DXLoadSurfaceFromResourceA

  D3DXLoadSurfaceFromResourceW

  D3DXLoadSurfaceFromSurface

  D3DXLoadVolumeFromFileA

  D3DXLoadVolumeFromFileInMemory

  D3DXLoadVolumeFromFileW

  D3DXLoadVolumeFromMemory

  D3DXLoadVolumeFromResourceA

  D3DXLoadVolumeFromResourceW

  D3DXLoadVolumeFromVolume

  D3DXMatrixAffineTransformation

  D3DXMatrixInverse

  D3DXMatrixLookAtLH

  D3DXMatrixLookAtRH

  D3DXMatrixMultiply

  D3DXMatrixMultiplyTranspose

  D3DXMatrixOrthoLH

  D3DXMatrixOrthoOffCenterLH

  D3DXMatrixOrthoOffCenterRH

  D3DXMatrixOrthoRH

  D3DXMatrixPerspectiveFovLH

  D3DXMatrixPerspectiveFovRH

  D3DXMatrixPerspectiveLH

  D3DXMatrixPerspectiveOffCenterLH

  D3DXMatrixPerspectiveOffCenterRH

  D3DXMatrixPerspectiveRH

  D3DXMatrixReflect

  D3DXMatrixRotationAxis

  D3DXMatrixRotationQuaternion

  D3DXMatrixRotationX

  D3DXMatrixRotationY

  D3DXMatrixRotationYawPitchRoll

  D3DXMatrixRotationZ

  D3DXMatrixScaling

  D3DXMatrixShadow

  D3DXMatrixTransformation

  D3DXMatrixTranslation

  D3DXMatrixTranspose

  D3DXMatrixfDeterminant

  D3DXPlaneFromPointNormal

  D3DXPlaneFromPoints

  D3DXPlaneIntersectLine

  D3DXPlaneNormalize

  D3DXPlaneTransform

  D3DXQuaternionBaryCentric

  D3DXQuaternionExp

  D3DXQuaternionInverse

  D3DXQuaternionLn

  D3DXQuaternionMultiply

  D3DXQuaternionNormalize

  D3DXQuaternionRotationAxis

  D3DXQuaternionRotationMatrix

  D3DXQuaternionRotationYawPitchRoll

  D3DXQuaternionSlerp

  D3DXQuaternionSquad

  D3DXQuaternionSquadSetup

  D3DXQuaternionToAxisAngle

  D3DXSaveMeshToX

  D3DXSaveSurfaceToFileA

  D3DXSaveSurfaceToFileW

  D3DXSaveTextureToFileA

  D3DXSaveTextureToFileW

  D3DXSaveVolumeToFileA

  D3DXSaveVolumeToFileW

  D3DXSimplifyMesh

  D3DXSphereBoundProbe

  D3DXSplitMesh

  D3DXTessellateNPatches

  D3DXValidMesh

  D3DXVec2BaryCentric

  D3DXVec2CatmullRom

  D3DXVec2Hermite

  D3DXVec2Normalize

  D3DXVec2Transform

  D3DXVec2TransformCoord

  D3DXVec2TransformNormal

  D3DXVec3BaryCentric

  D3DXVec3CatmullRom

  D3DXVec3Hermite

  D3DXVec3Normalize

  D3DXVec3Project

  D3DXVec3Transform

  D3DXVec3TransformCoord

  D3DXVec3TransformNormal

  D3DXVec3Unproject

  D3DXVec4BaryCentric

  D3DXVec4CatmullRom

  D3DXVec4Cross

  D3DXVec4Hermite

  D3DXVec4Normalize

  D3DXVec4Transform

  D3DXWeldVertices

  Sections

  .text

  Size: 508KB - Virtual size: 504KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 48KB - Virtual size: 47KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 76KB - Virtual size: 88KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data1

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 824B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 20KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .new

  Size: 4KB - Virtual size: 664KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• 客户端/20201108/libcro.dll

