5ccd0e173edf7282419018563ab2e3f0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5ccd0e173edf7282419018563ab2e3f0_JaffaCakes118
Size

1.7MB
MD5

5ccd0e173edf7282419018563ab2e3f0
SHA1

903524be0c3d5917165ccac7c0a84ca2db231cd5
SHA256

953d51a70801fe3bfd5391d9436a9d378ecf9e812ad4e6dbb057fce40c99a8cc
SHA512

857b0f7d500af8a55cafb910e3d49dccca57941bf643da3d495b250ca38ce90b2fa899858a30d42893b3781b7fc156bf23a8d61b6ee2fa46d1181d1af3e62c41
SSDEEP

49152:kB5fuSVoJzoKu7PqvvW3eGifZoqgqw0LJsxxYT:wfuMKu7Cvbph5q0T

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/FetionSDK.dll
unpack001/保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/Interop.QuartzTypeLib.dll
unpack001/保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/Interop.SSOAxCtrlForPTLoginLib.dll
unpack001/保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/Newtonsoft.Json.Net20.dll
unpack001/保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/WININET.DLL
unpack001/保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/log4net.dll
unpack001/保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/skincrafter.net-vs2005.dll
unpack001/保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/保姆小黑 V2.32-QQ摩天大楼辅助 By Loading.exe
unpack001/保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/运行不了点击这个文件.exe

Files

5ccd0e173edf7282419018563ab2e3f0_JaffaCakes118
.rar
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/FetionSDK.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Documents\Visual Studio 2008\Projects\200810\Fetion SDK\Fetion SDK\bin\Release\FetionSDK.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/Interop.QuartzTypeLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/Interop.SSOAxCtrlForPTLoginLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/Newtonsoft.Json.Net20.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

D:\Newtonsoft\Releases\Json\Working\Merge\Newtonsoft.Json.Net20.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/WININET.DLL
.dll windows:5 windows x86 arch:x86

a08db86f6b1f2f2392a846d551ee4cad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

ord4
ord6
ord5
GetComputerNameA
GetEnvironmentVariableA
GetVersionExA
SetErrorMode
RaiseException
ExitProcess
GetTimeZoneInformation
RtlUnwind
GetVersion
CreateEventA
GetTickCount
GetLastError
LocalAlloc
lstrlenA
lstrlenW
LocalFree
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
Sleep
InterlockedIncrement
CloseHandle
InitializeCriticalSection
SetEvent
WaitForSingleObject
CreateThread
GetProcAddress
LoadLibraryA
FreeLibrary
lstrcmpiA
lstrcpyA
lstrcmpA
SetLastError
ReleaseMutex
CreateMutexA
LocalReAlloc
DeleteCriticalSection
GetModuleFileNameA
InterlockedExchange
IsBadStringPtrA
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
CreateFileA
lstrcpynA
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
lstrcatA
TlsFree
TlsSetValue
GetCurrentThreadId
TlsAlloc
TlsGetValue
GetLocalTime
GetExitCodeThread
WaitForMultipleObjects
HeapAlloc
GetProcessHeap
SystemTimeToFileTime
GetSystemTime
FormatMessageA
DeleteFileA
DeviceIoControl
MultiByteToWideChar
RtlMoveMemory
ord3
WriteFile
ReadFile
GetTempFileNameA
GetTempPathA
TerminateThread
ResetEvent
ExitThread
SetFilePointer
GetModuleHandleA
WideCharToMultiByte
OpenMutexA
GetDiskFreeSpaceA
GetPrivateProfileStringA
GetWindowsDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
GetFileSize
CreateDirectoryA
GetFileAttributesA
IsDBCSLeadByte
FileTimeToDosDateTime
WritePrivateProfileStringA
MapViewOfFileEx
GetSystemDirectoryA
ExpandEnvironmentStringsA
DosDateTimeToFileTime
CopyFileA
GetVolumeInformationA
UnmapViewOfFile
CreateFileMappingA
SetEndOfFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapFree

shlwapi

StrNCatA
UrlCanonicalizeA
UrlCombineA
UrlCanonicalizeW
UrlCombineW
ord151
StrStrA
StrToIntA
StrToIntExA
StrRChrA
PathCreateFromUrlA
UrlUnescapeA
StrChrA
ord153

advapi32

RegEnumValueA
RegDeleteKeyA
GetUserNameA
RegOpenKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegCreateKeyA
RegEnumKeyA
RegDeleteValueA
RegEnumKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

