43bae1828f59ae3dda44aab91c590be1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

43bae1828f59ae3dda44aab91c590be1_JaffaCakes118
Size

2.2MB
MD5

43bae1828f59ae3dda44aab91c590be1
SHA1

a1f58f5ff788fc4460b861968853f5e8f0ee77c7
SHA256

482c2379e1bc8d487a6764a9fe7860b6b0a4c89b572494336c0e33773aeb6401
SHA512

23968b1503fd6269f6b145593a13c2a3b13c4e790cad1d9eedd648fc990350252afc875edb9ccf9813ae4785bf638c3fd46c67fa8f0da6c841165dd5d8585003
SSDEEP

49152:J+GZsduaCnMmB3cK2RAYWl2WK8qyVDt6ix1qfb16VAwx22ZsoV:cGZFa4NhEmYWgyZTx1qfb16VfxrZsoV

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/六挂模块/小可爱/小可爱DLL.dll	acprotect
static1/unpack002/六挂模块/窗口化/窗口化DLL.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/六挂模块/小可爱/小可爱DLL.dll	upx
static1/unpack002/六挂模块/窗口化/窗口化DLL.dll	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack002/六挂模块/BY传奇/BY传奇DLL.dll
unpack002/六挂模块/两只老虎/两只老虎外挂包.exe
unpack002/六挂模块/传奇幻想/幻想外挂包.exe
unpack002/六挂模块/冰橙子/冰橙子外挂包.exe
unpack002/六挂模块/及时雨/及时雨DLL.dll
unpack002/六挂模块/小可爱/小可爱DLL.dll
unpack002/六挂模块/窗口化/窗口化DLL.dll

Files

43bae1828f59ae3dda44aab91c590be1_JaffaCakes118
.rar
开发资料/六挂模块.rar
.rar
六挂模块/BY传奇/BY传奇DLL.dll
.dll windows:4 windows x86 arch:x86

5a498eee87e4d89512a84502f500181f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA

Exports

Exports

InstHookProc
UnInstHookProc

Sections

Size: 120KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
六挂模块/两只老虎/两只老虎外挂包.exe
.exe windows:4 windows x86 arch:x86

a6d1f237a38b6e7d3a48b606fa0d7939

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
六挂模块/传奇幻想/幻想外挂包.exe
.exe windows:4 windows x86 arch:x86

a6d1f237a38b6e7d3a48b606fa0d7939

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
六挂模块/冰橙子/冰橙子外挂包.exe
.exe windows:4 windows x86 arch:x86

a6d1f237a38b6e7d3a48b606fa0d7939

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
六挂模块/及时雨/及时雨DLL.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

InstHookProc
UnInstHookProc

Sections

.Upack
Size: - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
六挂模块/外挂作坊六挂模块.ec
六挂模块/封包加解密.ec
六挂模块/小可爱/小可爱DLL.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AP
BP
EndHook