  .dll windows:6 windows x86 arch:x86

  64cf9ea4c004388197533c32435031b2

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  Sleep

  FreeConsole

  GetConsoleWindow

  ReadFile

  GetModuleFileNameW

  CreateFileW

  VirtualAlloc

  DisableThreadLibraryCalls

  GetModuleHandleA

  VirtualProtect

  CloseHandle

  lstrcpyW

  SetFilePointerEx

  SetStdHandle

  GetCommandLineA

  GetCurrentThreadId

  IsDebuggerPresent

  IsProcessorFeaturePresent

  GetLastError

  SetLastError

  EncodePointer

  DecodePointer

  ExitProcess

  GetModuleHandleExW

  GetProcAddress

  MultiByteToWideChar

  WideCharToMultiByte

  GetProcessHeap

  GetStdHandle

  GetFileType

  DeleteCriticalSection

  GetStartupInfoW

  GetModuleFileNameA

  HeapFree

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  InitializeCriticalSectionAndSpinCount

  GetCurrentProcess

  TerminateProcess

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetModuleHandleW

  EnterCriticalSection

  LeaveCriticalSection

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  WriteFile

  LoadLibraryExW

  RtlUnwind

  HeapAlloc

  HeapReAlloc

  GetStringTypeW

  OutputDebugStringW

  HeapSize

  LCMapStringW

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  WriteConsoleW

  user32

  ShowWindow

  Exports

  Exports

  FirstLoad

  MMDB_aget_value

  MMDB_lookup_string

  MMDB_open

  MMDB_strerror

  uv_accept

  uv_async_init

  uv_async_send

  uv_backend_fd

  uv_backend_timeout

  uv_barrier_destroy

  uv_barrier_init

  uv_barrier_wait

  uv_buf_init

  uv_cancel

  uv_chdir

  uv_check_init

  uv_check_start

  uv_check_stop

  uv_close

  uv_cond_broadcast

  uv_cond_destroy

  uv_cond_init

  uv_cond_signal

  uv_cond_timedwait

  uv_cond_wait

  uv_cpu_info

  uv_cwd

  uv_default_loop

  uv_disable_stdio_inheritance

  uv_dlclose

  uv_dlerror

  uv_dlopen

  uv_dlsym

  uv_err_name

  uv_exepath

  uv_fileno

  uv_free_cpu_info

  uv_free_interface_addresses

  uv_freeaddrinfo

  uv_fs_access

  uv_fs_chmod

  uv_fs_chown

  uv_fs_close

  uv_fs_event_getpath

  uv_fs_event_init

  uv_fs_event_start

  uv_fs_event_stop

  uv_fs_fchmod

  uv_fs_fchown

  uv_fs_fdatasync

  uv_fs_fstat

  uv_fs_fsync

  uv_fs_ftruncate

  uv_fs_futime

  uv_fs_link

  uv_fs_lstat

  uv_fs_mkdir

  uv_fs_mkdtemp

  uv_fs_open

  uv_fs_poll_getpath

  uv_fs_poll_init

  uv_fs_poll_start

  uv_fs_poll_stop

  uv_fs_read

  uv_fs_readlink

  uv_fs_realpath

  uv_fs_rename

  uv_fs_req_cleanup

  uv_fs_rmdir

  uv_fs_scandir

  uv_fs_scandir_next

  uv_fs_sendfile

  uv_fs_stat

  uv_fs_symlink

  uv_fs_unlink

  uv_fs_utime

  uv_fs_write

  uv_get_free_memory

  uv_get_osfhandle

  uv_get_process_title

  uv_get_total_memory

  uv_getaddrinfo

  uv_getnameinfo

  uv_getrusage

  uv_guess_handle

  uv_handle_size

  uv_has_ref

  uv_hrtime

  uv_idle_init

  uv_idle_start

  uv_idle_stop

  uv_inet_ntop

  uv_inet_pton

  uv_interface_addresses

  uv_ip4_addr

  uv_ip4_name

  uv_ip6_addr

  uv_ip6_name

  uv_is_active

  uv_is_closing

  uv_is_readable

  uv_is_writable

  uv_key_create

  uv_key_delete

  uv_key_get

  uv_key_set

  uv_kill

  uv_listen

  uv_loadavg

  uv_loop_alive

  uv_loop_close

  uv_loop_configure

  uv_loop_delete

  uv_loop_fork

  uv_loop_init

  uv_loop_new

  uv_loop_size

  uv_mutex_destroy

  uv_mutex_init

  uv_mutex_lock

  uv_mutex_trylock

  uv_mutex_unlock

  uv_now

  uv_once

  uv_os_free_passwd

  uv_os_get_passwd

  uv_os_getenv

  uv_os_gethostname

  uv_os_homedir

  uv_os_setenv

  uv_os_tmpdir

  uv_os_unsetenv

  uv_pipe_bind

