87e6c8916e7513a06efa4429b71ba9f28f9349dc217b696e6f7083bb0c9bc7de

Sharing

Copy URL Twitter E-mail

General

Target

87e6c8916e7513a06efa4429b71ba9f28f9349dc217b696e6f7083bb0c9bc7de
Size

5.7MB
MD5

139714f3ade6b0c76ddcb683c6534224
SHA1

4e6c198953a5567b8716a4bb6bc32f2b55acc2a5
SHA256

87e6c8916e7513a06efa4429b71ba9f28f9349dc217b696e6f7083bb0c9bc7de
SHA512

e51f50272e2fda070b1373969f5747c4597732279b25cee6bb3052330af1a44bfb8a56df61b2d17c289b4974da2c04bb8308134fd60432407aa5d979b23f7589
SSDEEP

98304:fXwpyZF9wlsomviAvn+5I4aTFUzXNrOHkA73OmUrVmUQfGHxSVbBLPk2cd:/wpCIyGq4oCZOH7grVmfGmBTk9

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/anjianv9.0/Fairy_Ape.exe
unpack001/anjianv9.0/Fairy_Ape/RICHED20.DLL
unpack001/anjianv9.0/LAScriptX.dll
unpack001/anjianv9.0/comx.dll
unpack001/anjianv9.0/libs.dll
unpack001/anjianv9.0/net.dll

Files

87e6c8916e7513a06efa4429b71ba9f28f9349dc217b696e6f7083bb0c9bc7de
.zip
anjianv9.0/Fairy_Ape.exe
.exe windows:5 windows x86 arch:x86

12dcd6b1b2493cd24e743b199d755ed7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\模拟精灵\新的模拟精灵\Release\Fairy_Ape.pdb

Imports

kernel32

GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
SetEnvironmentVariableA
VirtualProtect
VirtualAlloc
VirtualQuery
GetStartupInfoA
HeapReAlloc
RtlUnwind
GetTimeFormatA
GetDateFormatA
CreateProcessA
SetStdHandle
GetFileType
ExitThread
CreateThread
HeapSize
GetACP
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetErrorMode
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
SetHandleCount
GetDriveTypeA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CompareStringW
EnumSystemLocalesA
IsValidLocale
CreatePipe
GetExitCodeProcess
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetFileSizeEx
GetOEMCP
GetCPInfo
GlobalFlags
GetModuleHandleW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
MoveFileA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
WritePrivateProfileStringA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedExchange
lstrcmpA
GetThreadLocale
RaiseException
SuspendThread
SetThreadPriority
FindFirstFileA
FileTimeToLocalFileTime
FindNextFileA
FindClose
GetModuleFileNameW
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
MulDiv
DeviceIoControl
GlobalSize
ResumeThread
DuplicateHandle
GetExitCodeThread
SetFileTime
GetFileTime
GlobalMemoryStatus
SetSystemPowerState
GetCurrentProcess
TerminateProcess
GetTempPathA
GetSystemDirectoryA
GlobalUnlock
GetVolumeInformationA
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualQueryEx
GetSystemInfo
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
OpenProcess
GetFullPathNameA
GetLocaleInfoA
GetUserDefaultLCID
FreeResource
WriteFile
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
SetConsoleTitleA
AllocConsole
GetCurrentProcessId
FreeConsole
WinExec
lstrcatA
lstrcpyA
MapViewOfFile
CreateFileMappingA
CreateFileA
UnmapViewOfFile
GetVersion
GetProcessHeap
HeapAlloc
GetModuleHandleA
SetCurrentDirectoryA
GetCurrentDirectoryA
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
DeleteFileA
FreeLibrary
GetProcAddress
CloseHandle
CreateEventA
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
CreateMutexA
GetCommandLineA
LoadLibraryA
lstrcpynA
ResetEvent
TerminateThread
WaitForSingleObject
SetEvent
lstrlenW
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalAlloc
SetFileAttributesA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
ExitProcess
LocalFree
FormatMessageA
GetLastError
GetTickCount
Sleep
lstrlenA
SetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
GetStdHandle
WideCharToMultiByte

