9a1f624373bbf855057b764ef614d1bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9a1f624373bbf855057b764ef614d1bc_JaffaCakes118
Size

8.3MB
MD5

9a1f624373bbf855057b764ef614d1bc
SHA1

0f75f95539f389f7bab19a08c596c74284e3bd5a
SHA256

ba65bc6c120ab808966a2f7306bf6043df32018d4e20225d4332a14a073dfe7b
SHA512

777a08dd3041e1e8222963eb2c5b1bb16652ee5002060f3bdd7d4a1b24a2c53d9f378abd23bf9fb4ea27a1503ecf677219444b319edbce7201b70ddfe8c3c530
SSDEEP

196608:ktkD+u0aTxGh4NvLQ569xbqoMgJGgF6RLDt/YX5R1ZUXgXrG:ktm+u0kIh41LQixbqoMgJNcRLRwX5R1U

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/软件/dd32.dll	acprotect
static1/unpack001/软件/ddxy.dll	acprotect
static1/unpack001/软件/ddxyz.dll	acprotect

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/软件/64位系统需安装_成功即可关闭.exe	upx
static1/unpack001/软件/dd32.dll	upx
static1/unpack001/软件/ddxy.dll	upx
static1/unpack001/软件/ddxyz.dll	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/软件/LOL海豚脚本.exe
unpack001/软件/Updata.exe
unpack001/软件/ddxy.dll
unpack004/out.upx
unpack001/软件/ddxyz.dll
unpack005/out.upx

Files

9a1f624373bbf855057b764ef614d1bc_JaffaCakes118
.rar
情圣娱乐网.url
.url
情圣官方卡盟.url
.url
软件/64位系统需安装_成功即可关闭.exe
.exe windows:5 windows x64 arch:x64

Code Sign

50:46:81:f5:cc:b0:f1:42:3a:6e:68:1a:f7:bd:af:62
Certificate

Issuer

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

01/06/2015, 06:11

Not After

01/06/2016, 06:47

Subject

CN=Wang Zhen,L=Chongqing,ST=Chongqing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:5b:b9:77:4e:22:3d:f3:33:6f:d5:77:7f:c0:5d:fb:7d:8b:ae:b2
Signer

Actual PE Digest

a2:5b:b9:77:4e:22:3d:f3:33:6f:d5:77:7f:c0:5d:fb:7d:8b:ae:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
软件/LOL海豚脚本.exe
.exe windows:4 windows x86 arch:x86

f0c7b7c64cce62b87c74259ba23f782d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
DeviceIoControl
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
FreeEnvironmentStringsW
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
FindFirstFileA
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
GetFileAttributesA
SetCurrentDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
GetEnvironmentVariableA
HeapDestroy
HeapCreate
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
FindClose
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetEnvironmentStrings
GetVersionExA
GetEnvironmentStringsW
GlobalUnlock
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
VirtualFree
VirtualAlloc
CloseHandle
DosDateTimeToFileTime
SetFileTime
InterlockedIncrement
InterlockedDecrement
LocalFree
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
RaiseException
HeapSize
GetACP
SetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetLocalTime
SystemTimeToFileTime
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynA
lstrcmpiA
lstrcmpA
IsDBCSLeadByte
GetVersion
GetTimeZoneInformation
SetLastError
TerminateProcess
GetFileSize
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
TerminateThread
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
DeviceIoControl
SetEvent
FindResourceA
LoadResource
LockResource
lstrlenW
RemoveDirectoryA
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
MoveFileA
DeleteFileA
CopyFileA
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
HeapDestroy
HeapCreate
VirtualFree
InterlockedExchange
GetFileType
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsWindowEnabled
TranslateAcceleratorA
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
GetKeyState
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
SystemParametersInfoA
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
OpenClipboard
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
wsprintfA
GetSystemMetrics
TabbedTextOutA
DrawTextA
ShowWindow
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetDC
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
GetForegroundWindow
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
UnregisterClassA
LoadStringA
GetSysColorBrush
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
SetRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
CreateAcceleratorTableA
GetCursorPos
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
LoadIconA
MessageBoxA
GrayStringA
TranslateMessage
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WaitForInputIdle
wsprintfA
CloseClipboard
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetNextDlgTabItem
FrameRect
DrawStateA
GetCursor
DrawTextA
SetPropA
CallWindowProcA
MoveWindow
GetPropA
InvalidateRect
CallNextHookEx
UnhookWindowsHookEx
GetWindowDC
EnumChildWindows
WindowFromDC
TabbedTextOutA
GrayStringA
GetTabbedTextExtentA
GetMenuState
GetMenuStringA
GetMenuItemID
GetMenuItemCount
SetWindowTextA
GetWindowTextA
GetForegroundWindow
GetClipboardData
GetDesktopWindow
GetClassNameA
GetDlgItem
FindWindowExA
CharUpperA
CreateWindowExA
RegisterHotKey
UnregisterHotKey
GetWindowTextLengthA
BeginPaint
EndPaint
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetClassLongA
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadStringA
GetSysColorBrush
UnregisterClassA
ValidateRect
UpdateWindow
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
TrackPopupMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
GetParent
GetFocus
GetClientRect
SetActiveWindow
GetSysColor
SetWindowLongA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
SetWindowsHookExA
DestroyIcon

