23b8bb11165a2b8d963f8cc1fc2c66a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23b8bb11165a2b8d963f8cc1fc2c66a1_JaffaCakes118
Size

813KB
MD5

23b8bb11165a2b8d963f8cc1fc2c66a1
SHA1

8cbba360c5670d534d31363388af0cfa36169543
SHA256

b8bf7f44d34552454fe0378e4b81ff7d5486e503424f253a857eb44ea2351f04
SHA512

49fe38662ce9e5cfa119ceb14010c42f709355afdc2f152fdda2c14fb5c7ded2079a95c9d1e7e192fd59ae00554440825306127cf5785e460260375d9eebc94f
SSDEEP

12288:ZhpBc9Ru/ZBpOYR3AhIuPQcDjUv4AtfcekVZOBU5jqaAyWmOfRVxzRttjztE5V6T:bEs/ZUhlP5CPSzp5jqaxuZnEV6kq

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/私募操盘王牛就是牛/simuwang.exe	vmprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/私募操盘王牛就是牛/SkinPPWTL.dll
unpack001/私募操盘王牛就是牛/Update.exe
unpack001/私募操盘王牛就是牛/simuwang.exe

Files

23b8bb11165a2b8d963f8cc1fc2c66a1_JaffaCakes118
.rar
私募操盘王牛就是牛/SkinPPWTL.dll
.dll windows:4 windows x86 arch:x86

8415b02065effcf3e8ba3b1c65054435

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToDosDateTime
DeleteFileA
SetFileTime
CreateDirectoryA
SystemTimeToFileTime
ResumeThread
GetModuleHandleA
GetCurrentDirectoryA
DosDateTimeToFileTime
VirtualProtectEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
CloseHandle
OutputDebugStringA
DebugBreak
InterlockedDecrement
InterlockedIncrement
lstrlenA
GetTempPathA
GetFileType
GetWindowsDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessHeap
HeapAlloc
HeapFree
GlobalFree
lstrcmpA
Sleep
lstrlenW
GetVersion
GetVersionExA
FindResourceExW
FindResourceExA
GetCurrentThreadId
WideCharToMultiByte
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindNextFileA
GetLastError
GetModuleFileNameA
GetShortPathNameA
lstrcmpiA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
lstrcpyA
FindFirstFileA
FindClose
lstrcpynA
GetFileTime
GetFileSize
GetFileAttributesA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
MulDiv
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
VirtualProtect
VirtualQuery
GetCurrentProcess
LoadLibraryA
FreeLibrary
SetLastError
CreateProcessW
SuspendThread
GetThreadContext
FlushInstructionCache
SetThreadContext
CreateProcessA
GetProcAddress
VirtualAllocEx
GetFileInformationByHandle
GetLocalTime

user32

GetCursorPos
KillTimer
RemoveMenu
UpdateWindow
InsertMenuA
GetDlgItem
GetWindowTextA
CheckMenuItem
GetForegroundWindow
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
IntersectRect
IsRectEmpty
EqualRect
GetClientRect
GetSysColor
FindWindowExA
SetPropA
GetMenu
CreateWindowExA
DestroyMenu
EnableScrollBar
GetScrollInfo
EndPaint
IsWindow
SetScrollPos
SetScrollInfo
GetWindowRect
TrackPopupMenuEx
OffsetRect
InflateRect
CopyRect
GetScrollPos
GetScrollRange
GetDlgCtrlID
MoveWindow
GetWindowDC
GetMenuItemInfoA
GetSubMenu
GetMenuItemID
SetRectEmpty
PtInRect
SetTimer
SetCursor
IsWindowEnabled
LoadCursorA
GetMenuItemCount
SetScrollRange
CharLowerA
GetSystemMetrics
DrawIconEx
CharUpperA
GetDesktopWindow
GetDC
ReleaseDC
LoadCursorFromFileA
LoadImageA
LoadStringA
CharNextA
wvsprintfA
ShowScrollBar
GetSysColorBrush
DrawFrameControl
SetWindowRgn
SetMenu
DeleteMenu
InsertMenuItemA
InsertMenuItemW
InsertMenuW
SetWindowPos
LoadStringW
DrawIcon
LoadIconA
LoadIconW
LoadImageW
LoadBitmapA
LoadBitmapW
TrackPopupMenu
DrawTextA
DrawTextW
DrawTextExA
DrawTextExW
MessageBoxIndirectA
WindowFromDC
MessageBoxA
SetMenuItemInfoA
AppendMenuA
GetMenuStringA
CreatePopupMenu
IsMenu
SendMessageTimeoutA
GetIconInfo
wsprintfA
ClientToScreen
CallWindowProcA
GetFocus
RedrawWindow
GetWindowTextLengthA
DestroyWindow
SetWindowTextA
DestroyIcon
GetMessagePos
ReleaseCapture
SetCapture
RemovePropA
FillRect
SetMenuInfo
GetMenuState
UnionRect
GetMenuItemRect
GetMenuDefaultItem
SetRect
GetCapture
WindowFromPoint
ScreenToClient
DrawFocusRect
IsWindowVisible
GetAsyncKeyState
MapWindowPoints
MonitorFromPoint
GetMonitorInfoA
EnableMenuItem
GetPropA
SetWindowLongA
GetWindow
GetClassLongA
SendMessageA
BeginPaint
GetParent
InvalidateRect
GetClassNameA
GetWindowLongA
DrawStateA
CreateIconIndirect
ModifyMenuA
PostMessageA
GetSystemMenu
SystemParametersInfoA
ShowWindow
GetMenuCheckMarkDimensions