user32

wsprintfA
MessageBoxA
CharToOemA
CharUpperA
wvsprintfA
CharNextA
CharLowerA
SetWindowLongA
EndDialog
GetDlgItem
WinHelpA
GetWindowLongA
SendDlgItemMessageA
EnableWindow
SetDlgItemTextA
SetWindowTextA
SendMessageA
LoadStringA
IsDlgButtonChecked
SetForegroundWindow
GetParent
GetWindowTextA
SetWindowPos
GetWindowRect
ReleaseDC
GetDC
GetClientRect
LoadImageA
CheckDlgButton
SetTimer
RegisterWindowMessageA
ShowWindow
KillTimer
GetDesktopWindow
DialogBoxParamA
FindWindowA
IsWindow
SetFocus
PostMessageA

gdi32

GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
SelectObject

Exports

Exports

CommitUrlCacheEntryA
CommitUrlCacheEntryW
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheGroup
DllInstall
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpEndRequestA
HttpEndRequestW
HttpOpenRequestA
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
IncrementUrlCacheHeaderData
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConnectA
InternetConnectW
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDebugGetLocalTime
InternetDial
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetGetCertByURL
InternetGetConnectedState
InternetGetCookieA
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGoOnline
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenServerPushParse
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetServerPushParse
InternetSetCookieA
InternetSetCookieW
InternetSetDialState
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetStatusCallback
InternetShowSecurityInfoByURL
InternetTimeFromSystemTime
InternetTimeToSystemTime
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
ReadUrlCacheEntryStream
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/allCookie.data
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/config.ini
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/config.xml
.xml
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/log4net.config
.xml
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/log4net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/prop.xml
.xml
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/skincrafter.net-vs2005.dll
.dll windows:4 windows x86 arch:x86

cc59c365bc885f06f0cee2d725f51cae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80

ord3163
ord326
ord783
ord3406
ord3350
ord3989
ord2873
ord3402
ord2532
ord2794
ord3139
ord3799
ord2878
ord3991
ord2876
ord1929
ord5727
ord2367
ord1191
ord5641
ord2264
ord4001
ord4123
ord5640
ord2263
ord3368
ord3012
ord2762
ord3156
ord2531
ord3353
ord3076
ord6007
ord5717
ord564
ord755
ord1092
ord589
ord330
ord3348
ord3596
ord663
ord1489
ord6118
ord299
ord6703
ord426
ord3236
ord4066
ord3022
ord5472
ord6286
ord1211
ord869
ord380
ord3201
ord3401
ord2703
ord5493
ord2306
ord1181
ord2259
ord5563
ord3997
ord5529
ord629
ord5430
ord1439
ord1434
ord301
ord305
ord5320
ord1159
ord2348
ord2271
ord4085
ord5089
ord384
ord667
ord433
ord2346
ord3255
ord1580
ord5331
ord6297
ord317
ord584
ord6759
ord6763
ord274
ord576
ord1090
ord6752
ord3397
ord2370
ord3360
ord765
ord315
ord1037
ord1206
ord1208
ord1098
ord371
ord1917
ord1167
ord1120
ord1201
ord1175
ord1177
ord1209
ord581
ord3140
ord5833
ord3204
ord5427
ord1968
ord3302
ord347
ord1279
ord2079
ord1966
ord602
ord2468
ord5403
ord5433
ord3863
ord3239
ord429
ord722
ord3295
ord530
ord666
ord872
ord6005
ord4115
ord3233
ord423
ord660
ord502
ord3287
ord1425
ord567
ord758
ord5613
ord3684
ord501
ord5642
ord6037
ord5731
ord709
ord907
ord1903
ord2372
ord2368
ord760
ord4244
ord3337
ord5444
ord356
ord6090
ord587
ord2086
ord1545
ord6725
ord5915
ord1620
ord1617
ord3946
ord1402
ord4232
ord5152
ord1908
ord5073
ord6275
ord4185
ord5214
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord764
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord2991
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3164
ord572
ord1063
ord1280
ord3161
ord1934
ord2322
ord1123
ord3210
ord1084
ord866
ord5714
ord3019
ord5466
ord4063
ord3025
ord4069
ord266
ord297
ord265
ord314
ord300
ord310
ord781
ord762
ord304
ord578
ord3934
ord2902
ord876
ord1482
ord784
ord6754
ord1187
ord1185
ord2702

msvcr80

_itow
ceil
_vswprintf
wcschr
_stricmp
strncmp
__RTDynamicCast
strstr
toupper
_purecall
_strnicmp
_wcsnset
__CxxFrameHandler3
wcsstr
memset
mbstowcs
free
malloc
_cexit
__FrameUnwindFilter
wcsncpy
atoi
_CxxThrowException
_except_handler4_common
_unlock
memcpy
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal

kernel32

GetUserDefaultLangID
FindResourceExA
LoadResource
GetLocalTime
GetTimeFormatW
GetLocaleInfoW
GetDateFormatW
SetLastError
LoadLibraryA
MulDiv
GetModuleHandleA
LoadLibraryW
GetProcAddress
lstrcpyA
lstrcmpA
FreeLibrary
GlobalAlloc
GlobalFree
FindResourceA
LocalSize
LocalLock
LocalUnlock
lstrlenA
lstrcmpiA
GetCurrentThreadId
GetVersion
GetLastError
RaiseException
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
LocalFree
HeapFree
GetProcessHeap
HeapAlloc
OutputDebugStringA
Sleep
GlobalUnlock
GlobalLock
SizeofResource
LocalAlloc
LocalReAlloc
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceCounter

user32

SetTimer
KillTimer
GetMessagePos
EnableScrollBar
SetScrollPos
ShowScrollBar
MessageBoxA
GetPropA
GetDC
ShowWindow
SetActiveWindow
GetWindowPlacement
SetWindowPlacement
GetKeyState
SetCapture
UpdateWindow
SetForegroundWindow
TrackPopupMenu
SetWindowsHookExA
CallNextHookEx
WindowFromPoint
GetMenu
AppendMenuA
GetCursorPos
IsWindow
RemovePropA
ReleaseCapture
DrawIconEx
GetWindowDC
LoadIconA
GetWindowTextLengthA
GetMenuState
ReleaseDC
GetMenuItemRect
GetSystemMetrics
IsMenu
RemoveMenu
SetWindowPos
IsWindowVisible
SetRect
ScreenToClient
MapWindowPoints
UnhookWindowsHookEx
GetTopWindow
GetMenuItemInfoA
GetSysColorBrush
GetMenuItemCount
GetWindowLongA
GetWindowRect
OffsetRect
CopyRect
GetWindow
SetCursor
LoadCursorA
GetParent
GetClientRect
SendMessageA
PtInRect
DestroyCursor
PostMessageA
GetClassLongA
SetClassLongA
EnumThreadWindows
GetClassNameA
EnumChildWindows
EnableWindow
LoadBitmapA
GetWindowTextA
GetMenuStringW
GetMenuStringA
GetUpdateRect
UnionRect
SetMenuItemInfoA
GetScrollPos
DrawFrameControl
FillRect
FrameRect
DrawFocusRect
InvertRect
EqualRect
InflateRect
DestroyIcon
GetDlgCtrlID
IntersectRect
SubtractRect
SetFocus
GetNextDlgTabItem
HideCaret
ShowCaret
SetPropA
DrawEdge
GetFocus
SendMessageW
DrawTextW
DrawTextA
SetCaretPos
GetCaretPos
GetScrollInfo
GetSysColor
SetScrollInfo
GetClassInfoA
RegisterClassA
DefWindowProcA
CreateWindowExA
DestroyWindow
CopyImage
GetIconInfo
TrackMouseEvent
DrawStateA
GetWindowTextLengthW
CallWindowProcW
GetSubMenu
GetWindowTextW
GetDlgItem
SystemParametersInfoA
IsIconic
IsZoomed
SetWindowRgn
GetCapture
GetAncestor
PeekMessageA
DispatchMessageA
GetMessageA
GetDCEx
AdjustWindowRectEx
SetWindowLongW
GetSystemMenu
DrawMenuBar
LockWindowUpdate
GetWindowRgn
ClientToScreen
SetRectEmpty
IsRectEmpty
BeginPaint
EndPaint
SetWindowLongA
InvalidateRect
CallWindowProcA
GetActiveWindow
GetDesktopWindow
AdjustWindowRect
GetMenuBarInfo
IsWindowUnicode
GetWindowLongW
IsWindowEnabled
GetForegroundWindow
GetMenuItemID
RedrawWindow

gdi32

GetRgnBox
PathToRegion
WidenPath
EndPath
LineTo
MoveToEx
BeginPath
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
CreateCompatibleBitmap
ExtSelectClipRgn
SetViewportOrgEx
CreateFontIndirectW
DeleteDC
StretchBlt
GetObjectA
CreateCompatibleDC
SetBkMode
PtInRegion
CreateRectRgnIndirect
ExcludeClipRect
CreateEllipticRgn
CreateRoundRectRgn
CreateFontIndirectA
CreateRectRgn
SetTextColor
SetBkColor
GetTextExtentPointA
GetTextExtentPointW
GetBkColor
GetTextColor
SetBoundsRect
GetPixel
SetWindowOrgEx
SetPixel
SelectClipRgn
BitBlt
GetCurrentObject
GetTextExtentPoint32A
CreatePen
GetViewportOrgEx
Arc
Ellipse
PlayEnhMetaFile
ExtTextOutA
GetTextMetricsA
SetLayout
GetLayout
SetBrushOrgEx
SetStretchBltMode
CombineRgn
DeleteObject
OffsetRgn
GetRegionData
ExtCreateRegion
IntersectClipRect
GetStockObject
SaveDC
RestoreDC
PatBlt
CreateSolidBrush
SetDIBColorTable
GetPaletteEntries
SelectPalette
RealizePalette
CreateBitmap
CreateDIBSection
GetDIBColorTable
CreatePalette
GetDeviceCaps
CreateHalftonePalette
CreatePatternBrush
UnrealizeObject
GetBkMode
GetObjectW
Rectangle