gdi32

ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
SetViewportExtEx
GetTextMetricsA
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
GetDeviceCaps
GetTextExtentPoint32A
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
CreateCompatibleDC
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
OffsetViewportOrgEx
GetStockObject
CreateFontIndirectA
CreateSolidBrush
CombineRgn
CreateRectRgn
FillRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
SaveDC
SetViewportOrgEx
GetObjectA
SetMapMode
Escape
CreateBrushIndirect
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
GetTextExtentPoint32A
GetDeviceCaps
CreateBitmap
CreatePatternBrush
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
RoundRect
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
EndPath
GetCurrentObject
CreateSolidBrush
StretchBlt
CreatePalette
GetTextMetricsA
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
TranslateCharsetInfo
Escape
ExtTextOutA
RectVisible
PtVisible
CreatePenIndirect
RestoreDC
SaveDC
SetWindowOrgEx
CreateFontA
SetDIBitsToDevice
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetPixel
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries

winmm

midiStreamClose
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutUnprepareHeader
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiStreamRestart
waveOutReset
midiOutReset
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
PlaySoundA
waveOutPause

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA
OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA

shell32

ShellExecuteA
Shell_NotifyIconA
DragQueryFileA
DragAcceptFiles
SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA
DragFinish

ole32

OleInitialize
OleRun
CoCreateInstance
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CLSIDFromProgID
ReleaseStgMedium
RevokeDragDrop
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun

oleaut32

SafeArrayAccessData
SysAllocString
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetUBound
VariantChangeType
VariantClear
SafeArrayGetLBound
UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear

comctl32

ImageList_Destroy
ord17
ImageList_DrawIndirect
ImageList_Read
ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
ImageList_AddMasked
ImageList_Draw
_TrackMouseEvent
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_Duplicate

ws2_32

WSAAsyncSelect
recvfrom
closesocket
WSACleanup
inet_ntoa
accept
getpeername
recv
ioctlsocket
recvfrom
sendto
setsockopt
socket
htonl
closesocket
WSASetLastError
accept
getpeername
bind
htons
recv
connect
ioctlsocket
gethostname
inet_addr
inet_ntoa
gethostbyname
send
select
WSACleanup
WSAStartup
WSAAsyncSelect