gdi32

SetBkColor
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
SetPixel
GetPixel
SetWindowOrgEx
SetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetObjectA
ExtCreateRegion
GetDIBits
CreateICA
GetClipBox
GetCurrentObject
BitBlt
SetBoundsRect
SetTextColor
SetBkMode
GetTextColor
GetBkMode
GetBkColor
PlgBlt
CreateSolidBrush
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextExtentPointW
StretchBlt
SetStretchBltMode
CreateBitmap
SetPixelV
CreateDIBSection
PatBlt
SetBrushOrgEx
CreatePatternBrush
CreateBitmapIndirect
GetNearestColor
RoundRect
CreatePen
CreateFontIndirectA
RestoreDC
ExcludeClipRect
SaveDC
CombineRgn
CreateRectRgnIndirect
Rectangle
OffsetRgn
CreateRectRgn
LineTo
MoveToEx
DPtoLP
TextOutA
SelectClipRgn
GetViewportOrgEx
GetWindowOrgEx
SetTextAlign
GetCharWidthA
CreateFontA
RealizePalette
SelectPalette
CreateDIBitmap
SetDIBitsToDevice
RectVisible
StretchDIBits
GetStockObject
DeleteObject
ExtTextOutA
SelectObject
DeleteDC

comdlg32

ChooseColorA
ChooseColorW
GetFileTitleA

advapi32

RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal
CoCreateGuid

oleaut32

OleLoadPicture

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_GetImageInfo
ImageList_Copy
ImageList_Duplicate
ImageList_DrawIndirect
_TrackMouseEvent
ImageList_GetIcon
ImageList_Draw

msimg32

AlphaBlend

msvcrt

_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_CxxThrowException
strncpy
getc
fputc
fflush
ftell
fseek
fwrite
fread
realloc
fopen
fclose
div
sqrt
calloc
_mbsnbcpy
ceil
floor
malloc
free
strchr
strftime
_ismbblead
localtime
gmtime
time
mktime
sprintf
sin
cos
fabs
abs
_ftol
__RTDynamicCast
wcsncpy
toupper
_purecall
_mbschr
_mbsicmp
atof
_splitpath
_fullpath
_mbsrchr
_mbsinc
_mbsstr
memcmp
strcmp
_except_handler3
strcpy
strcat
memset
strlen
memmove
_ismbcspace
_ismbcdigit
wcslen
memcpy
atoi
_mbscmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_EH_prolog
__CxxFrameHandler
_stricmp
_tzset
_adjust_fdiv

