launch2[.]exe[.]vir

Sharing

Copy URL

Twitter E-mail

General

Target

launch2.exe.vir
Size

28.0MB
MD5

18e78d02f3d09ae1443fe166e773b73c
SHA1

3371a2feb209b0463024b0083f415fef7c70be20
SHA256

310c4892b37f0db2c8b8e1fc04ccdcbba09f620928ae6193be93601a575311fd
SHA512

2c882ab4747e8750f216a97a10d07248d80b3400c89d10963504458e38d76f36e0effd23bebeb93dac0d4c5e160370e9bb3fcd8ebc43b1f88a1aa12e40c7ed94
SSDEEP

786432:hAQcqjXy4iO2tZ5OHO+iKTkaki9IMf4HUP84Ld:hAQcqjXKOEo/GnMf40P/L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
launch2.exe.vir

Files

launch2.exe.vir
.exe windows:5 windows x86 arch:x86

438384ed3c8521d6e52ef7938fd65dc0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\wenhm\工作文档\2015.12\三国2崩溃报告\bugreport_all1\BugReport_sdk\Release\BugReport.pdb

Imports

kernel32

GetTimeZoneInformation
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
SetEnvironmentVariableA
FatalAppExitA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
HeapDestroy
SetEnvironmentVariableW
RemoveDirectoryA
HeapCreate
DeleteFileA
PeekNamedPipe
GetFileInformationByHandle
MoveFileA
FindFirstFileExA
GetDriveTypeW
SetCurrentDirectoryA
GetConsoleMode
lstrcmpiA
GetDriveTypeA
lstrcpynA
CreateMutexA
ReleaseMutex
GetVersion
CreateFileA
DosDateTimeToFileTime
GetFullPathNameA
GetVolumeInformationA
GetFileAttributesA
FindNextFileA
FindFirstFileA
lstrcpyA
lstrcatA
CreateDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
InterlockedCompareExchange
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapQueryInformation
GetConsoleCP
GetStringTypeW
GetCurrentDirectoryA
SetConsoleCtrlHandler
HeapSize
CreateThread
ExitThread
HeapReAlloc
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
LocalLock
LocalUnlock
FindResourceExW
GetDiskFreeSpaceW
ReplaceFileW
GetUserDefaultLCID
VirtualProtect
Sleep
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetErrorMode
GetSystemDirectoryW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
MoveFileW
lstrcmpiW
GetStringTypeExW
GlobalFlags
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
FileTimeToSystemTime
GetThreadLocale
lstrlenA
lstrcmpA
GetAtomNameW
GlobalGetAtomNameW
CompareStringW
InterlockedIncrement
GetProcAddress
SuspendThread
GetCurrentThreadId
ResumeThread
SetThreadPriority
MulDiv
GetCurrentProcessId
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
SetLastError
InterlockedDecrement
IsBadWritePtr
CreateEventW
GetFileSize
IsBadStringPtrW
GetFileType
SetEvent
ResetEvent
WaitForSingleObject
FormatMessageW
FlushFileBuffers
GetTempPathW
GetTempFileNameW
CopyFileW
GetFileAttributesExW
SearchPathW
FindNextFileW
DeleteFileW
GetModuleHandleW
GetSystemTime
SetCurrentDirectoryW
GetCurrentDirectoryW
SetFileAttributesW
RemoveDirectoryW
lstrlenW
MultiByteToWideChar
GetCommandLineW
GetModuleFileNameW
lstrcpynW
GlobalAlloc
GlobalSize
GlobalFree
lstrcpyW
lstrcatW
CreateProcessW
FindFirstFileW
FindClose
ReadFile
GetACP
WideCharToMultiByte
CreateFileW
GetLastError
SetFilePointer
WriteFile
SetEndOfFile
CloseHandle
OutputDebugStringW
GetTickCount
GetLocalTime
SetFileAttributesA
SystemTimeToFileTime

user32

IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
InsertMenuItemW
TranslateAcceleratorW
CreateDialogIndirectParamW
EndDialog
GetNextDlgGroupItem
LoadImageW
GetIconInfo
GetNextDlgTabItem
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
KillTimer
SetTimer
DeleteMenu
ShowOwnedPopups
SetCursor
IntersectRect
InvalidateRect
IsIconic
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
InSendMessage
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
ScrollWindowEx
LoadStringW
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
CreateMenu
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
SendNotifyMessageW
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
GetLastActivePopup
GetWindowLongW
GetParent
SendMessageW
GetWindowThreadProcessId
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
UnregisterClassW
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
WindowFromDC
SetMenuItemBitmaps
GetWindow
PtInRect
CopyRect
SetWindowPos
SetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
GetDialogBaseUnits
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
EnumChildWindows
GetDCEx
GetTabbedTextExtentW
DestroyIcon
EqualRect
ScreenToClient
GetWindowRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
PostMessageW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
UpdateWindow
GetClientRect

gdi32

CreateFontW
StretchDIBits
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetCurrentObject
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
GetDIBits
StretchBlt
SetPixel
GetCharWidthW
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
CreateMetaFileW
EnumMetaFile
DeleteMetaFile
SetPixelV
RoundRect
GetTextCharsetInfo
GetObjectType
EnumFontFamiliesW
SelectPalette
GetStockObject
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetLayout
GetLayout
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateBitmap
SetTextColor
SetBkColor
GetObjectW
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
BitBlt
ExtTextOutW
GetTextExtentPoint32W
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
GetTextMetricsW
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateDIBitmap
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFileRecord
PlayMetaFile
SetViewportExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
CloseMetaFile
ExcludeClipRect
SetMapMode
GetClipBox

