blackmoon | 91114eb7ac344a540e126bf7e4c781d13183c759e6ff5c151adf04a42e2095c9

Sharing

Copy URL Twitter E-mail

General

Target

91114eb7ac344a540e126bf7e4c781d13183c759e6ff5c151adf04a42e2095c9
Size

2.2MB
MD5

00c11de4cb10e985d9b69b37c19c8565
SHA1

6a4ca073d6bb74a5898ffc7effad8c2653829145
SHA256

91114eb7ac344a540e126bf7e4c781d13183c759e6ff5c151adf04a42e2095c9
SHA512

e02fb9f93b52c2df8c8999b455b83fd5e05835b7c61b1ad0ce8ba1a190edeea7c6969095c193c1651f82f6327aba1b2e0ed3c2e53d19bbfb600bb54809bce6b9
SSDEEP

24576:RfVvwnY6n/v/sTaJXOdPAkhomTurU63GtuD0VRtI+ABmtI2/pSsD7hwJa8Jb8o8c:RScT+2wRCyJYo8Anb69mXBNV/

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91114eb7ac344a540e126bf7e4c781d13183c759e6ff5c151adf04a42e2095c9

Files

91114eb7ac344a540e126bf7e4c781d13183c759e6ff5c151adf04a42e2095c9
.dll windows:4 windows x86 arch:x86

9ddbab170981fe9785a4672a0c339fa4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyn
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
CreateThread
IsBadCodePtr
lstrlenA
CopyFileA
GetLocaleInfoA
GetFileAttributesA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetProcessHeap
HeapFree
GetEnvironmentStringsW
IsBadWritePtr
Sleep
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
VirtualQuery
GetSystemInfo
InterlockedCompareExchange
InterlockedExchange
HeapAlloc
MultiByteToWideChar
CreateFileA
lstrlenW
GetCurrentProcess
VirtualFreeEx
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
GetModuleFileNameA
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LCMapStringA
GetCommandLineA
GetVersionExA
DeleteFileA
GetFileSize
GlobalLock
GlobalUnlock
GetUserDefaultLCID
FindClose
FindFirstFileA
FindNextFileA
GetTickCount
SetFilePointer
IsBadReadPtr
HeapReAlloc
ExitProcess
GlobalFree
GetExitCodeProcess
ReadFile
PeekNamedPipe
CloseHandle
CreateProcessA
CreatePipe
WideCharToMultiByte
FreeLibrary
GlobalAlloc
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcessId
TlsSetValue
TlsGetValue
TlsAlloc
WriteFile
VirtualProtect
GetACP
HeapSize
TerminateProcess
RaiseException
RtlUnwind
RtlMoveMemory
SetHandleCount
GetOEMCP
GetCPInfo
GetStringTypeExA
SetEndOfFile
FlushFileBuffers
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
MulDiv
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
InterlockedDecrement
LocalReAlloc
GlobalReAlloc
TlsFree
GlobalHandle
DeleteCriticalSection
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
LocalAlloc
LocalFree
IsBadStringPtrA

user32

PeekMessageA
EndDialog
CreateDialogIndirectParamA
GetMessageA
DestroyMenu
PostThreadMessageA
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
GetClientRect
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PostMessageA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
UnhookWindowsHookEx
UnregisterClassA
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetWindowTextA
GetWindowTextA
GetMenuItemCount
PostQuitMessage
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

PathFileExistsA
PathFindFileNameA
PathFindExtensionA
StrTrimA

dbghelp

MakeSureDirectoryPathExists

wininet

InternetTimeToSystemTime

ole32

CoFreeUnusedLibraries
CoRegisterMessageFilter
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

winhttp

WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpQueryHeaders

crypt32

CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertFreeCertificateContext
CertCloseStore
CryptStringToBinaryA

advapi32

CryptGetHashParam
CryptHashData
CryptCreateHash
CryptEncrypt
CryptGetKeyParam
CryptSetKeyParam
CryptDecrypt
CryptImportKey
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextA
CryptExportKey
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap
GetStockObject
GetObjectA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comctl32

ord17

oledlg

ord8

oleaut32

VariantTimeToSystemTime
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysFreeString
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayDestroy
VariantCopy
SysAllocString
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize

Exports

Exports

GetNewInf
YYDS_Base64��YY_
YYDS_Base64��YY_
YYDS_CookieEasy__�ڲ��ʼ��
YYDS_CookieEasy__�ڲ��
YYDS_CookieEasy__�ڲ��ͷ�
YYDS_GZIP_��ѹ_�ı�_
YYDS_GZIP_��ѹ_ָ��2_
YYDS_GZIP_��ѹ_ָ��_
YYDS_GZIP_��ѹ_�ֽڼ�_
YYDS_GZIP_ѹ��ı�_
YYDS_GZIP_ѹ��ֽڼ�_
YYDS_HEX��_
YYDS_HEX��_
YYDS_Json2Xml
YYDS_ProcessNotifyLib
YYDS_RSA�ӽ��YZC__�ڲ��ʼ��
YYDS_RSA�ӽ��YZC__�ڲ��
YYDS_RSA�ӽ��YZC__�ڲ��ͷ�
YYDS_RSA�ӽ��YZC__ǩ��
YYDS_RSA�ӽ��YZC__��֤ǩ��
YYDS_RSA�ӽ��YZC__��빫Կ
YYDS_RSA�ӽ��YZC__��˽Կ
YYDS_Xml2Json
YYDS_YYDS_��·��ʽ
YYDS_YY��д��__��Խ��
YYDS_YY��д��__��
YYDS_YY��д��__��˳�
YYDS_YY��д��__�ڲ��ʼ��
YYDS_YY��д��__�ڲ��
YYDS_YY��д��__�ڲ��ͷ�
YYDS_YY��д��__д��Խ��
YYDS_YY��д��__д��
YYDS_YY��д��__д�˳�
YYDS_YY�ٽ��__��Խ��
YYDS_YY�ٽ��__��
YYDS_YY�ٽ��__�ڲ��ʼ��
YYDS_YY�ٽ��__�ڲ��
YYDS_YY�ٽ��__�ڲ��ͷ�
YYDS_YY�ٽ��__�˳�
YYDS_YYʱ��__��
YYDS_YYʱ��__�ڲ��ʼ��
YYDS_YYʱ��__�ڲ��
YYDS_YYʱ��__�ڲ��ͷ�
YYDS_YYʱ��__ʱ��
YYDS_YY�̳߳�__��̬
YYDS_YY�̳߳�__��
YYDS_YY�̳߳�__�ȴ�
YYDS_YY�̳߳�__�ȴ��̬
YYDS_YY�̳߳�__��
YYDS_YY�̳߳�__�ڲ��ʼ��
YYDS_YY�̳߳�__�ڲ��
YYDS_YY�̳߳�__�ڲ��ͷ�
YYDS_YY�̳߳�__ȡ_��
YYDS_YY�̳߳�__ȡ_��߳��
YYDS_YY�̳߳�__ȡ_�Ƿ��ȫ��
YYDS_YY�̳߳�__ȡ_�Ƿ��п��
YYDS_YY�̳߳�__ȡ_�Ƿ��п��ж�
YYDS_YY�̳߳�__ȡ_�̳߳��
YYDS_YY�̳߳�__ȡ_ִ��߳��
YYDS_YY�̳߳�__ȡ_״̬
YYDS_YY�̳߳�__ȡ_��߳��
YYDS_YY�̳߳�__ȡ��Ex
YYDS_YY�̳߳�__ȡ��Զ��
YYDS_YY�̳߳�__�¼�_��ͣ
YYDS_YY�̳߳�__Ͷ��
YYDS_YY�̳߳�__Ͷ��Ex
YYDS_YY�̳߳�__Ͷ��_��
YYDS_YY�̳߳�__Ͷ��_��ת��
YYDS_YY�̳߳�__Ͷ��_�Զ��
YYDS_YY�̳߳�__��
YYDS_YY�̳߳�__��ͣ
YYDS_YY�̳߳�__��_��ʼջ��С
YYDS_YY�̳߳�__��_��л��ʱ��
YYDS_YY�̳߳�__��_��̻߳ص�
YYDS_YY�̳߳�__��_�̳߳ػص�
YYDS_YY�̳߳�__��_��߳��
YYDS_YY�ź��__��
YYDS_YY�ź��__��
YYDS_YY�ź��__�ݼ�
YYDS_YY�ź��__�ر�
YYDS_YY�ź��__��
YYDS_YY�ź��__�ڲ��ʼ��
YYDS_YY�ź��__�ڲ��
YYDS_YY�ź��__�ڲ��ͷ�
YYDS_YY�ź��__�Ƿ��Ѵ��
YYDS_YY�ź��__��
YYDS__��ڴ��
YYDS__д�ڴ��
YYDS_deflate_��ѹ_
YYDS_deflate_��ѹ_ָ��2_
YYDS_deflate_��ѹ_ָ��_
YYDS_��_URL��_
YYDS_��_URL��_
YYDS_��_��W_
YYDS_��_��_
YYDS_��_��_
YYDS_��CRC_
YYDS_��ֵ��_
YYDS_��б�_
YYDS_��ʱ��ı�_
YYDS_��ı�_