user32

SendDlgItemMessageA
GetMenuState
SetWindowTextA
GetMenuStringA
GetMenu
SendMessageTimeoutA
ExitWindowsEx
SetFocus
IsWindowEnabled
GetCursor
SendInput
GetMenuItemID
GetMenuItemCount
PostThreadMessageA
ModifyMenuA
UnionRect
IsCharAlphaA
DrawFrameControl
DrawTextA
MessageBeep
SetClipboardData
EmptyClipboard
SetActiveWindow
EnumWindows
DrawEdge
SetMenuDefaultItem
CloseClipboard
GetClipboardData
OpenClipboard
DrawIconEx
SetWindowRgn
EqualRect
KillTimer
SetTimer
SetRect
SetScrollRange
IsRectEmpty
SetRectEmpty
GetDialogBaseUnits
FrameRect
LoadImageA
CreateIconIndirect
GetIconInfo
GetSysColor
DrawStateA
OffsetRect
DrawFocusRect
InflateRect
TrackPopupMenuEx
GetNextDlgTabItem
DestroyIcon
DestroyMenu
DestroyCursor
SystemParametersInfoA
GetClassNameA
ChildWindowFromPointEx
GetDlgItem
GetKeyboardLayoutList
LoadKeyboardLayoutA
GetKeyboardLayout
GetCaretPos
OpenIcon
GetDoubleClickTime
GetForegroundWindow
AttachThreadInput
GetWindowTextA
GetWindowThreadProcessId
BringWindowToTop
SetCursorPos
GetKeyState
GetScrollRange
GetScrollPos
SetScrollPos
ValidateRect
SetCapture
ClientToScreen
ReleaseCapture
PtInRect
ShowWindow
FindWindowA
LockWindowUpdate
DeleteMenu
AppendMenuA
GetSystemMenu
DispatchMessageA
TranslateMessage
GetMessageA
GetLastActivePopup
GetPropA
GetDesktopWindow
SetForegroundWindow
GetDlgCtrlID
TrackPopupMenu
LoadCursorA
SetCursor
EnableMenuItem
GetSubMenu
LoadMenuA
GetWindow
CopyRect
RegisterWindowMessageA
SetWindowsHookExA
UnhookWindowsHookEx
GetFocus
GetKeyNameTextA
MapVirtualKeyA
CallNextHookEx
RegisterHotKey
InvalidateRgn
DrawTextExA
CopyAcceleratorTableA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
UnregisterHotKey
GetParent
FindWindowExA
DrawIcon
RemovePropA
ScreenToClient
GetCursorPos
SetWindowLongA
GetWindowLongA
SetPropA
LoadIconA
SetWindowPos
IsIconic
IsZoomed
GetSystemMetrics
GetWindowDC
RedrawWindow
IsWindowVisible
IsWindow
PostQuitMessage
PeekMessageA
ReleaseDC
GetDC
GetClientRect
InvalidateRect
GetActiveWindow
FillRect
PostMessageA
GetNextDlgGroupItem
RegisterClipboardFormatA
CharNextA
UnregisterClassA
SendMessageA
GetWindowRect
EnableWindow
MessageBoxA
GetSysColorBrush
CharUpperA
SetWindowContextHelpId
GetAsyncKeyState
MapDialogRect
LoadBitmapA
CheckMenuItem
WinHelpA
IsChild
GetCapture
GetClassLongA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
DefWindowProcA
CallWindowProcA
IntersectRect
GetWindowPlacement
EndPaint
BeginPaint
GrayStringA
TabbedTextOutA
CreateDialogIndirectParamA
DestroyWindow
EndDialog
GetWindowTextLengthA
MoveWindow
IsDialogMessageA
WindowFromPoint

gdi32

StretchDIBits
RealizePalette
SetBkMode
GetDIBits
SetWinMetaFileBits
SelectPalette
SetEnhMetaFileBits
PlayEnhMetaFile
GetEnhMetaFilePaletteEntries
CreatePalette
GetEnhMetaFileHeader
DeleteEnhMetaFile
SaveDC
RestoreDC
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SelectClipRgn
SetStretchBltMode
GetWindowExtEx
PtVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetRgnBox
GetCharWidthA
CreateFontA
DPtoLP
GetTextColor
RectVisible
GetClipBox
ExtSelectClipRgn
ExtTextOutA
GetBkColor
CreateRectRgnIndirect
CreatePen
GetMapMode
CreateFontIndirectA
CombineRgn
CreateRectRgn
CreatePolygonRgn
CreateRoundRectRgn
FrameRgn
FillRgn
GetTextExtentPoint32A
SetPixel
DeleteDC
SetTextColor
SetBkColor
SelectObject
CreateBitmap
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetDeviceCaps
GetPixel
EnumFontFamiliesExA
GetObjectA
PatBlt
GetViewportExtEx
CreateSolidBrush
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