winspool.drv

GetJobW
DocumentPropertiesW
ClosePrinter
OpenPrinterW

comdlg32

GetFileTitleW

advapi32

GetSecurityDescriptorLength
LookupPrivilegeValueA
AdjustTokenPrivileges
GetKernelObjectSecurity
GetFileSecurityW
SetFileSecurityW
RegEnumValueW
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyW
RegQueryValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueW
RegCloseKey
OpenProcessToken

shell32

ShellExecuteExW
SHFileOperationW
ExtractIconW
SHGetFileInfoW
SHAddToRecentDocs
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
DragFinish
DragQueryFileW
SHAppBarMessage
SHGetMalloc
SHFileOperationA
SHBrowseForFolderW

ole32

OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
OleRegEnumVerbs
OleRegGetMiscStatus
OleRun
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
GetRunningObjectTable
CoGetMalloc
CreateOleAdviseHolder
CreateDataAdviseHolder
OleUninitialize
OleSetContainedObject
GetHGlobalFromILockBytes
OleLoad
OleCreate
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
CoRegisterClassObject
OleSaveToStream
WriteClassStm
OleSave
StgCreateDocfileOnILockBytes
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CreateStreamOnHGlobal
OleSetMenuDescriptor
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfile
CoInitializeEx
CoCreateGuid
CLSIDFromString
StringFromGUID2
CoDisconnectObject
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CLSIDFromProgID
CoCreateInstance
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleCreateFromFile
PropVariantCopy

oleaut32

SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
CreateErrorInfo
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
VariantInit
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
RegisterTypeLi
SysAllocStringByteLen
SysFreeString
SafeArrayLock
GetErrorInfo
SetErrorInfo
SysAllocString

shlwapi

PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathRemoveExtensionW
PathRenameExtensionW
PathFindFileNameW
PathAddBackslashW
PathCombineW
PathFindExtensionW
PathFileExistsW
PathIsDirectoryW
PathUnquoteSpacesW
wnsprintfW

wininet

HttpSendRequestW
InternetCloseHandle
InternetReadFile
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImagePalette
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

msimg32

TransparentBlt
AlphaBlend

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

oledlg

OleUIBusyW

comctl32

ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_GetImageCount
ImageList_Create
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_DrawEx

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24.9MB - Virtual size: 24.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data
.rdata
.reloc
.rsrc/0/FLAC/稻香 - 周杰伦
.rsrc/1033/BITMAP/30994.bmp
.rsrc/1033/BITMAP/30996.bmp
.rsrc/1033/CURSOR/15
.rsrc/1033/CURSOR/16
.rsrc/1033/CURSOR/17
.rsrc/1033/CURSOR/18
.rsrc/1033/CURSOR/19
.rsrc/1033/CURSOR/20
.rsrc/1033/CURSOR/21
.rsrc/1033/CURSOR/22
.rsrc/1033/CURSOR/23
.rsrc/1033/CURSOR/24
.rsrc/1033/CURSOR/25
.rsrc/1033/CURSOR/26
.rsrc/1033/CURSOR/27
.rsrc/1033/CURSOR/28
.rsrc/1033/CURSOR/29
.rsrc/1033/CURSOR/30
.rsrc/1033/DIALOG/30721
.rsrc/1033/DIALOG/30734
.rsrc/1033/GROUP_CURSOR/30977
.rsrc/1033/GROUP_CURSOR/30998
.rsrc/1033/GROUP_CURSOR/30999
.rsrc/1033/GROUP_CURSOR/31000
.rsrc/1033/GROUP_CURSOR/31001
.rsrc/1033/GROUP_CURSOR/31002
.rsrc/1033/GROUP_CURSOR/31003
.rsrc/1033/GROUP_CURSOR/31004
.rsrc/1033/GROUP_CURSOR/31005
.rsrc/1033/GROUP_CURSOR/31006
.rsrc/1033/GROUP_CURSOR/31007
.rsrc/1033/GROUP_CURSOR/31008
.rsrc/1033/GROUP_CURSOR/31009
.rsrc/1033/GROUP_CURSOR/31010
.rsrc/1033/GROUP_CURSOR/31011
.rsrc/1033/MANIFEST/1
.xml
.rsrc/1033/string.txt
.rsrc/2052/DIALOG/100
.rsrc/2052/DIALOG/102
.rsrc/2052/GROUP_ICON/128
.rsrc/2052/ICON/1.ico
.rsrc/2052/ICON/10
.png
.rsrc/2052/ICON/11.ico
.rsrc/2052/ICON/12.ico
.rsrc/2052/ICON/13.ico
.rsrc/2052/ICON/14.ico
.rsrc/2052/ICON/2.ico
.rsrc/2052/ICON/3.ico
.rsrc/2052/ICON/4.ico
.rsrc/2052/ICON/5
.png
.rsrc/2052/ICON/6.ico
.rsrc/2052/ICON/7.ico
.rsrc/2052/ICON/8.ico
.rsrc/2052/ICON/9.ico
.rsrc/2052/string.txt
.rsrc/2052/version.txt
.text

Sharing

General

Malware Config

Signatures

Files

438384ed3c8521d6e52ef7938fd65dc0

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

oleacc

gdiplus

msimg32

imm32

winmm

oledlg

comctl32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 553KB - Virtual size: 552KB

.data Size: 37KB - Virtual size: 401KB

.rsrc Size: 24.9MB - Virtual size: 24.9MB

.reloc Size: 181KB - Virtual size: 181KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 553KB - Virtual size: 552KB

.data
Size: 37KB - Virtual size: 401KB

.rsrc
Size: 24.9MB - Virtual size: 24.9MB

.reloc
Size: 181KB - Virtual size: 181KB