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
ChooseFontA
GetFileTitleA

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame
AVIStreamInfoA

rasapi32

RasGetConnectStatusA
RasHangUpA

msimg32

GradientFill

wldap32

ord29

wininet

InternetCloseHandle

Exports

Exports

�H(�SIwȯz��_E� �Jb��A��0��w�]��0��7� �aFt�w,'Mi�A��Er$�i�x��'��&��)�0V�Wڸ��؟a�ǏZp ��O�F��P�S�~/��Wϧ� ��o9��%W�nT��4�8�j+�#ݙ��F�1�A�(滥�A�<�X2�fn�>�qϖ�d��mAԌ:R]�ɛ�}��f��+�R:��܍j\@�ڳ��+w�B}�@Yj��Fj?��r�4aI�J��ٳ��x9�.]�-?mJ04� ��72`t�el%c�"b94�-��KM�-��I�C1��ir?v�@PNǮ)ɫ�|#䢅�K��Fn99Lk4w�G�v��^ 0>}*@�I��y;g!�#vT��D݆>zI5�9焤\W �ʍ��5T��$v4B�8AA~�Z��V�w?hk`�[V{~��+��kg��J� *�4�� Gm��@��6�t(Z��@$��u��9,/i��M�>�C�6<�je��1�+Ig�NR}ƹ�OՈ��T<�� +��l��j�;�u�Ojx��0�T@],K� �Z�,�b�-��J��`R��Pmu��߲QǴH�n�e2V��h��s􅾲��z}��C�.�;�U�� U^��s�<��ly��蛚�~*/��yUጞڦA;+�R�T%-��O�[So�3I��j_�6�x��)�Y�_��na�n� ��6��K�`Γ��-&{��+�߻3��8��U��z?Je��2/^heNKRF�L�k ��{��q��=E��Ny�P��Ԉ��K��%�X�� A\I��F��oԾo�u�� c��,s�QM��[��!Ed��O�~�N�"�n�E��ꀔ�~e5��O`�D��1��آ�� ^k �r�1�8�.��瑨�g�́H�fm�~^�Y��(*�/�]��gÏ�"�YG�y ��o�1�p�"��n�q3��ZlN��Ԉ�� t�จ�� "�X�8�em��<�k3�<�?�An�y�� d�4�vPD~Hn��C A�\? &&�T%"ew��+�d)\|��y�_h�N��o��y)J��P�]��g�5W�H>�M ��f,a@�R��r�8"��ɾ��=ʕ�hXZ�;�J4m��**��i��V�Å�5a8�1��2�%��b7�i�&�u�0��$J)��wX��m��S�Peq�r\I�4�h��~o��u��`��a��Q�|�Ʒ�I"exMO�T��"Ĳ<j�)�ɶ�&��C5��H_8&�T�_�%��V�)H+^�At��%?�mxy�+ x ��_<��HA��0u�/�B|V{<��I ��@�D��1��R�/��Y��@��ɚ�v��vV(�x�-�l��ɱK;��Qt0JS��f�EG$V�V7�RN=>�D�� #Mh�h/TY;.�e�:P��$u��8p(Ot�3�M��K6��G��jp��x�^��@��l��,~q�n��T�)�.��xj5�e�i!G"��j��A#@e�:�ٰǩ�R�P��rsjW�ԁ!_�k��ނY2G�/� ��t,+{�yQVҵ��w�fó��b��),0ك��Г'�&O,��u��9͔%�ܱ<2�v�?W?�C^��K��t��u��Ț ��^ =��৿��-��7��Ō%x �� j:�Xm,�<�7�Z��t%/��4��Z/�'YoL��l�<��,>�r�v.�hL!��[�G8Й�7�ԣO�FH�T��T��5� i&�W &��D�!Z��?qm��Y�f�r��9��t�e��`Ó�߅v &��-�p� r��N�:�h�U�+��u�y�q� ��g��$\��M�1�L��2WF��˧�]�� S��ʽd[�!��2�ލ��63��T�۬��ԳT?�B{M? ��~��H�*�R��M�&o��g��[�G��$K��[�/��V"��?�Ha�0�%�qf�5'H��o�\:>��M��f�U�"��r�&[��A|�񅇌�5uQn�~U@i(G��F�vG��wyq%ڀ��>;��"�M1$��k�E�뗺��+��M�C�☌�7��C;b��o[ݥQ��Dş��Pе�S�M=sj��)�/i��K� �4|bb��L��"��6թ�)?fu��0M7�h��Gl�jhf�� l��0k��Z��bZl��{�i�F�C6��<��l��iɸ?O�6�� O��$�y$�@�s��P�B�J4b��?]�!�'��U�-7��(��A5FL�,(ء:��K��(S�UU$��/�)!�g.�Х�z��Ac��=�F<0�i��;�g��|y'�ܑ�"J�$EWy G��U�0q^�<�5H��n$��~Yˎ�iJ@��`��u�XH'Q?�0a+�/h��R��̢[m+��-T�L��lPcS��WTI��3��A� ��^�{؁ÎuOs��u�?I�"5:oV��gI��$��OE6dL >�Ӕ�Z�ż��v��Q��#�%��O�O`eeu�:�Q�j�1]n2h�_S��,XqƦjGb��m\��8��r��Ŝ$M��*�w�kfb��[4|;� �˰�ܘ��Jz�a�]Ll /�pW�`mԂ��Հ�ڑ��@ߕ��\|-Q� X��˿J��!��$^.��x�%�ޒmf�l-��R��K��D�U ��:8��4w��V7��m�� b��Z�6��er >c��_tJf=�j��$9^w��3M��J�$U�\`�~0�b)@=�n��P