CloseServiceHandle
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
CreateServiceA
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
RegCreateKeyExA
StartServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueA
RegNotifyChangeKeyValue
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA

shell32

ShellExecuteExA
Shell_NotifyIconA
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA
ShellExecuteA

comctl32

_TrackMouseEvent
ord17
ImageList_Draw

shlwapi

PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocStringLen
VarDateFromStr
VariantInit
VariantCopyInd
VariantChangeType
SysStringLen
SysAllocStringByteLen
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayGetElemsize
SafeArrayCreate
OleCreateFontIndirect
SysFreeString

winmm

PlaySoundA

wininet

InternetOpenUrlA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetConnectA
InternetQueryDataAvailable
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetSetOptionA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetOpenA
InternetCrackUrlA

Exports

Exports

_GetPhysLong@8
_GetPortVal@12
_InitializeWinIo@0
_InstallWinIoDriver@8
_MapPhysToLin@12
_RemoveWinIoDriver@0
_SetPhysLong@8
_SetPortVal@12
_ShutdownWinIo@0
_UnmapPhysicalMemory@8

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 803KB - Virtual size: 802KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
anjianv9.0/Fairy_Ape/Ape.history
anjianv9.0/Fairy_Ape/Fairy.config
anjianv9.0/Fairy_Ape/Fairy.work
.js .xml polyglot
anjianv9.0/Fairy_Ape/Language/CHS.xml
.js .xml polyglot
anjianv9.0/Fairy_Ape/Language/CHSsyntax.txt
.js
anjianv9.0/Fairy_Ape/RICHED20.DLL
.dll windows:5 windows x86 arch:x86

b273fadc4482676e5c978e88480e0b9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetUserDefaultLCID
GetProfileIntA
FindAtomW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryW
LoadLibraryA
GetProfileSectionW
GetProfileSectionA
CompareStringW
CompareStringA
CreateFileW
CreateFileA
GetStringTypeExW
GetStringTypeExA
GetModuleHandleA
LocalReAlloc
LocalAlloc
GetACP
lstrcmpiW
GetVersionExA
MulDiv
GlobalUnlock
GlobalHandle
GlobalLock
GlobalSize
GlobalReAlloc
GlobalFlags
GlobalFree
GlobalAlloc
GetThreadLocale
IsValidCodePage
SetFilePointer
CloseHandle
WriteFile
ReadFile
GetLastError
IsBadWritePtr
GetCurrentThreadId
FindAtomA
GetSystemDefaultLangID
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
FormatMessageA
lstrlenA
lstrcmpiA
LocalFree
GetLocaleInfoW
GetProcAddress
FreeLibrary
RaiseException
IsBadReadPtr
GetTickCount
Sleep
LocalLock
WideCharToMultiByte
MultiByteToWideChar
GetSystemDefaultLCID
LeaveCriticalSection
EnterCriticalSection

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

user32

IsChild
IsWindowEnabled
GetCapture
GetCaretPos
IsClipboardFormatAvailable
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetClipboardOwner
GetClipboardData
CharUpperW
MessageBoxA
UnregisterClassA
ShowScrollBar
EnableScrollBar
wvsprintfA
DefWindowProcA
DefWindowProcW
GetWindowLongA
GetWindowLongW
GetClassLongA
GetClassLongW
LoadBitmapA
LoadBitmapW
LoadCursorA
LoadCursorW
SetWindowLongA
SetWindowLongW
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
RegisterWindowMessageA
PostQuitMessage
MessageBoxW
GetKeyboardLayout
SendMessageA
FindWindowA
SystemParametersInfoA
GetKeyboardLayoutList
CharLowerA
CharLowerBuffW
CharUpperA
CharUpperBuffW
SendMessageW
UnregisterClassW
RegisterClassA
RegisterClassW
GetDoubleClickTime
GetForegroundWindow
WindowFromPoint
SystemParametersInfoW
GetDesktopWindow
IsWindow
GetWindow
SetScrollInfo
SetForegroundWindow
ScrollWindowEx
SetTimer
SetCaretPos
ShowCaret
HideCaret
CreateCaret
SetScrollPos
SetScrollRange
IsWindowVisible
MapWindowPoints
GetDlgItem
GetFocus
IsIconic
DestroyCaret
SetFocus
WindowFromDC
DestroyMenu
MessageBeep
RegisterClipboardFormatA
GetParent
TrackPopupMenu
SetCapture
GetAsyncKeyState
ReleaseCapture
GetMessageTime
GetMessagePos
IntersectRect
OffsetRect
InvertRect
CopyRect
ActivateKeyboardLayout
IsWindowUnicode
EnableWindow
GetDC
ReleaseDC
CreateWindowExW
CreateWindowExA
SetParent
ClientToScreen
MoveWindow
BeginPaint
FillRect
EndPaint
InflateRect
ShowWindow
InvalidateRect
SetWindowPos
UpdateWindow
GetClientRect
DrawFocusRect
GetCursorPos
ScreenToClient
GetWindowRect
PtInRect
GetKeyState
GetSysColor
DrawFrameControl
GetSystemMetrics
SetCursor
GetCursor
DestroyWindow
KillTimer