msimg32

TransparentBlt

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

comctl32

InitializeFlatSB
UninitializeFlatSB
ImageList_Draw
ImageList_GetIcon
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_DrawEx

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
VariantInit
SysAllocString
SysFreeString

oleacc

AccessibleObjectFromWindow

gdiplus

GdipDeleteFont
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawString
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipSaveImageToStream
GdipGetImageRawFormat
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCloneBitmapAreaI
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipEndContainer
GdipBeginContainer2
GdipMultiplyWorldTransform
GdipReleaseDC
GdipGetDC
GdipTranslateMatrix
GdipMultiplyMatrix
GdipCreateMatrix2
GdipCreateMatrix
GdipDeleteMatrix
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImage
GdipCloneBrush
GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDeleteBrush
GdipAlloc
GdipFree

msvcm80

?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z

mscoree

_CorDllMain

Sections

.text
Size: 440KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/sky.gif
.gif
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/skyparam.xml
.xml
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/保姆小黑 V2.32-QQ摩天大楼辅助 By Loading.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 702KB - Virtual size: 701KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/保姆小黑.exe.config
.xml
保姆小黑_V2.32-QQ摩天大楼辅助_By_Loading/运行不了点击这个文件.exe
.exe windows:5 windows x86 arch:x86

c32bbe9fc4a1294318cc1dd7b4d0eea3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_VC_Project\NetFramework检测工具\Release\NetFramework检测工具.pdb

Imports

kernel32

HeapAlloc
HeapFree
RtlUnwind
Sleep
ExitProcess
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
FileTimeToSystemTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrlenA
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GlobalFindAtomW
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
InterlockedDecrement
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomW
CloseHandle
GlobalUnlock
lstrlenW
WritePrivateProfileStringW
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetModuleHandleW
GetProcAddress
WinExec
Process32NextW
FindResourceW
LoadResource
LockResource
SizeofResource
Process32FirstW
TerminateProcess
CreateToolhelp32Snapshot

user32

RegisterClipboardFormatW
PostThreadMessageW
GetSysColorBrush
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
LoadCursorW
SetCapture
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
EqualRect
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowTextW
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
LoadIconW
SendMessageW
IsIconic
GetSystemMetrics
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
DestroyMenu
UnregisterClassW
CharUpperW
AdjustWindowRectEx
GetClientRect
DrawIcon
EnableWindow
PostMessageW
PostQuitMessage
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetForegroundWindow

gdi32

GetStockObject
GetDeviceCaps
GetBkColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetTextColor
CreateBitmap
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectW
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
OffsetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
CoRegisterMessageFilter
CoGetClassObject

oleaut32

SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysFreeString

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 1024B - Virtual size: 980B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 16KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 12KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 968B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 312KB - Virtual size: 312KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 512B - Virtual size: 12B

a08db86f6b1f2f2392a846d551ee4cad

Headers

File Characteristics

Imports

kernel32

shlwapi

advapi32

user32

gdi32

Exports

Exports

Sections

.text Size: 300KB - Virtual size: 298KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 44KB - Virtual size: 40KB

.reloc Size: 16KB - Virtual size: 12KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 252KB - Virtual size: 250KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

cc59c365bc885f06f0cee2d725f51cae

Headers

File Characteristics

Imports

mfc80

msvcr80

kernel32

.text
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 1024B - Virtual size: 980B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 312KB - Virtual size: 312KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 300KB - Virtual size: 298KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 44KB - Virtual size: 40KB

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 252KB - Virtual size: 250KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 440KB - Virtual size: 436KB

.rdata
Size: 128KB - Virtual size: 126KB

.data
Size: 12KB - Virtual size: 49KB

.rsrc
Size: 308KB - Virtual size: 306KB

.reloc
Size: 36KB - Virtual size: 32KB

.text
Size: 702KB - Virtual size: 701KB

.sdata
Size: 1024B - Virtual size: 892B

.rsrc
Size: 118KB - Virtual size: 118KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 11KB - Virtual size: 25KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 33KB - Virtual size: 32KB