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
六挂模块/窗口化/窗口化DLL.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@$xp$12Madtools@TOS
@$xp$15Madtypes@TAByte
@$xp$15Madtypes@TAChar
@$xp$15Madtypes@TAWord
@$xp$15Madtypes@TPByte
@$xp$15Madtypes@TPChar
@$xp$15Madtypes@TPWord
@$xp$15Madtypes@TSByte
@$xp$15Madtypes@TSChar
@$xp$16Madtools@TOsEnum
@$xp$16Madtypes@TAInt64
@$xp$16Madtypes@TDAByte
@$xp$16Madtypes@TDAChar
@$xp$16Madtypes@TDAWord
@$xp$16Madtypes@TMethod
@$xp$16Madtypes@TPAByte
@$xp$16Madtypes@TPAChar
@$xp$16Madtypes@TPAWord
@$xp$16Madtypes@TPInt64
@$xp$16Madtypes@TPSByte
@$xp$16Madtypes@TPSChar
@$xp$17Madtypes@TAString
@$xp$17Madtypes@TDAInt64
@$xp$17Madtypes@TExtBool
@$xp$17Madtypes@TPAInt64
@$xp$17Madtypes@TPDAByte
@$xp$17Madtypes@TPDAChar
@$xp$17Madtypes@TPDAWord
@$xp$17Madtypes@TPString
@$xp$18Madtypes@TABoolean
@$xp$18Madtypes@TAExtBool
@$xp$18Madtypes@TAInteger
@$xp$18Madtypes@TAPointer
@$xp$18Madtypes@TDAString
@$xp$18Madtypes@TPAString
@$xp$18Madtypes@TPBoolean
@$xp$18Madtypes@TPDAInt64
@$xp$18Madtypes@TPExtBool
@$xp$18Madtypes@TPInteger
@$xp$18Madtypes@TPPointer
@$xp$18Madtypes@TSBoolean
@$xp$18Madtypes@TSExtBool
@$xp$19Madtypes@TACardinal
@$xp$19Madtypes@TAIUnknown
@$xp$19Madtypes@TAShortInt
@$xp$19Madtypes@TASmallInt
@$xp$19Madtypes@TDABoolean
@$xp$19Madtypes@TDAExtBool
@$xp$19Madtypes@TDAInteger
@$xp$19Madtypes@TDAPointer
@$xp$19Madtypes@TPABoolean
@$xp$19Madtypes@TPAExtBool
@$xp$19Madtypes@TPAInteger
@$xp$19Madtypes@TPAPointer
@$xp$19Madtypes@TPCardinal
@$xp$19Madtypes@TPDAString
@$xp$19Madtypes@TPIUnknown
@$xp$19Madtypes@TPSBoolean
@$xp$19Madtypes@TPSExtBool
@$xp$19Madtypes@TPShortInt
@$xp$19Madtypes@TPSmallInt
@$xp$20Madremote@TDAProcess
@$xp$20Madtypes@TDACardinal
@$xp$20Madtypes@TDAIUnknown
@$xp$20Madtypes@TDAShortInt
@$xp$20Madtypes@TDASmallInt
@$xp$20Madtypes@TPACardinal
@$xp$20Madtypes@TPAIUnknown
@$xp$20Madtypes@TPAShortInt
@$xp$20Madtypes@TPASmallInt
@$xp$20Madtypes@TPDABoolean
@$xp$20Madtypes@TPDAExtBool
@$xp$20Madtypes@TPDAInteger
@$xp$20Madtypes@TPDAPointer
@$xp$21Madtypes@MadException
@$xp$21Madtypes@TPDACardinal
@$xp$21Madtypes@TPDAIUnknown
@$xp$21Madtypes@TPDAShortInt
@$xp$21Madtypes@TPDASmallInt
@$xp$22Maddisasm@madDisAsm__2
@$xp$22Maddisasm@madDisAsm__3
@$xp$22Maddisasm@madDisAsm__4
@$xp$22Maddisasm@madDisAsm__5
@$xp$22Maddisasm@madDisAsm__6
@$xp$22Maddisasm@madDisAsm__7
@$xp$22Madremote@madRemote__1
@$xp$22Madtools@TMsgHandlerOO
@$xp$23Maddisasm@TFunctionInfo
@$xp$24Maddisasm@TPFunctionInfo
@$xp$24Madremote@TModuleEntry32
@$xp$25Madremote@TProcessEntry32
@@Ddrawform@Finalize