gdi32

SetBkMode
RestoreDC
SaveDC
RealizePalette
SelectPalette
SelectObject
GetCurrentObject
Rectangle
GetStockObject
SetROP2
CreateDIBSection
DeleteDC
StretchBlt
CreateCompatibleDC
DeleteObject
SetTextAlign
GetDeviceCaps
ExtTextOutW
GetPixel
SetWindowExtEx
SetWindowOrgEx
BitBlt
LineTo
MoveToEx
CreatePen
DeleteMetaFile
GetTextCharsetInfo
GetOutlineTextMetricsA
TranslateCharsetInfo
GetBkMode
DPtoLP
PatBlt
SetMapMode
CreateCompatibleBitmap
ExtTextOutA
CreateSolidBrush
SetMetaFileBitsEx
CreateBitmap
GetMetaFileBitsEx
SetViewportOrgEx
EnumMetaFile
CloseMetaFile
CreateMetaFileA
CreatePatternBrush
Escape
GetObjectType
CreatePalette
GetMapMode
LPtoDP
EnumFontFamiliesExW
GetCharWidthW
GetCharWidthA
CreateFontIndirectA
CreateFontIndirectW
GetObjectW
GetTextMetricsA
GetTextMetricsW
CreateICA
CreateICW
GetTextFaceA
GetTextFaceW
SetBkColor
SetTextColor
GetObjectA
IntersectClipRect

Exports

Exports

CreateTextServices
IID_IRichEditOle
IID_IRichEditOleCallback
IID_ITextHost
IID_ITextHost2
IID_ITextServices
REExtendedRegisterClass
RichEdit10ANSIWndProc
RichEditANSIWndProc

Sections

.text
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anjianv9.0/Fairy_Ape/hotkey.bin
anjianv9.0/Fairy_Ape/import/std.LAS
.js
anjianv9.0/Fairy_Ape/task.bin
anjianv9.0/LAScriptX.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anjianv9.0/Visual LAScript.rar
.rar
Visual LAScript/code.htm
.html .js polyglot
Visual LAScript/images/bar/build.gif
.gif
Visual LAScript/images/bar/code.gif
.gif
Visual LAScript/images/bar/las.gif
.gif
Visual LAScript/images/bar/new.gif
.gif
Visual LAScript/images/bar/open.gif
.gif
Visual LAScript/images/bar/play.gif
.gif
Visual LAScript/images/bar/save.gif
.gif
Visual LAScript/images/bar/splash.jpg
.jpg
Visual LAScript/images/bar/split.gif
.gif
Visual LAScript/images/bar/split2.gif
.gif
Visual LAScript/images/lbar/bt.gif
.gif
Visual LAScript/images/lbar/ck.gif
.gif
Visual LAScript/images/lbar/combo.gif
.gif
Visual LAScript/images/lbar/frm.gif
.gif
Visual LAScript/images/lbar/img.gif
.gif
Visual LAScript/images/lbar/lb.gif
.gif
Visual LAScript/images/lbar/list.gif
.gif
Visual LAScript/images/lbar/numud.gif
.gif
Visual LAScript/images/lbar/rd.gif
.gif
Visual LAScript/images/lbar/sel.gif
.gif
Visual LAScript/images/lbar/tx.gif
.gif
Visual LAScript/images/main/btClose.gif
.gif
Visual LAScript/images/main/drop.gif
.gif
Visual LAScript/images/main/drop_hit.gif
.gif
Visual LAScript/images/main/hdl.gif
.gif
Visual LAScript/images/main/hdl_dis.gif
.gif
Visual LAScript/images/main/head_bg.gif
.gif
Visual LAScript/images/main/ico_form.gif
.gif
Visual LAScript/images/main/more.gif
.gif
Visual LAScript/images/main/more_hit.gif
.gif
Visual LAScript/mu.js
.js
Visual LAScript/sel.htm
.html .js polyglot
Visual LAScript/ss.js
.js
Visual LAScript/vl.fap
.js .xml polyglot
Visual LAScript/webform.htm
.html .js polyglot
anjianv9.0/comx.dll
.dll windows:4 windows x86 arch:x86

