256cab05027d246022ff16cdb628f39d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

256cab05027d246022ff16cdb628f39d_JaffaCakes118
Size

7.0MB
MD5

256cab05027d246022ff16cdb628f39d
SHA1

594a02cc196b1e764362155e0ed9a1f969dc34ea
SHA256

859e1846a88db40bd64bc7444a2538bf8707166fca194c641ea10547db973c9c
SHA512

f21c278f568fa69281fe771f9a57894dcf9342f5d39ceb9e1bbcabbac820948efb9af530b8a943dabf2119b5fa3a6da0a690b956c3c898ab0ca7c3b4eb387195
SSDEEP

196608:F82979I4wvgBdB/YnyOaDalhIBu7pBOzc+jWNhb:FZ9TzB/Y00hIBu77/Phb

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/HtlBrowser.exe
unpack001/Piaodown_QJLL/灰太狼-奇迹来了-1126B/UUWiseHelper.dll
unpack001/Piaodown_QJLL/灰太狼-奇迹来了-1126B/奇迹来了.exe
unpack001/Piaodown_QJLL/灰太狼-奇迹来了-1126B/插件版本错误或创建对象失败/dm.dll
unpack001/Piaodown_QJLL/灰太狼-奇迹来了-1126B补丁/补丁.EXE

Files

256cab05027d246022ff16cdb628f39d_JaffaCakes118
.rar
Piaodown_QJLL/灰太狼-奇迹来了-1126B/37wan帐密/1区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/37wan帐密/2区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/37wan帐密/3区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/37wan帐密/4区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/37wan帐密/5区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/37wan帐密/6区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/37wan帐密/7区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/37wan帐密/8区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/37wan帐密/9区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/8090帐密/1区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/8090帐密/2区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/8090帐密/3区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/8090帐密/4区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/8090帐密/5区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/8090帐密/6区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/8090帐密/7区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/8090帐密/8区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/8090帐密/9区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/Dict.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/HtlBrowser.exe
.exe windows:4 windows x86 arch:x86

62461c3e7a262aeacb3a3fdb6a7dcc84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
HeapSize
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GetFileAttributesA
SetCurrentDirectoryA
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
InterlockedIncrement

user32

SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
MessageBeep
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
OpenClipboard
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
GetClipboardData
CloseClipboard
wsprintfA
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
PostMessageA
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
SystemParametersInfoA
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
UnregisterClassA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
CharNextA
SetWindowContextHelpId
MapDialogRect
LoadStringA
GetSysColorBrush
GetNextDlgGroupItem
PostThreadMessageA
GetSystemMenu
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture

gdi32

SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
CreatePen
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
CreateRectRgnIndirect
SetBkColor
PatBlt
GetMapMode
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CLSIDFromProgID
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
CoTaskMemFree

oleaut32

SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
OleCreateFontIndirect
UnRegisterTypeLi
SysFreeString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
SafeArrayGetElemsize
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
VariantTimeToSystemTime
SysAllocString

comctl32

ImageList_Destroy
ord17

oledlg

ord8

ws2_32

recv
getpeername
accept
recvfrom
WSAAsyncSelect
closesocket
WSACleanup
ioctlsocket
inet_ntoa

comdlg32

GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
GetFileTitleA

Sections

.text
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/Thumbs.db
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/中生命.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/中魔法.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/任务图标.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/任务图标1.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/关闭1.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/关闭2.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/剑士技能.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/区服数据.ini
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/商城.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/大生命.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/大魔法.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/开始游戏1.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/开始游戏2.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/弓箭手技能.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/怪物关闭.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/恶魔之匙.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/恶魔之眼.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/熊猫.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/空栏.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/血灵之书.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/血灵之骷.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/选中.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/配置.ini
Piaodown_QJLL/灰太狼-奇迹来了-1126B/Attachment/魔法师技能.bmp
Piaodown_QJLL/灰太狼-奇迹来了-1126B/PPS帐密/1区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/PPS帐密/2区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/PPS帐密/3区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/PPS帐密/4区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/PPS帐密/5区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/PPS帐密/6区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/PPS帐密/7区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/PPS帐密/8区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/PPS帐密/9区.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/UUWiseHelper.dll
.dll windows:5 windows x86 arch:x86

8993d476b2080c54468f99bd1fb566ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\开发目录2\优优云\UUWiseHelper\输出目录\C.pdb

Imports

kernel32

GetLastError
CloseHandle
CreateFileW
ReadFile
GetFileSize
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
Sleep
lstrlenW
GlobalUnlock
GlobalLock
GlobalSize
lstrcatW
lstrcpyW
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
lstrlenA
MultiByteToWideChar
CreateEventW
WaitForSingleObject
CreateThread
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpynW
IsBadWritePtr
SetEvent
IsBadReadPtr
lstrcpyA
lstrcpynA
FlushFileBuffers
FindResourceExW
WriteConsoleW
GetConsoleOutputCP
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
WriteConsoleA
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
VirtualAlloc
CreateFileA
GetTickCount
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringW
HeapCreate
VirtualFree

user32

GetDC
ReleaseDC
wsprintfA
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
CoTaskMemFree

oleaut32

SafeArrayGetLBound
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SysAllocStringLen
SysFreeString
VariantClear
SysAllocString
SafeArrayCreateVector