@@Ddrawform@Initialize
@Classes@TComponent@UpdateRegistry$qqr4boolx17System@AnsiStringxt2
@Forms@TForm@$bctr$qqrp18Classes@TComponent
@Forms@TForm@$bctr$qqrp18Classes@TComponenti
@Forms@TForm@$bdtr$qqrv
@Forms@TForm@$bdtr$qqrv
@Inifiles@TCustomIniFile@$bdtr$qqrv
@Inifiles@TIniFile@$bctr$qqrx17System@AnsiString
@Inifiles@TIniFile@$bdtr$qqrv
@Madcodehook@AddAccessForEveryone$qqsuiui
@Madcodehook@AmSystemProcess$qqsv
@Madcodehook@AmUsingInputDesktop$qqsv
@Madcodehook@AnsiToWide$qqspcpb
@Madcodehook@CollectHooks$qqrv
@Madcodehook@CreateGlobalEvent$qqspcii
@Madcodehook@CreateGlobalFileMapping$qqspcui
@Madcodehook@CreateGlobalMutex$qqspc
@Madcodehook@CreateIpcQueue$qqspcpqqspcpvuit2ui$v
@Madcodehook@CreateIpcQueueEx$qqspcpqqspcpvuit2ui$vuiui
@Madcodehook@CreateProcessEx$qqrpct1p20_SECURITY_ATTRIBUTESt3iuipvt1rx13_STARTUPINFOAr20_PROCESS_INFORMATION17System@AnsiString
@Madcodehook@CreateProcessExA$qqspct1p20_SECURITY_ATTRIBUTESt3iuipvt1rx13_STARTUPINFOAr20_PROCESS_INFORMATIONt1
@Madcodehook@CreateProcessExW$qqspbt1p20_SECURITY_ATTRIBUTESt3iuipvt1rx13_STARTUPINFOAr20_PROCESS_INFORMATIONt1
@Madcodehook@DestroyIpcQueue$qqspc
@Madcodehook@Finalization$qqrv
@Madcodehook@FinalizeMadCHook$qqrv
@Madcodehook@FindRealCode$qqrpv
@Madcodehook@FlushHooks$qqrv
@Madcodehook@GetCallingModule$qqsv
@Madcodehook@GetCurrentSessionId$qqsv
@Madcodehook@GetInputSessionId$qqsv
@Madcodehook@HookAPI$qqspct1pvrpvui
@Madcodehook@HookCode$qqspvt1rpvui
@Madcodehook@InitializeMadCHook$qqrv
@Madcodehook@InjectLibrary$qqrui17System@AnsiStringui
@Madcodehook@InjectLibraryA$qqsuipcui
@Madcodehook@InjectLibrarySession$qqruii17System@AnsiStringui
@Madcodehook@InjectLibrarySessionA$qqsuiipcui
@Madcodehook@InjectLibrarySessionW$qqsuiipbui
@Madcodehook@InjectLibraryW$qqsuipbui
@Madcodehook@OpenGlobalEvent$qqspc
@Madcodehook@OpenGlobalFileMapping$qqspci
@Madcodehook@OpenGlobalMutex$qqspc
@Madcodehook@ProcessIdToFileName$qqsuipc
@Madcodehook@RenewHook$qqsrpv
@Madcodehook@SendIpcMessage$qqspcpvuit2uiuii
@Madcodehook@UnhookAPI$qqsrpv
@Madcodehook@UnhookCode$qqsrpv
@Madcodehook@UninjectLibrary$qqrui17System@AnsiStringui
@Madcodehook@UninjectLibraryA$qqsuipcui
@Madcodehook@UninjectLibrarySession$qqruii17System@AnsiStringui
@Madcodehook@UninjectLibrarySessionA$qqsuiipcui
@Madcodehook@UninjectLibrarySessionW$qqsuiipbui
@Madcodehook@UninjectLibraryW$qqsuipbui
@Madcodehook@WideToAnsi$qqspbpc
@Madcodehook@amMchDll
@Madcodehook@initialization$qqrv
@Maddisasm@EndTryRead$qqrui
@Maddisasm@Finalization$qqrv
@Maddisasm@GetExportDirectory$qqrpvruirp30Madtools@TImageExportDirectory