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 520KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 601KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
软件/Updata.exe
.exe windows:4 windows x86 arch:x86

e40de746ba199ad8e6c5c62f60061ffe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
SetFileTime
DosDateTimeToFileTime
GetLocalTime
SystemTimeToFileTime
GetCurrentProcess
DuplicateHandle
GetFileType
GetFileSize
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynA
GlobalAlloc
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
GetSystemTime
GetTimeZoneInformation
TerminateProcess
ExitThread
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
lstrcmpiA
lstrcmpA
IsDBCSLeadByte
FormatMessageA
UnmapViewOfFile
TerminateThread
LocalFree
CreateFileMappingA
MapViewOfFile
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
DeleteFileA
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
CloseHandle
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject

user32

OpenClipboard
CloseClipboard
wsprintfA
WaitForInputIdle
GetClipboardData
SetClipboardData
CreateDialogIndirectParamA
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
CharUpperA
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
GetWindowTextA
GetWindowTextLengthA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
UnregisterClassA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow

gdi32

OffsetViewportOrgEx
SetBkColor
CreateRectRgnIndirect
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize

oleaut32

UnRegisterTypeLi
VariantCopy
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi

comctl32

ord17
ImageList_Destroy

ws2_32

connect
ioctlsocket
recv
getsockname
listen
getpeername
accept
WSAGetLastError
ntohs
recvfrom
socket
bind
htons
WSAAsyncSelect
__WSAFDIsSet
gethostname
inet_addr
inet_ntoa
gethostbyname
WSAStartup
WSACleanup
select
send
closesocket