msvcp60

??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z

Exports

Exports

??0CSkinIniFile@@QAE@ABV0@@Z
??0CSkinIniFile@@QAE@VCString@WTL@@@Z
??0CSkinIniFile@@QAE@XZ
??1CSkinIniFile@@UAE@XZ
??4CSkinIniFile@@QAEAAV0@ABV0@@Z
??_7CSkinIniFile@@6B@
?DeleteKey@CSkinIniFile@@QAE_NABVCString@WTL@@@Z
?DeleteValue@CSkinIniFile@@QAE_NABVCString@WTL@@0@Z
?FindKey@CSkinIniFile@@QAEHABVCString@WTL@@@Z
?FindValue@CSkinIniFile@@QAEHHABVCString@WTL@@@Z
?GetNumKeys@CSkinIniFile@@QAEHXZ
?GetNumValues@CSkinIniFile@@QAEHVCString@WTL@@@Z
?GetValue@CSkinIniFile@@QAE?AVCString@WTL@@ABV23@00@Z
?GetValue@CSkinIniFile@@QAE?AVCString@WTL@@ABV23@HAAV23@@Z
?GetValueF@CSkinIniFile@@QAENABVCString@WTL@@0@Z
?GetValueI@CSkinIniFile@@QAEHABVCString@WTL@@0H@Z
?ReadFile@CSkinIniFile@@QAE_NABVCString@WTL@@@Z
?ReadFile@CSkinIniFile@@QAE_NPAEH@Z
?ReadProfile@CSkinIniFile@@QAEXABVCString@WTL@@@Z
?Reset@CSkinIniFile@@QAEXXZ
?SetPath@CSkinIniFile@@QAEXABVCString@WTL@@@Z
?SetValue@CSkinIniFile@@QAE_NABVCString@WTL@@000_N@Z
?SetValueF@CSkinIniFile@@QAE_NABVCString@WTL@@0N_N@Z
?SetValueI@CSkinIniFile@@QAE_NABVCString@WTL@@0HH_N@Z
?WriteFile@CSkinIniFile@@QAEXXZ
?getline2@CSkinIniFile@@QAEHVCString@WTL@@AAV23@@Z
?getline@CSkinIniFile@@QAEAAV?$basic_istream@DU?$char_traits@D@std@@@std@@AAV23@AAVCString@WTL@@@Z
?skinppDrawSkinObject@@YAXPAUHDC__@@UtagRECT@@W4DRAWTYPE@@H@Z
?skinppGetBitmapRes@@YAPAUHBITMAP__@@PBD@Z
?skinppGetBitmapResRect@@YAHPBDAAH111@Z
?skinppGetBitmapSize@@YAXPAUHBITMAP__@@AAH1@Z
?skinppGetImageListFromID@@YAPAU_IMAGELIST@@H@Z
?skinppGetMainFrameMenu@@YAPAUHMENU__@@XZ
?skinppGetMultiLangMenu@@YAPAUHMENU__@@XZ
?skinppGetResFromID@@YAPAUHBITMAP__@@W4SKINOBJTYPE@@HH@Z
?skinppGetResFromID@@YAPAXPAU_ResourceInfo@@@Z
?skinppGetSkinResource@@YAPAEPBDAAH@Z
?skinppLoadLanguageStr@@YAHPBDPADH@Z
?skinppLoadSkinFromRes@@YAHPAUHINSTANCE__@@PBD1PAD@Z
?skinppLoadString@@YAHHPADH@Z
?skinppSetBackgroundDC@@YAXPAUHWND__@@PAUHDC__@@@Z
?skinppSetButtonSounds@@YAXPAUHWND__@@PBD1@Z
?skinppSetButtonTooltip@@YAXPAUHWND__@@PBD@Z
?skinppSetCustomDraw@@YAXPAUHWND__@@H@Z
?skinppSetDialogBkClipRgn@@YAXPAUHWND__@@HH@Z
?skinppSetDialogEraseBkgnd@@YAXPAUHWND__@@H@Z
?skinppSetDrawMenu@@YAXPAUHMENU__@@H@Z
?skinppSetMenuItemImage@@YAHIPAU_IMAGELIST@@H@Z
?skinppSetMenuSkinObjectID@@YAXPAUHWND__@@H@Z
?skinppSetNoDrawText@@YAXPAUHWND__@@H@Z
?skinppSetSkinOwnerMenu@@YAXH@Z
?skinppSetStaticFont@@YAHHPBDH@Z
?skinppSetStaticTextAlign@@YAHHH@Z
?skinppSetStaticTextColor@@YAHHK@Z
?skinppSetStatusBarTransparent@@YAXPAUHWND__@@H@Z
?skinppSetTabItemImageID@@YAXPAUHWND__@@HH@Z
skinppExitSkin
skinppGetDefaultSysColor
skinppGetIconFromRes
skinppGetSkinSysColor
skinppInitializeSkin
skinppLoadSkin
skinppRemoveSkin
skinppRemoveSkinHwnd
skinppSetFreeDlgID
skinppSetListBoxItemDrawInfo
skinppSetListHeaderCtrlItemID
skinppSetListHeaderSortInfo
skinppSetNoSkinHwnd
skinppSetSkinHwnd
skinppSetSkinResID
skinppSetTrackPopupMenuID
skinppSetWindowResID