@Maddisasm@GetProcNameFromMapFile
@Maddisasm@KernelProc$qqr17System@AnsiString
@Maddisasm@Magic$qqrv
@Maddisasm@Magic95$qqrv
@Maddisasm@NtProc$qqr17System@AnsiString
@Maddisasm@ParseCode$qqrpv
@Maddisasm@ParseCode$qqrpvr17System@AnsiString
@Maddisasm@ParseCode_$qqrpvui
@Maddisasm@ParseFunction$qqrpv
@Maddisasm@ParseFunction$qqrpvr17System@AnsiString
@Maddisasm@ParseFunctionEx$qqrpvr17System@AnsiStringt1io
@Maddisasm@ParseFunction_$qqrpvui
@Maddisasm@SolveW9xDebugMode$qqrpv
@Maddisasm@StartTryRead$qqrv
@Maddisasm@TryRead$qqrpvt1iui
@Maddisasm@TryWrite$qqrpvt1iui
@Maddisasm@initialization$qqrv
@Maddisasm@kernel32handle$qqrv
@Maddisasm@ntdllhandle$qqrv
@Madremote@AllocMemEx$qqsuiui
@Madremote@CopyFunction$qqrpvuioppvp23Maddisasm@TFunctionInfo
@Madremote@CreateRemoteThreadEx$qqsuip20_SECURITY_ATTRIBUTESipvt4uirui
@Madremote@CreateToolhelp32Snapshot
@Madremote@EnumProcesses$qqrv
@Madremote@Finalization$qqrv
@Madremote@FreeMemEx$qqspvui
@Madremote@GetKernel32ProcessHandle$qqrv
@Madremote@GetSmssProcessHandle$qqrv
@Madremote@HandleLiveForever$qqrui
@Madremote@InitSharedMem9x$qqrppvt1
@Madremote@InitToolhelp$qqrv
@Madremote@InitUnprotectMemory$qqrv
@Madremote@IsMemoryProtected$qqrpv
@Madremote@Module32First
@Madremote@Module32Next
@Madremote@Process32First
@Madremote@Process32Next
@Madremote@ProcessHandleToId$qqsui
@Madremote@ProtectMemory$qqrpvui
@Madremote@RemoteExecute$qqsuipqqspv$uiruipvui
@Madremote@UnprotectMemory$qqrpvui
@Madremote@UnprotectMemoryAsm$qqrv
@Madremote@initialization$qqrv
@Madstrings@AnsiToWideEx$qqr17System@AnsiStringo
@Madstrings@BooleanToChar$qqro
@Madstrings@CompareStr$qqrx17System@AnsiStringt1
@Madstrings@CompareText$qqrx17System@AnsiStringt1
@Madstrings@CopyR$qqrx17System@AnsiStringui
@Madstrings@DecryptStr$qqr17System@AnsiString
@Madstrings@DeleteR$qqrr17System@AnsiStringui
@Madstrings@ErrorCodeToStr$qqrui
@Madstrings@FileMatch$qqr17System@AnsiStringt1
@Madstrings@FillStr$qqr17System@AnsiStringic
@Madstrings@Finalization$qqrv
@Madstrings@FormatSubStrs$qqrr17System@AnsiStringc
@Madstrings@IntToHexEx$qqriic
@Madstrings@IntToHexEx$qqrjic
@Madstrings@IntToHexEx$qqruiic
@Madstrings@IntToStrEx$qqriic
@Madstrings@IntToStrEx$qqrjic
@Madstrings@IntToStrEx$qqruiic
@Madstrings@IsTextEqual$qqrx17System@AnsiStringt1
@Madstrings@Keep$qqrr17System@AnsiStringuiui
@Madstrings@KeepR$qqrr17System@AnsiStringui
@Madstrings@KillChar$qqrr17System@AnsiStringc
@Madstrings@KillChars$qqrr17System@AnsiStringrx29System@%Set$tc$iuc$0$iuc$255%
@Madstrings@KillStr$qqrr17System@AnsiString17System@AnsiString
@Madstrings@LowChar$qqrxc