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
GetFileTitleA

Sections

.text
Size: 648KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
软件/data/QQ账号.bmp
软件/data/tgplol.bmp
软件/data/yzm.bmp
软件/data/中途退出.bmp
软件/data/主界面.bmp
软件/data/主页.bmp
软件/data/估计.bmp
软件/data/位置右上.bmp
软件/data/位置右下.bmp
软件/data/位置左上.bmp
软件/data/位置左下.bmp
软件/data/全新天赋.bmp
软件/data/关闭QT.bmp
软件/data/关闭加成.bmp
软件/data/创建名字.bmp
软件/data/判断大乱斗位置.bmp
软件/data/判断属性页.bmp
软件/data/判断打开购买菜单.bmp
软件/data/别处登录.bmp
软件/data/升级提示.bmp
软件/data/单人.bmp
软件/data/友方召唤师血条.bmp
软件/data/召唤师jn屏障.bmp
软件/data/召唤师jn技能.bmp
软件/data/召唤师jn治疗.bmp
软件/data/召唤师jn疾跑.bmp
软件/data/召唤师信息.bmp
软件/data/召唤师头像.bmp
软件/data/召唤师峡谷pd.bmp
软件/data/召唤师技能关闭.bmp
软件/data/召唤师技能可用.bmp
软件/data/召唤师血条.bmp
软件/data/可购买.bmp
软件/data/命名.bmp
软件/data/商店界面打开.bmp
软件/data/回到大厅.bmp
软件/data/回城.bmp
软件/data/大乱斗pd.bmp
软件/data/天赋.bmp
软件/data/天赋更新提示.bmp
软件/data/失败.bmp
软件/data/客户端.bmp
软件/data/密码点.bmp
软件/data/密码错误.bmp
软件/data/小件可买.bmp
软件/data/小红.bmp
软件/data/小红2.bmp
软件/data/小红i.bmp
软件/data/属性页开关.bmp
软件/data/峡谷紫方灰色.bmp
软件/data/峡谷蓝方灰色.bmp
软件/data/峡谷防御塔小图标.bmp
软件/data/已组队.bmp
软件/data/已进入游戏.bmp
软件/data/开始游戏.bmp
软件/data/快速登录.bmp
软件/data/您的队伍.bmp
软件/data/惩罚提醒.bmp
软件/data/我方NPC血条.bmp
软件/data/我方小兵血条.bmp
软件/data/我方防御塔血条.bmp
软件/data/扭曲丛林pd.bmp
软件/data/扭曲我方塔.bmp
软件/data/扭曲敌方塔.bmp
软件/data/技能.bmp
软件/data/技能升级.bmp
软件/data/技能可用.bmp
软件/data/技能点.bmp
软件/data/拒绝加入.bmp
软件/data/提示信息.bmp
软件/data/敌方NPC血条.bmp
软件/data/敌方召唤师血条.bmp
软件/data/敌方小兵血条.bmp
软件/data/敌方血条.bmp
软件/data/无法登录.bmp
软件/data/是否有蓝条.bmp
软件/data/昵称创建成功.bmp
软件/data/昵称被使用.bmp
软件/data/暂离警告.bmp
软件/data/最小化信息.bmp
软件/data/服务器列表.bmp
软件/data/服务器列表2.bmp
软件/data/服务器接收数据.bmp
软件/data/服务器正常.bmp
软件/data/正在喊话.bmp
软件/data/正在更新.bmp
软件/data/正在游戏中.bmp
软件/data/正在连接.bmp
软件/data/死亡.bmp
软件/data/水晶瓶.bmp
软件/data/消极游戏.bmp
软件/data/游戏红框.bmp
软件/data/游戏邀请.bmp
软件/data/现在开始.bmp
软件/data/生命药水.bmp
软件/data/生命饼干.bmp
软件/data/电信区.bmp
软件/data/界面截图1.bmp
软件/data/界面截图2.bmp
软件/data/登录提示1.bmp
软件/data/登录提示2.bmp
软件/data/登录确定.bmp
软件/data/登录队列.bmp
软件/data/皮肤.bmp
软件/data/确定.bmp
软件/data/等待游戏结果.bmp
软件/data/紫方判断.bmp
软件/data/统治战场pd.bmp
软件/data/继续游戏.bmp
软件/data/继续等待.bmp
软件/data/绿色更新提示.bmp
软件/data/网络不稳.bmp
软件/data/胜利.bmp
软件/data/英雄确定.bmp
软件/data/蓝方判断.bmp
软件/data/裁决警告.bmp
软件/data/装备不可买.bmp
软件/data/装备可买.bmp
软件/data/解锁视角.bmp
软件/data/记录.bmp
软件/data/购买.bmp
软件/data/购买多兰剑.bmp
软件/data/购买多兰戒.bmp
软件/data/购买盾牌.bmp
软件/data/起始装备.bmp
软件/data/进入队列失败.bmp
软件/data/进入队列失败i.bmp
软件/data/连接错误.bmp
软件/data/选项页面.bmp
软件/data/重新连接.bmp
软件/data/重新连接i.bmp
软件/data/锁定视角_否.bmp
软件/data/锁定视角_是.bmp
软件/data/错误反馈.bmp
软件/data/队友血条.bmp
软件/data/防御塔血条.bmp
软件/data/防御塔血条1.bmp
软件/data/随机召唤师.bmp
软件/data/随机英雄.bmp
软件/data/领取任务奖励.bmp
软件/data/验证字符.bmp
软件/dd32.dll
.dll windows:5 windows x86 arch:x86

Code Sign

50:46:81:f5:cc:b0:f1:42:3a:6e:68:1a:f7:bd:af:62
Certificate

Issuer

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

01/06/2015, 06:11

Not After

01/06/2016, 06:47

Subject

CN=Wang Zhen,L=Chongqing,ST=Chongqing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:45:1c:9a:ba:9d:e6:f4:5f:64:62:5e:48:8c:b9:f8:36:9f:16:4e
Signer

Actual PE Digest

5c:45:1c:9a:ba:9d:e6:f4:5f:64:62:5e:48:8c:b9:f8:36:9f:16:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DD_btn
DD_chk
DD_key
DD_mov
DD_movR
DD_str
DD_todc
DD_whl