shlwapi

StrStrIW

urlmon

FindMimeFromData

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdipSaveImageToStream

iphlpapi

GetAdaptersInfo

Exports

Exports

uu_AsyncRecognizeByCodeTypeAndPathA
uu_CloseAsyncRecognizeHandle
uu_GetAsyncRecognizeResultA
uu_UploadFileA
uu_UploadFileW
uu_UploadScreen
uu_getResultA
uu_getResultW
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_payA
uu_payW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_recognizeByCodeTypeAndUrlA
uu_recognizeByCodeTypeAndUrlW
uu_recognizeScreenByCodeTypeA
uu_recognizeScreenByCodeTypeW
uu_reguserA
uu_reguserW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Piaodown_QJLL/灰太狼-奇迹来了-1126B/win7更换完xp字体后系统也必须设置/Thumbs.db
Piaodown_QJLL/灰太狼-奇迹来了-1126B/win7更换完xp字体后系统也必须设置/第一步.jpg
.jpg
Piaodown_QJLL/灰太狼-奇迹来了-1126B/win7更换完xp字体后系统也必须设置/第三步.jpg
.jpg
Piaodown_QJLL/灰太狼-奇迹来了-1126B/win7更换完xp字体后系统也必须设置/第二步.jpg
.jpg
Piaodown_QJLL/灰太狼-奇迹来了-1126B/win7系统无法正常运行解决办法.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/功能说明.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/奇迹来了.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 12KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 841.0MB

.xqkrol
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ulcdkw
Size: 129KB - Virtual size: 132KB

IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Piaodown_QJLL/灰太狼-奇迹来了-1126B/挂机注意事项.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/挂机设置.ini
Piaodown_QJLL/灰太狼-奇迹来了-1126B/插件版本错误或创建对象失败/dm.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0a0d397d69491e896349f0f9b88f2c3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord6453

msvcrt

_ftol

user32

GetForegroundWindow

gdi32

DeleteDC

advapi32

AdjustTokenPrivileges

shell32

SHGetPathFromIDListW

ole32

CoSetProxyBlanket

oleaut32

SysFreeString

version

GetFileVersionInfoSizeA

ws2_32

htonl

winmm

timeGetTime

imm32

ImmInstallIMEA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 608KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Piaodown_QJLL/灰太狼-奇迹来了-1126B/插件版本错误或创建对象失败/双击运行→注册大漠插件到系统.bat.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/插件版本错误或创建对象失败/注册大漠插件到系统.bat
Piaodown_QJLL/灰太狼-奇迹来了-1126B/插件版本错误或创建对象失败/软件目录放D盘E盘C盘F盘都可以别放桌面就没事了.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/更新说明.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/游戏一些分析.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/简单使用说明.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B/飘荡软件.url
.url
Piaodown_QJLL/灰太狼-奇迹来了-1126B/高产的号培养.txt
Piaodown_QJLL/灰太狼-奇迹来了-1126B补丁/补丁.EXE
.exe windows:4 windows x86 arch:x86

dc619460317812d67c45419ce8a35def

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetCommandLineA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
GetACP
HeapSize
HeapReAlloc
TerminateProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
WriteFile
GetCurrentProcess
GetOEMCP
GetCPInfo
GlobalFlags
GetProcessVersion
LoadLibraryA
FreeLibrary
lstrcatA
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetCurrentThreadId
lstrcpyA
GetModuleFileNameA
TlsGetValue
LocalReAlloc
VirtualProtectEx
TlsSetValue
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
GetVersion
lstrcpynA
GetLastError
SetLastError
lstrcmpA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateFileA
ReadFile
SetFilePointer
CloseHandle
CreateProcessA
ExitProcess
OpenProcess
ReadProcessMemory
WriteProcessMemory
ResumeThread
GetThreadContext
SuspendThread
GetModuleHandleA
GetProcAddress
Sleep
UnhandledExceptionFilter

user32

GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
GetTopWindow
CopyRect
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
DispatchMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetParent
MessageBoxA
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
EnableWindow
UnhookWindowsHookEx
LoadStringA
SystemParametersInfoA

gdi32

RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SaveDC
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

ord17

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Piaodown_QJLL/灰太狼-奇迹来了-1126B补丁/飘荡软件.url
.url

Sharing

General

Malware Config

Signatures

Files

62461c3e7a262aeacb3a3fdb6a7dcc84

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

comdlg32

Sections

.text Size: 496KB - Virtual size: 495KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 64KB - Virtual size: 126KB

.rsrc Size: 112KB - Virtual size: 109KB

8993d476b2080c54468f99bd1fb566ab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

oleaut32

shlwapi

urlmon

gdiplus

iphlpapi

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

Headers

File Characteristics

Sections

.code Size: 12KB - Virtual size: 4.8MB

.reloc Size: - Virtual size: 841.0MB

.xqkrol Size: 5.5MB - Virtual size: 5.5MB

.ulcdkw Size: 129KB - Virtual size: 132KB

.idata Size: 5KB - Virtual size: 8KB

.rsrc Size: 92KB - Virtual size: 96KB

0a0d397d69491e896349f0f9b88f2c3f

Headers

File Characteristics

Imports

kernel32

mfc42

msvcrt

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

ws2_32

winmm

imm32

Exports

Exports

Sections

.text Size: 608KB - Virtual size: 1.3MB

.text
Size: 496KB - Virtual size: 495KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 64KB - Virtual size: 126KB

.rsrc
Size: 112KB - Virtual size: 109KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.code
Size: 12KB - Virtual size: 4.8MB

.reloc
Size: - Virtual size: 841.0MB

.xqkrol
Size: 5.5MB - Virtual size: 5.5MB

.ulcdkw
Size: 129KB - Virtual size: 132KB

.idata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 92KB - Virtual size: 96KB

.text
Size: 608KB - Virtual size: 1.3MB

.rsrc
Size: 52KB - Virtual size: 56KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 53KB

.rsrc
Size: 12KB - Virtual size: 9KB