@Madstrings@LowStr$qqrx17System@AnsiString
@Madstrings@MsToStr$qqrui
@Madstrings@PosChars$qqrrx29System@%Set$tc$iuc$0$iuc$255%x17System@AnsiStringuiui
@Madstrings@PosPChar$qqrpct1uiuiouiui
@Madstrings@PosStr$qqrx17System@AnsiStringt1uiui
@Madstrings@PosStrIs1$qqrx17System@AnsiStringt1
@Madstrings@PosText$qqrx17System@AnsiStringt1uiui
@Madstrings@PosTextIs1$qqrx17System@AnsiStringt1
@Madstrings@ReplaceStr$qqrr17System@AnsiString17System@AnsiStringt2o
@Madstrings@ReplaceText$qqrr17System@AnsiString17System@AnsiStringt2o
@Madstrings@RetDelete$qqrx17System@AnsiStringuiui
@Madstrings@RetDeleteR$qqrx17System@AnsiStringui
@Madstrings@RetTrimStr$qqrx17System@AnsiString
@Madstrings@SizeToStr$qqrj
@Madstrings@StrMatch$qqr17System@AnsiStringt1
@Madstrings@StrMatchEx$qqr17System@AnsiStringt1
@Madstrings@StrToIntEx$qqropci
@Madstrings@SubStr$qqr17System@AnsiStringuic
@Madstrings@SubStrCount$qqr17System@AnsiStringc
@Madstrings@SubStrExists$qqr17System@AnsiStringt1c
@Madstrings@SubTextExists$qqr17System@AnsiStringt1c
@Madstrings@TextMatch$qqr17System@AnsiStringt1
@Madstrings@TextMatchEx$qqr17System@AnsiStringt1
@Madstrings@TrimStr$qqrr17System@AnsiString
@Madstrings@UpChar$qqrxc
@Madstrings@UpStr$qqrx17System@AnsiString
@Madstrings@WideToAnsiEx$qqrpb
@Madstrings@initialization$qqrv
@Madtools@AddMsgHandler$qqrpqqruiuiiiri$vuiui
@Madtools@AddMsgHandler$qqrynpqqruiuiiiri$vuiui
@Madtools@COsDescr
@Madtools@DelMsgHandler$qqrpqqruiuiiiri$vuiui
@Madtools@DelMsgHandler$qqrynpqqruiuiiiri$vuiui
@Madtools@FileVersionToStr$qqrj
@Madtools@Finalization$qqrv
@Madtools@FindModule$qqrpvruir17System@AnsiString
@Madtools@GetFileVersion$qqr17System@AnsiString
@Madtools@GetFreeSystemResources$qqrus
@Madtools@GetImageExportDirectory$qqrui
@Madtools@GetImageImportDirectory$qqrui
@Madtools@GetImageNtHeaders$qqrui
@Madtools@GetImageProcAddress$qqrui17System@AnsiString
@Madtools@GetImageProcAddress$qqruii
@Madtools@GetImageProcName$qqruipvo
@Madtools@GetLongFileName$qqr17System@AnsiString
@Madtools@GetShortFileName$qqr17System@AnsiString
@Madtools@InitTryExceptFinally$qqrv
@Madtools@MethodToProcedure$qqrp14System@TObjectpv
@Madtools@MethodToProcedure$qqrrx16Madtypes@TMethod
@Madtools@MsgHandlerWindow$qqrui
@Madtools@OS$qqrv
@Madtools@ProcedureToMethod$qqrp14System@TObjectpv
@Madtools@TickDif$qqrui
@Madtools@Unmangle$qqrr17System@AnsiStringt1
@Madtools@VirtualToRaw$qqrp17_IMAGE_NT_HEADERSui
@Madtools@initialization$qqrv
@Madtypes@Finalization$qqrv
@Madtypes@MadException@
@Madtypes@MadException@$bctr$qqrx17System@AnsiString
@Madtypes@initialization$qqrv
___CPPdebugHook
_frmDDraw