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 838KB - Virtual size: 840KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
软件/ddxy.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
CBFunA
CBFunB
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 684KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 753KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 740KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tp0
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tp1
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
软件/ddxyz.dll
.dll .ps1 regsvr32 windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 884KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

xwj-NK`^
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

e!b0)$^3
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

@'I.%ET1
Size: 28KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3bC4%M>S
Size: 548KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DH4CTwFy
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

,/EYTU*K
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
软件/dm_Gold.txt
软件/xlolini.ini
软件/使用TGP登录必看/1.png
.png
软件/使用TGP登录必看/2.png
.png
软件/使用TGP登录必看/3.png
.png

Sharing

General

Malware Config

Signatures

Files

Code Sign

50:46:81:f5:cc:b0:f1:42:3a:6e:68:1a:f7:bd:af:62Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8Certificate

Extended Key Usages

Key Usages

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39Certificate

Extended Key Usages

Key Usages

a2:5b:b9:77:4e:22:3d:f3:33:6f:d5:77:7f:c0:5d:fb:7d:8b:ae:b2Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.1MB

UPX1 Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 73KB - Virtual size: 76KB

f0c7b7c64cce62b87c74259ba23f782d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

msvfw32

avifil32

rasapi32

msimg32

wldap32

wininet

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 520KB - Virtual size: 518KB

.data Size: 232KB - Virtual size: 601KB

.rsrc Size: 132KB - Virtual size: 129KB

.vmp0 Size: 20KB - Virtual size: 16KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 68KB - Virtual size: 64KB

e40de746ba199ad8e6c5c62f60061ffe

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: 648KB - Virtual size: 645KB

.rdata Size: 100KB - Virtual size: 96KB

.data Size: 80KB - Virtual size: 213KB

.rsrc Size: 44KB - Virtual size: 41KB

Code Sign

50:46:81:f5:cc:b0:f1:42:3a:6e:68:1a:f7:bd:af:62
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

a2:5b:b9:77:4e:22:3d:f3:33:6f:d5:77:7f:c0:5d:fb:7d:8b:ae:b2
Signer

UPX0
Size: - Virtual size: 3.1MB

UPX1
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 73KB - Virtual size: 76KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 520KB - Virtual size: 518KB

.data
Size: 232KB - Virtual size: 601KB

.rsrc
Size: 132KB - Virtual size: 129KB

.vmp0
Size: 20KB - Virtual size: 16KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 68KB - Virtual size: 64KB

.text
Size: 648KB - Virtual size: 645KB

.rdata
Size: 100KB - Virtual size: 96KB

.data
Size: 80KB - Virtual size: 213KB

.rsrc
Size: 44KB - Virtual size: 41KB

50:46:81:f5:cc:b0:f1:42:3a:6e:68:1a:f7:bd:af:62
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

5c:45:1c:9a:ba:9d:e6:f4:5f:64:62:5e:48:8c:b9:f8:36:9f:16:4e
Signer

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 838KB - Virtual size: 840KB

.rsrc
Size: 5KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 684KB

UPX1
Size: 753KB - Virtual size: 756KB

.rsrc
Size: 50KB - Virtual size: 52KB

.text
Size: 740KB - Virtual size: 739KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 36KB - Virtual size: 108KB

.rsrc
Size: 232KB - Virtual size: 229KB

.tp0
Size: 48KB - Virtual size: 44KB

.tp1
Size: 160KB - Virtual size: 157KB

.reloc
Size: 36KB - Virtual size: 33KB

UPX0
Size: - Virtual size: 884KB

UPX1
Size: 912KB - Virtual size: 912KB

.rsrc
Size: 43KB - Virtual size: 44KB

xwj-NK`^
Size: 924KB - Virtual size: 923KB

e!b0)$^3
Size: 84KB - Virtual size: 83KB

@'I.%ET1
Size: 28KB - Virtual size: 112KB

3bC4%M>S
Size: 548KB - Virtual size: 544KB

DH4CTwFy
Size: 44KB - Virtual size: 40KB

,/EYTU*K
Size: 44KB - Virtual size: 42KB