YYDS_��ı��ʱ��_
YYDS_��ȡ��YZC__��ʼ��
YYDS_��ȡ��YZC__��
YYDS_��ȡ��YZC__��β��
YYDS_��ȡ��YZC__�ٽ��
YYDS_��ȡ��YZC__�ٽ��˳�
YYDS_��ȡ��YZC__�ڲ��ʼ��
YYDS_��ȡ��YZC__�ڲ��
YYDS_��ȡ��YZC__�ڲ��ͷ�
YYDS_��ȡ��YZC__��
YYDS_��ȡ��YZC__ȡ��
YYDS_��ȡ��YZC__ѹ�붥��
YYDS_��ȡ��YZC__ѹ��
YYDS_��ȡ��YZC__�û��ֵ
YYDS_��ȡ��YZC__��³�ʼ��
YYDS_��ȡ��ֵ��YZC__��ļ�
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ϴ��ļ��
YYDS_��ȡ��ֵ��YZC__��Base64��
YYDS_��ȡ��ֵ��YZC__��JSON��
YYDS_��ȡ��ֵ��YZC__��XML��
YYDS_��ȡ��ֵ��YZC__�ӱ��
YYDS_��ȡ��ֵ��YZC__�Ӿ��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ļ��
YYDS_��ȡ��ֵ��YZC__��ָ��
YYDS_��ȡ��ֵ��YZC__��ֽڼ��Ex
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��Ex
YYDS_��ȡ��ֵ��YZC__��ļ�
YYDS_��ȡ��ֵ��YZC__��Base64
YYDS_��ȡ��ֵ��YZC__��JSON
YYDS_��ȡ��ֵ��YZC__��JSON��
YYDS_��ȡ��ֵ��YZC__��Xml
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__��ͷ
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__��ֽڼ�Ex
YYDS_��ȡ��ֵ��YZC__�ر��ļ�
YYDS_��ȡ��ֵ��YZC__�ϲ��
YYDS_��ȡ��ֵ��YZC__��ֵ��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��Ex
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ֵ
YYDS_��ȡ��ֵ��YZC__��ļ�
YYDS_��ȡ��ֵ��YZC__ö��_��ݹ�ö��
YYDS_��ȡ��ֵ��YZC__ö��_��ö�ٳ�ʼ��
YYDS_��ȡ��ֵ��YZC__ö��_�ͷ�
YYDS_��ȡ��ֵ��YZC__ö��_��ݹ�ö��
YYDS_��ȡ��ֵ��YZC__ö��_��ö�ٳ�ʼ��
YYDS_��ȡ��ֵ��YZC__�ڲ��ʼ��
YYDS_��ȡ��ֵ��YZC__�ڲ��
YYDS_��ȡ��ֵ��YZC__�ڲ��ͷ�
YYDS_��ȡ��ֵ��YZC__��ò�׽��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__ȡJSONֵ
YYDS_��ȡ��ֵ��YZC__ȡYJ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��ԭ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��2
YYDS_��ȡ��ֵ��YZC__ȡ��ֵ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��ı�
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��YY
YYDS_��ȡ��ֵ��YZC__ȡ�б�
YYDS_��ȡ��ֵ��YZC__ȡ�߼�ֵ
YYDS_��ȡ��ֵ��YZC__ȡ�ڴ�ʹ��
YYDS_��ȡ��ֵ��YZC__ȡʱ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��ֵ��
YYDS_��ȡ��ֵ��YZC__ȡ˫��С��
YYDS_��ȡ��ֵ��YZC__ȡ�ı�
YYDS_��ȡ��ֵ��YZC__ȡ�ı�W
YYDS_��ȡ��ֵ��YZC__ȡС��
YYDS_��ȡ��ֵ��YZC__ȡ��ü�ֵ��
YYDS_��ȡ��ֵ��YZC__ȡ��ü�ֵ��_��
YYDS_��ȡ��ֵ��YZC__ȡ��б�
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡֵ
YYDS_��ȡ��ֵ��YZC__ȡָ��
YYDS_��ȡ��ֵ��YZC__ȡ��б�
YYDS_��ȡ��ֵ��YZC__ȡ�ֽڼ�
YYDS_��ȡ��ֵ��YZC__ɾ��
YYDS_��ȡ��ֵ��YZC__�Ƿ��
YYDS_��ȡ��ֵ��YZC__�Ƿ�Ϊ��ֵ
YYDS_��ȡ��ֵ��YZC__�ͷ��ڴ�
YYDS_��ȡ��ֵ��YZC__��ӳ��
YYDS_��ȡ��ֵ��YZC__��Ӽ�ֵ��
YYDS_��ȡ��ֵ��YZC__��б�
YYDS_��ȡ��ֵ��YZC__��߼�ֵ
YYDS_��ȡ��ֵ��YZC__��ʱ��
YYDS_��ȡ��ֵ��YZC__��˫��С��
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__��С��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ֵ
YYDS_��ȡ��ֵ��YZC__��ֽڼ�
YYDS_��ȡ��ֵ��YZC__δʵ��
YYDS_��ȡ��ֵ��YZC__��JSONֵ
YYDS_��ȡ��ֵ��YZC__�ó��
YYDS_��ȡ��ֵ��YZC__�ü�ֵ��
YYDS_��ȡ��ֵ��YZC__�ÿռ�ֵ��
YYDS_��ȡ��ֵ��YZC__�ÿ��б�
YYDS_��ȡ��ֵ��YZC__��б�
YYDS_��ȡ��ֵ��YZC__��߼�ֵ
YYDS_��ȡ��ֵ��YZC__��ʱ��
YYDS_��ȡ��ֵ��YZC__��˫��С��
YYDS_��ȡ��ֵ��YZC__��Ϊ��ֵ
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__��С��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ֵ
YYDS_��ȡ��ֵ��YZC__��ָ��
YYDS_��ȡ��ֵ��YZC__��ֽڼ�
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��б��
YYDS_��ȡ��ֵ��YZC__��б��
YYDS_��ȡ��ֵ��YZC__��б�ɾ��
YYDS_��ȡ��ֵ��YZC__��б��
YYDS_��ȡ�б�YZC__��ļ�
YYDS_��ȡ�б�YZC__��볤��
YYDS_��ȡ�б�YZC__��ֵ��
YYDS_��ȡ�б�YZC__��б�
YYDS_��ȡ�б�YZC__��߼�
YYDS_��ȡ�б�YZC__��ʱ��
YYDS_��ȡ�б�YZC__��˫��С��
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��С��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ֵ
YYDS_��ȡ�б�YZC__��ֽڼ�
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ȡ��ͷ
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��Base64��
YYDS_��ȡ�б�YZC__��CSV��
YYDS_��ȡ�б�YZC__��JSON��
YYDS_��ȡ�б�YZC__�Ӿ��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ı��ָ�
YYDS_��ȡ�б�YZC__��ļ��
YYDS_��ȡ�б�YZC__��ָ��
YYDS_��ȡ�б�YZC__��ֽڼ��Ex
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��Ex
YYDS_��ȡ�б�YZC__��ļ�
YYDS_��ȡ�б�YZC__��Base64
YYDS_��ȡ�б�YZC__��CSV
YYDS_��ȡ�б�YZC__��JSON
YYDS_��ȡ�б�YZC__��JSON��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��ֽڼ�Ex
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__�ر��ļ�
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__�ϲ��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��Ex
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��ļ�
YYDS_��ȡ�б�YZC__ö��_��ݹ�ö��
YYDS_��ȡ�б�YZC__ö��_��ö�ٳ�ʼ��
YYDS_��ȡ�б�YZC__ö��_�ͷ�
YYDS_��ȡ�б�YZC__ö��_��ݹ�ö��
YYDS_��ȡ�б�YZC__ö��_��ö�ٳ�ʼ��
YYDS_��ȡ�б�YZC__�ڲ��ʼ��
YYDS_��ȡ�б�YZC__�ڲ��
YYDS_��ȡ�б�YZC__�ڲ��ͷ�
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ò�׽��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__ȡJSONֵ
YYDS_��ȡ�б�YZC__ȡYJ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ�
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��ԭ��
YYDS_��ȡ�б�YZC__ȡ��ֵ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��ı�
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��YY
YYDS_��ȡ�б�YZC__ȡ�б�
YYDS_��ȡ�б�YZC__ȡ�߼�ֵ
YYDS_��ȡ�б�YZC__ȡ�ڴ�ʹ��
YYDS_��ȡ�б�YZC__ȡʱ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��ֵ��
YYDS_��ȡ�б�YZC__ȡ˫��С��
YYDS_��ȡ�б�YZC__ȡ�ı�
YYDS_��ȡ�б�YZC__ȡ�ı�W
YYDS_��ȡ�б�YZC__ȡС��
YYDS_��ȡ�б�YZC__ȡ��ü�ֵ��
YYDS_��ȡ�б�YZC__ȡ��б�
YYDS_��ȡ�б�YZC__ȡ��б�_��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡֵ
YYDS_��ȡ�б�YZC__ȡָ��
YYDS_��ȡ�б�YZC__ȡ��б�
YYDS_��ȡ�б�YZC__ȡ�ֽڼ�
YYDS_��ȡ�б�YZC__ȥ�ظ�
YYDS_��ȡ�б�YZC__ɾ��
YYDS_��ȡ�б�YZC__�Ƿ��
YYDS_��ȡ�б�YZC__�Ƿ�Ϊ��ֵ
YYDS_��ȡ�б�YZC__�ͷ��ڴ�
YYDS_��ȡ�б�YZC__��ӳ��
YYDS_��ȡ�б�YZC__��Ӽ�ֵ��
YYDS_��ȡ�б�YZC__��Ӽ�ֵ��_��
YYDS_��ȡ�б�YZC__��б�
YYDS_��ȡ�б�YZC__��б�_��
YYDS_��ȡ�б�YZC__��߼�ֵ
YYDS_��ȡ�б�YZC__��ʱ��
YYDS_��ȡ�б�YZC__��˫��С��
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��С��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ֵ
YYDS_��ȡ�б�YZC__��ֽڼ�
YYDS_��ȡ�б�YZC__��JSONֵ
YYDS_��ȡ�б�YZC__�ó��
YYDS_��ȡ�б�YZC__�ü�ֵ��
YYDS_��ȡ�б�YZC__��б�
YYDS_��ȡ�б�YZC__��߼�ֵ
YYDS_��ȡ�б�YZC__��ʱ��
YYDS_��ȡ�б�YZC__��˫��
YYDS_��ȡ�б�YZC__��Ϊ��ֵ
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��С��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ֵ
YYDS_��ȡ�б�YZC__��ָ��
YYDS_��ȡ�б�YZC__��ֽڼ�
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��
YYDS_��YYDS
YYDS_��ӳ��YZC_
YYDS_��ı��ļ�_
YYDS_�ָ��ı�_�ͷ�_
YYDS_�ָ��ı�_ֻ��_
YYDS_��ʽ��_δʵ��
YYDS_�ϲ��ı�_
YYDS_��ԭ��_
YYDS_��_ת��_
YYDS_�ӽ��ܶ��YZC__��
YYDS_�ӽ��ܶ��YZC__��
YYDS_�ӽ��ܶ��YZC__�ڲ��ʼ��
YYDS_�ӽ��ܶ��YZC__�ڲ��
YYDS_�ӽ��ܶ��YZC__�ڲ��ͷ�
YYDS_�ӽ��ܶ��YZC__ȡHMACֵ
YYDS_�ӽ��ܶ��YZC__ȡ��ϣ��
YYDS_��_��ֵYYDS
YYDS_��_ȡ��YYDS
YYDS_��_ȡ��YYDS
YYDS_��_ȡ�߼�ֵYYDS
YYDS_��_ȡ��ʱ��YYDS
YYDS_��_ȡ˫��С��YYDS
YYDS_��_ȡ�ı�YYDS
YYDS_��_ȡ�ı�wYYDS
YYDS_��_ȡ��YYDS
YYDS_��_ȡ�ֽڼ�YYDS
YYDS_��_�ó��YYDS
YYDS_��_��߼�ֵYYDS
YYDS_��_��˫��YYDS
YYDS_��_��ı�YYDS
YYDS_Ŀ¼_��_
YYDS_Ŀ¼_��YZC_
YYDS_Ŀ¼_�ӷ��_
YYDS_Ŀ¼_ȡ��Ŀ¼_
YYDS_Ŀ¼_ȡ�ض�Ŀ¼_
YYDS_Ŀ¼_ȥ��_
YYDS_�ڴ��ؿ�YZC__��
YYDS_�ڴ��ؿ�YZC__�ڲ��ʼ��
YYDS_�ڴ��ؿ�YZC__�ڲ��
YYDS_�ڴ��ؿ�YZC__�ڲ��ͷ�
YYDS_�ڴ��ؿ�YZC__ȡ��ַ
YYDS_�ڴ��ؿ�YZC__ȡ��ַ
YYDS_�ڴ��ؿ�YZC__ȡ��ط�ʽ
YYDS_�ڴ��ؿ�YZC__ȡ��
YYDS_�ڴ��ؿ�YZC__�ͷ�
YYDS_��߳�_
YYDS_ȡ��ַ_
YYDS_ȡ��ݵ�ַ_
YYDS_ȡ�ڴ��С_
YYDS_ȡ��_
YYDS_ȡ��·��_
YYDS_��ڴ�_
YYDS_ʱ��_JSONתΪʱ��_
YYDS_ʱ��_��Jsonʱ��_
YYDS_ʱ��_��ʱ��_
YYDS_ʱ��_��ı�_
YYDS_ʱ��_��ʽ��_
YYDS_ʱ��_ȡ��ʱ��_
YYDS_ʱ��_ʱ��ʱ��_
YYDS_ʱ��_ʱ��ת�ı�_
YYDS_�ͷ��ڴ�_
YYDS_��֤��YZC__��JSON��
YYDS_��֤��YZC__��JSON
YYDS_��֤��YZC__��
YYDS_��֤��YZC__��ʼ��
YYDS_��֤��YZC__�ڲ��ʼ��
YYDS_��֤��YZC__�ڲ��
YYDS_��֤��YZC__�ڲ��ͷ�
YYDS_��֤��YZC__��
YYDS_��֤��YZC__��ӳ��ӳ��
YYDS_��֤��YZC__��֤��
YYDS_��֤��YZC__��֤��
YYDS_��֤��YZC__��֤��
YYDS_��_��ת_
YYDS_��_��_
YYDS_��_��_
YYDS_��_ȡ��_
YYDS_��_ȡ�_
YYDS_��_ȡ��_
YYDS_��_ȡ��_
YYDS_��_ȥ�ظ�_
YYDS_��_�Ƿ��_
YYDS_��_ת��_
YYDS_��ҳ_��YY_
YYDS_��վ�ͻ��YZC__��ϴ��ļ��
YYDS_��վ�ͻ��YZC__��ϴ��ļ��_��ֽڼ�
YYDS_��վ�ͻ��YZC__�ڲ��ʼ��
YYDS_��վ�ͻ��YZC__�ڲ��
YYDS_��վ�ͻ��YZC__�ڲ��ͷ�
YYDS_��վ�ͻ��YZC__ȡCookie