Sections

UPX0
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 265KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
开发资料/登录皮肤.rar
.rar
登录皮肤/会员装备_1.bmp
登录皮肤/会员装备_2.bmp
登录皮肤/会员装备_3.bmp
登录皮肤/会员装备_4.bmp
登录皮肤/保存_1.bmp
登录皮肤/保存_2.bmp
登录皮肤/保存_3.bmp
登录皮肤/修改_1.bmp
登录皮肤/修改_2.bmp
登录皮肤/修改_3.bmp
登录皮肤/修改密码.jpg
.jpg
登录皮肤/修改密码_1.bmp
登录皮肤/修改密码_2.bmp
登录皮肤/修改密码_3.bmp
登录皮肤/修改密码_4.bmp
登录皮肤/关闭窗口_1.bmp
登录皮肤/关闭窗口_2.bmp
登录皮肤/关闭窗口_3.bmp
登录皮肤/删除_1.bmp
登录皮肤/删除_2.bmp
登录皮肤/删除_3.bmp
登录皮肤/取消_1.bmp
登录皮肤/取消_2.bmp
登录皮肤/取消_3.bmp
登录皮肤/增加_1.bmp
登录皮肤/增加_2.bmp
登录皮肤/增加_3.bmp
登录皮肤/官方网站_1.bmp
登录皮肤/官方网站_2.bmp
登录皮肤/官方网站_3.bmp
登录皮肤/官方网站_4.bmp
登录皮肤/开始游戏_1.bmp
登录皮肤/开始游戏_2.bmp
登录皮肤/开始游戏_3.bmp
登录皮肤/开始游戏_4.bmp
登录皮肤/找回密码(背景).jpg
.jpg
登录皮肤/找回密码.jpg
.jpg
登录皮肤/找回密码_1.bmp
登录皮肤/找回密码_2.bmp
登录皮肤/找回密码_3.bmp
登录皮肤/找回密码_4.bmp
登录皮肤/无水印图_1.bmp
登录皮肤/无水印图_2.bmp
登录皮肤/无水印图_3.bmp
登录皮肤/无水印图_4.bmp
登录皮肤/更新补丁.jpg
.jpg
登录皮肤/最小窗口_1.bmp
登录皮肤/最小窗口_2.bmp
登录皮肤/最小窗口_3.bmp
登录皮肤/注册帐号_1.bmp
登录皮肤/注册帐号_2.bmp
登录皮肤/注册帐号_3.bmp
登录皮肤/注册帐号_4.bmp
登录皮肤/注册账户.jpg
.jpg
登录皮肤/添加游戏_1.bmp
登录皮肤/添加游戏_2.bmp
登录皮肤/添加游戏_3.bmp
登录皮肤/添加游戏_4.bmp
登录皮肤/登录界面.jpg
.jpg
登录皮肤/确定_1 (2).bmp
登录皮肤/确定_1.bmp
登录皮肤/确定_2.bmp
登录皮肤/确定_3.bmp
登录皮肤/联系客服_1.bmp
登录皮肤/联系客服_2.bmp
登录皮肤/联系客服_3.bmp
登录皮肤/联系客服_4.bmp
登录皮肤/脱机登录_1.bmp
登录皮肤/脱机登录_2.bmp
登录皮肤/脱机登录_3.bmp
登录皮肤/脱机登录_4.bmp
登录皮肤/退出游戏_1.bmp
登录皮肤/退出游戏_2.bmp
登录皮肤/退出游戏_3.bmp
登录皮肤/退出游戏_4.bmp
登录皮肤/错误提示.jpg
.jpg
开发资料/远程列表.txt

Sharing

General

Malware Config

Signatures

Files

5a498eee87e4d89512a84502f500181f

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

Size: 120KB - Virtual size: 340KB

Size: - Virtual size: 4KB

Size: 4KB - Virtual size: 4KB

Size: 21KB - Virtual size: 68KB

Size: 23KB - Virtual size: 84KB

Size: 7KB - Virtual size: 28KB

Size: 68KB - Virtual size: 72KB

a6d1f237a38b6e7d3a48b606fa0d7939

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

comdlg32

gdi32

shell32

user32

ole32

Sections

.text Size: 73KB - Virtual size: 76KB

.data Size: 2KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 12KB

a6d1f237a38b6e7d3a48b606fa0d7939

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

comdlg32

gdi32

shell32

user32

ole32

Sections

.text Size: 73KB - Virtual size: 76KB

.data Size: 2KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 12KB

a6d1f237a38b6e7d3a48b606fa0d7939

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

comdlg32

gdi32

shell32

user32

ole32

Sections

.text Size: 73KB - Virtual size: 76KB

.data Size: 2KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 12KB

Headers

File Characteristics

Exports

Exports

Sections

.Upack Size: - Virtual size: 556KB

.rsrc Size: 146KB - Virtual size: 176KB

Headers

File Characteristics

.text
Size: 73KB - Virtual size: 76KB

.data
Size: 2KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 73KB - Virtual size: 76KB

.data
Size: 2KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 73KB - Virtual size: 76KB

.data
Size: 2KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 12KB

.Upack
Size: - Virtual size: 556KB

.rsrc
Size: 146KB - Virtual size: 176KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 166KB - Virtual size: 168KB

.rsrc
Size: 10KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 572KB

UPX1
Size: 265KB - Virtual size: 268KB

.rsrc
Size: 15KB - Virtual size: 16KB