  uv_pipe_connect

  uv_pipe_getpeername

  uv_pipe_getsockname

  uv_pipe_init

  uv_pipe_open

  uv_pipe_pending_count

  uv_pipe_pending_instances

  uv_pipe_pending_type

  uv_poll_init

  uv_poll_init_socket

  uv_poll_start

  uv_poll_stop

  uv_prepare_init

  uv_prepare_start

  uv_prepare_stop

  uv_print_active_handles

  uv_print_all_handles

  uv_process_kill

  uv_queue_work

  uv_read_start

  uv_read_stop

  uv_recv_buffer_size

  uv_ref

  uv_replace_allocator

  uv_req_size

  uv_resident_set_memory

  uv_run

  uv_rwlock_destroy

  uv_rwlock_init

  uv_rwlock_rdlock

  uv_rwlock_rdunlock

  uv_rwlock_tryrdlock

  uv_rwlock_trywrlock

  uv_rwlock_wrlock

  uv_rwlock_wrunlock

  uv_sem_destroy

  uv_sem_init

  uv_sem_post

  uv_sem_trywait

  uv_sem_wait

  uv_send_buffer_size

  uv_set_process_title

  uv_setup_args

  uv_shutdown

  uv_signal_init

  uv_signal_start

  uv_signal_start_oneshot

  uv_signal_stop

  uv_spawn

  uv_stop

  uv_stream_set_blocking

  uv_strerror

  uv_tcp_bind

  uv_tcp_connect

  uv_tcp_getpeername

  uv_tcp_getsockname

  uv_tcp_init

  uv_tcp_init_ex

  uv_tcp_keepalive

  uv_tcp_nodelay

  uv_tcp_open

  uv_tcp_simultaneous_accepts

  uv_thread_create

  uv_thread_equal

  uv_thread_join

  uv_thread_self

  uv_timer_again

  uv_timer_get_repeat

  uv_timer_init

  uv_timer_set_repeat

  uv_timer_start

  uv_timer_stop

  uv_translate_sys_error

  uv_try_write

  uv_tty_get_winsize

  uv_tty_init

  uv_tty_reset_mode

  uv_tty_set_mode

  uv_udp_bind

  uv_udp_getsockname

  uv_udp_init

  uv_udp_init_ex

  uv_udp_open

  uv_udp_recv_start

  uv_udp_recv_stop

  uv_udp_send

  uv_udp_set_broadcast

  uv_udp_set_membership

  uv_udp_set_multicast_interface

  uv_udp_set_multicast_loop

  uv_udp_set_multicast_ttl

  uv_udp_set_ttl

  uv_udp_try_send

  uv_unref

  uv_update_time

  uv_uptime

  uv_version

  uv_version_string

  uv_walk

  uv_write

  uv_write2

  Sections

  .text

  Size: 41KB - Virtual size: 40KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 23KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 客户端/20201108/update.log
• 客户端/20201108/管理程序.exe

  .exe windows:4 windows x86 arch:x86

  
  

  Code Sign

  38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5

  Certificate

  Issuer

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Not Before

  15-06-2007 00:00

  Not After

  14-06-2012 23:59

  Subject

  CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2013 23:59

  Subject

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  21-05-2009 00:00

  Not After

  20-05-2019 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  61:35:9a:c4:45:14:d7:81:76:9f:d6:43:66:6b:45:72

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

  Not Before

  31-03-2010 00:00

  Not After

  31-03-2011 23:59

  Subject

  CN=Chengdu Qiying Technology Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Chengdu Qiying Technology Co.\,Ltd.,L=Chengdu,ST=Sichuan,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  6f:04:a3:8d:c6:2d:d5:73:d4:c3:e3:36:77:ed:42:5d:04:6e:61:e7

  Signer

  Actual PE Digest

  6f:04:a3:8d:c6:2d:d5:73:d4:c3:e3:36:77:ed:42:5d:04:6e:61:e7

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  CODE

  Size: 343KB - Virtual size: 343KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 3KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 16B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 23KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 40KB - Virtual size: 40KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