YYDS_��վ�ͻ��YZC__ȡ��
YYDS_��վ�ͻ��YZC__ȡ��ʶ
YYDS_��վ�ͻ��YZC__ȡ��
YYDS_��վ�ͻ��YZC__ȡ��Ӧͷ
YYDS_��վ�ͻ��YZC__ȡ��Ӧͷ�ı�
YYDS_��վ�ͻ��YZC__ȡ��Ӧ״̬
YYDS_��վ�ͻ��YZC__ȡ��Ӧ״̬�ı�
YYDS_��վ�ͻ��YZC__ȡ��
YYDS_��վ�ͻ��YZC__ȡЭ��汾��
YYDS_��վ�ͻ��YZC__�Ƿ��ô��
YYDS_��վ�ͻ��YZC__�Ƿ��ȡ��
YYDS_��վ�ͻ��YZC__�Ƿ��Զ��ת
YYDS_��վ�ͻ��YZC__ִ��GET
YYDS_��վ�ͻ��YZC__ִ��POST
YYDS_��վ�ͻ��YZC__ִ��PUT��
YYDS_��վ�ͻ��YZC__ִ��PUT�ļ�
YYDS_��վ�ͻ��YZC__ִ��
YYDS_��վ�ͻ��YZC__ִ��
YYDS_��վ�ͻ��YZC__��Cookie
YYDS_��վ�ͻ��YZC__�ñ��ļ�
YYDS_��վ�ͻ��YZC__�ñ��
YYDS_��վ�ͻ��YZC__�ñ�ʶ
YYDS_��վ�ͻ��YZC__�ñ�ʶ1
YYDS_��վ�ͻ��YZC__�ó�ʱʱ��
YYDS_��վ�ͻ��YZC__�ô��
YYDS_��վ�ͻ��YZC__�ý��Ȼص�
YYDS_��վ�ͻ��YZC__��ͷ
YYDS_��վ�ͻ��YZC__��ͷs
YYDS_��վ�ͻ��YZC__��Զ��Cookie
YYDS_��վ�ͻ��YZC__��Զ��ת
YYDS_��վ�ͻ��YZC__��
YYDS_�ı�_ȡ��м��ı�_
YYDS_�ı�_ȡƴ��_
YYDS_�ı�_ȡ�ı��ұ�_
YYDS_�ı�_ȡ�ı��_
YYDS_�ı�_ȡ��_
YYDS_�ı�_ȡ��_
YYDS_�ı�_ɾ��YZC_
YYDS_�ı�_ɾ��β��EX_
YYDS_�ı�_�滻_
YYDS_�ı��ת��_
YYDS_�ļ�_��_
YYDS_�ļ�_ö��_��YZC_
YYDS_�ļ�_ö��_��YZC_
YYDS_�ļ�_ȡ��׺_
YYDS_�ļ�_ȡĿ¼_
YYDS_�ļ�_ȡ�ļ��_
YYDS_�߳�_��_
YYDS_�߳�_��_��_
YYDS_�߳�_��_��ת��_
YYDS_д��ı��ļ�_
YYDS_ѹ��_
YYDS_�ӳ�_
YYDS_ӳ��_Json_ת�Զ��
YYDS_ӳ��_Json_ת�Զ��
YYDS_ӳ��_��_��ʼ��
YYDS_ӳ��_��_ֵת��
YYDS_ӳ��_��_ע��ת��
YYDS_ӳ��_��ʼ��
YYDS_ӳ��_��ֵ��_ת�Զ��
YYDS_ӳ��_�б�_ת�Զ��
YYDS_ӳ��_��
YYDS_ӳ��_�Զ��_תJson
YYDS_ӳ��_�Զ��_ת��ֵ��

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 468KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ddbab170981fe9785a4672a0c339fa4

Headers

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

dbghelp

wininet

ole32

winhttp

crypt32

advapi32

gdi32

winspool.drv

comctl32

oledlg

oleaut32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 468KB - Virtual size: 586KB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 64KB - Virtual size: 63KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 468KB - Virtual size: 586KB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 64KB - Virtual size: 63KB