Sections

.text
Size: 348KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HookSec
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
私募操盘王牛就是牛/SkinPPWTL.lib
私募操盘王牛就是牛/SlickOS2.ssk
私募操盘王牛就是牛/Update.exe
.exe windows:4 windows x86 arch:x86

7a41227c76b4b97325e946c08ffcf581

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\新建文件夹 (2)\UpdateSiMu\release\UpdateSiMu.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
GetACP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileTime
GetFileAttributesA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
GlobalFlags
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
WaitForSingleObject
CloseHandle
InterlockedDecrement
GetModuleFileNameW
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
FreeResource
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
SetLastError
DeleteFileA
Sleep
GetModuleFileNameA
GetTempPathA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersion
CompareStringA
GetLastError
InterlockedExchange
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
lstrlenA
GetStdHandle

user32

UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
MessageBeep
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
GetDlgItem
IsWindowEnabled
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PeekMessageA
DispatchMessageA
PostQuitMessage
PostMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
EnableWindow
DrawIcon
GetClientRect
GetSystemMetrics
SendMessageA
IsIconic
AppendMenuA
GetSystemMenu
LoadIconA
CharUpperA
GetSysColor

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
DeleteObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateRectRgnIndirect
GetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
SysFreeString

ws2_32

WSACleanup
WSAStartup

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetSetOptionExA

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
私募操盘王牛就是牛/User.db
私募操盘王牛就是牛/pami.dll
私募操盘王牛就是牛/simuwang.exe
.exe windows:4 windows x86 arch:x86

be5cf43058198a73ca106f8fd59327cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

skinppwtl

ord3

kernel32

SetErrorMode
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

PostThreadMessageA
MessageBoxA

gdi32

SelectObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA

advapi32

RegQueryValueA

shell32

ShellExecuteA

shlwapi

PathStripToRootA

oledlg

ord8

ole32

CoTaskMemFree

oleaut32

SysAllocString

iphlpapi

GetAdaptersInfo

wininet

HttpOpenRequestA

Sections

.text
Size: - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
私募操盘王牛就是牛/spring.ssk
私募操盘王牛就是牛/官方网站.url
私募操盘王牛就是牛/新云软件.url
.url
私募操盘王牛就是牛/私募操盘王最终决策系统使用说明.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

8415b02065effcf3e8ba3b1c65054435

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 345KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 20KB - Virtual size: 18KB

.HookSec Size: 4KB - Virtual size: 4B

.rsrc Size: 36KB - Virtual size: 33KB

.reloc Size: 36KB - Virtual size: 34KB

7a41227c76b4b97325e946c08ffcf581

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

Sections

.text Size: 212KB - Virtual size: 211KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 20KB - Virtual size: 19KB

be5cf43058198a73ca106f8fd59327cc

Headers

File Characteristics

Imports

skinppwtl

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

wininet

Sections

.text Size: - Virtual size: 243KB

.rdata Size: - Virtual size: 64KB

.data Size: - Virtual size: 26KB

.rsrc Size: 32KB - Virtual size: 64KB

.vmp0 Size: - Virtual size: 106KB

.vmp1 Size: 336KB - Virtual size: 335KB

.reloc Size: 4KB - Virtual size: 184B

.text
Size: 348KB - Virtual size: 345KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 20KB - Virtual size: 18KB

.HookSec
Size: 4KB - Virtual size: 4B

.rsrc
Size: 36KB - Virtual size: 33KB

.reloc
Size: 36KB - Virtual size: 34KB

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: - Virtual size: 243KB

.rdata
Size: - Virtual size: 64KB

.data
Size: - Virtual size: 26KB

.rsrc
Size: 32KB - Virtual size: 64KB

.vmp0
Size: - Virtual size: 106KB

.vmp1
Size: 336KB - Virtual size: 335KB

.reloc
Size: 4KB - Virtual size: 184B