5a762cec206374f4f0fdaa86673629e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\模拟精灵\新的模拟精灵\模拟精灵插件开发\comx\comx\Release\comx.pdb

Imports

kernel32

SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetFilePointer
WaitForSingleObject
GetExitCodeProcess
CreatePipe
GetStringTypeW
GetProcAddress
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
GetFileAttributesA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
CompareStringW
CompareStringA
LoadLibraryA
FreeLibrary
LocalFree
GetLastError
MultiByteToWideChar
FormatMessageA
WideCharToMultiByte
lstrcpyW
DebugBreak
FatalAppExitA
lstrlenW
IsBadWritePtr
GetCurrentDirectoryA
GetStringTypeA
GetModuleFileNameA
InitializeCriticalSection
ReadFile
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
Sleep
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStdHandle
WriteFile
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
GetCPInfo
RaiseException
IsDebuggerPresent
TerminateProcess
SetEnvironmentVariableA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
DuplicateHandle
CreateProcessA
CloseHandle
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
GetModuleHandleA
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
DeleteFileA
MoveFileA
GetTimeFormatA
GetDateFormatA
InterlockedIncrement
InterlockedDecrement

user32

GetClientRect
TranslateMessage
WinHelpA
GetMessageA
RegisterClassA
CallWindowProcA
MapWindowPoints
IsWindowVisible
EqualRect
GetActiveWindow
ShowWindow
SetWindowPos
DefWindowProcA
CreateWindowExA
GetWindowLongA
MessageBoxA
IntersectRect
SetWindowRgn
GetWindowRect
wsprintfA
OffsetRect
SetFocus
DispatchMessageA

gdi32

SetViewportOrgEx
SetWindowExtEx
DeleteObject
CreateRectRgnIndirect
SetMapMode
SetViewportExtEx
SetWindowOrgEx

advapi32

RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

ole32

StringFromCLSID
OleInitialize
OleUninitialize
CoTaskMemFree
CoCreateInstance
CreateBindCtx
MkParseDisplayName
CLSIDFromProgID
CLSIDFromString
CoRevokeClassObject
CoRegisterClassObject
StringFromIID
CoLockObjectExternal
CoTaskMemAlloc
CreateOleAdviseHolder
OleRegGetUserType
ProgIDFromCLSID

oleaut32

SafeArrayUnaccessData
GetActiveObject
SysAllocString
DispGetIDsOfNames
SafeArrayPutElement
SafeArrayGetElement
VariantChangeType
SafeArrayGetDim
SystemTimeToVariantTime
SafeArrayCreate
SafeArrayDestroy
VariantCopy
SafeArrayAccessData
VariantTimeToSystemTime
SafeArrayCreateVector
VariantCopyInd
LHashValOfNameSys
VariantInit
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString
UnRegisterTypeLi
LoadTypeLibEx

shlwapi

SHDeleteKeyA

Exports

Exports

DllGetClassObject
comx_IDispatch2comx
comx_detectAutomation
lasimport_comx

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anjianv9.0/encode.txt
anjianv9.0/fap.chm
.chm
anjianv9.0/fapi.chm
.chm
anjianv9.0/libs.dll
.dll windows:4 windows x86 arch:x86

4e8653f69e7a6522710ccd382de38426

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\模拟精灵\新的模拟精灵\模拟精灵插件开发\libs\Release\libs.pdb

Imports

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
InternetSetOptionA

shlwapi

SHDeleteKeyA
PathFindExtensionA
PathFindFileNameA

kernel32

GetCPInfo
GetOEMCP
VirtualAlloc
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
ExitThread
CreateThread
GetCommandLineA
ExitProcess
RtlUnwind
RaiseException
HeapSize
HeapCreate
VirtualFree
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
ReadFile
InterlockedIncrement
WritePrivateProfileStringA
GetThreadLocale
GlobalFlags
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
GlobalAddAtomA
GetCurrentProcessId
SetLastError
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
ResetEvent
CreateEventA
Sleep
SetEvent
WaitForSingleObject
CloseHandle
GetVersionExA
FindNextFileA
FindClose
SetFileAttributesA
FindFirstFileA
WriteFile
GetCurrentProcess
HeapAlloc
SetFilePointer
GetFileSize
CreateFileA
DeleteFileA
GetVersion
CompareStringA
LockResource
RemoveDirectoryA
GetLastError
InterlockedExchange
MultiByteToWideChar
CompareStringW
GetFileAttributesA
SizeofResource
WideCharToMultiByte
GetWindowsDirectoryA
GetProcessHeap
HeapFree
LoadResource
lstrlenA
FindResourceA
HeapDestroy

user32

DestroyMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetDC
ReleaseDC
GetSysColorBrush
ClientToScreen
ShowWindow
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetWindowTextA
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
PostMessageA
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMessageA
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
DispatchMessageA

gdi32

ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
GetClipBox
SetTextColor
SetBkColor
DeleteObject
SaveDC
RestoreDC
TextOutA
RectVisible
PtVisible
SetMapMode
CreateBitmap
GetDeviceCaps

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegEnumKeyA
GetLengthSid
AddAce
RegSetKeySecurity
FreeSid
AllocateAndInitializeSid
InitializeAcl
RegQueryInfoKeyA
RegGetKeySecurity
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CopySid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
GetUserNameA

shell32

SHEmptyRecycleBinA
SHGetSpecialFolderPathA

ole32

CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

WSAEnumNetworkEvents
WSAEventSelect
inet_addr
WSACleanup
WSACreateEvent
gethostbyaddr
WSAWaitForMultipleEvents
gethostname
connect
WSAStartup
WSACloseEvent
shutdown
htons
recv
send
gethostbyname
closesocket
socket

Exports

Exports

lasimport_bigint
lasimport_clean
lasimport_email
lasimport_md5
lasimport_pop3

Sections

.text
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anjianv9.0/net.dll
.dll windows:4 windows x86 arch:x86

61e09027d5c345c5b0cd7de24f866ec3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

CorBindToRuntimeEx

oleaut32

VariantClear
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
VariantInit
SysAllocString
SysFreeString
SafeArrayUnaccessData

kernel32

TlsSetValue
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
GetLocaleInfoW
SetStdHandle
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CompareStringW
InterlockedDecrement
FreeResource
CloseHandle
WriteFile
SizeofResource
CreateFileA
LockResource
LoadResource
FindResourceA
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
FormatMessageA
GetLastError
GetProcAddress
FreeLibrary
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
CreateProcessA
DuplicateHandle
GetCurrentProcess
DeleteFileA
MoveFileA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TlsGetValue
TlsAlloc
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ReadFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSection
CreatePipe
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA

Exports

Exports

lasimport_net
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checkmetatable
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_findfile
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstdcallcfunction
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_safetostring
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luanet_checkudata
luanet_gettag
luanet_newudata
luanet_rawnetobj
luanet_tonetobject
luaopen_base
luaopen_debug
luaopen_io
luaopen_luanet
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anjianv9.0/脚本库/fs.las
.js
anjianv9.0/脚本库/inet.las

Sharing

General

Malware Config

Signatures

Files

12dcd6b1b2493cd24e743b199d755ed7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

wininet

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 48KB - Virtual size: 121KB

.rsrc Size: 803KB - Virtual size: 802KB

b273fadc4482676e5c978e88480e0b9e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

Exports

Exports

Sections

.text Size: 363KB - Virtual size: 363KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 30KB - Virtual size: 29KB

.reloc Size: 10KB - Virtual size: 10KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 48KB - Virtual size: 46KB

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 4KB - Virtual size: 12B

5a762cec206374f4f0fdaa86673629e7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 328KB - Virtual size: 325KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

4e8653f69e7a6522710ccd382de38426

Headers

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 48KB - Virtual size: 121KB

.rsrc
Size: 803KB - Virtual size: 802KB

.text
Size: 363KB - Virtual size: 363KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 30KB - Virtual size: 29KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 48KB - Virtual size: 46KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 328KB - Virtual size: 325KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 320KB - Virtual size: 318KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 28KB - Virtual size: 26KB

.text
Size: 268KB - Virtual size: 265KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 64KB - Virtual size: 60KB

.reloc
Size: 16KB - Virtual size: 12KB