blackmoon | cf418b6ffbb2b58245eff54bbe846328ebc1c54d8c7cacafecb616ffb917d2bf

Sharing

Copy URL Twitter E-mail

General

Target

cf418b6ffbb2b58245eff54bbe846328ebc1c54d8c7cacafecb616ffb917d2bf
Size

798KB
MD5

5666364fa21869c563323bad2bf8b0b6
SHA1

3ffb1162eaf2b906e0176c04ba41d104bdd87727
SHA256

cf418b6ffbb2b58245eff54bbe846328ebc1c54d8c7cacafecb616ffb917d2bf
SHA512

73f55e84ef038f0c4a5b7cd421f14f780c346eed74a8025f31e50bcfbf6cb7718081b9c397da1ce92cf0c25e9f5428341c2b78ecaa956af02e5dca191cc18f02
SSDEEP

24576:lJVxTf6bW2Wt7gctTBQKBY+4rlmg87z0CJnd:fCbWTUcInIx7z0CJnd

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
cf418b6ffbb2b58245eff54bbe846328ebc1c54d8c7cacafecb616ffb917d2bf
unpack001/out.upx

Files

cf418b6ffbb2b58245eff54bbe846328ebc1c54d8c7cacafecb616ffb917d2bf
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf
YYDS_Base64��YY_
YYDS_Base64��YY_
YYDS_CookieEasy__�ڲ��ʼ��
YYDS_CookieEasy__�ڲ��
YYDS_CookieEasy__�ڲ��ͷ�
YYDS_GZIP_��ѹ_�ı�_
YYDS_GZIP_��ѹ_ָ��2_
YYDS_GZIP_��ѹ_ָ��_
YYDS_GZIP_��ѹ_�ֽڼ�_
YYDS_GZIP_ѹ��ı�_
YYDS_GZIP_ѹ��ֽڼ�_
YYDS_HEX��_
YYDS_HEX��_
YYDS_Json2Xml
YYDS_ProcessNotifyLib
YYDS_RSA�ӽ��YZC__�ڲ��ʼ��
YYDS_RSA�ӽ��YZC__�ڲ��
YYDS_RSA�ӽ��YZC__�ڲ��ͷ�
YYDS_RSA�ӽ��YZC__ǩ��
YYDS_RSA�ӽ��YZC__��֤ǩ��
YYDS_RSA�ӽ��YZC__��빫Կ
YYDS_RSA�ӽ��YZC__��˽Կ
YYDS_Xml2Json
YYDS_YYDS_��·��ʽ
YYDS_YY��д��__��Խ��
YYDS_YY��д��__��
YYDS_YY��д��__��˳�
YYDS_YY��д��__�ڲ��ʼ��
YYDS_YY��д��__�ڲ��
YYDS_YY��д��__�ڲ��ͷ�
YYDS_YY��д��__д��Խ��
YYDS_YY��д��__д��
YYDS_YY��д��__д�˳�
YYDS_YY�ٽ��__��Խ��
YYDS_YY�ٽ��__��
YYDS_YY�ٽ��__�ڲ��ʼ��
YYDS_YY�ٽ��__�ڲ��
YYDS_YY�ٽ��__�ڲ��ͷ�
YYDS_YY�ٽ��__�˳�
YYDS_YYʱ��__��
YYDS_YYʱ��__�ڲ��ʼ��
YYDS_YYʱ��__�ڲ��
YYDS_YYʱ��__�ڲ��ͷ�
YYDS_YYʱ��__ʱ��
YYDS_YY�̳߳�__��̬
YYDS_YY�̳߳�__��
YYDS_YY�̳߳�__�ȴ�
YYDS_YY�̳߳�__�ȴ��̬
YYDS_YY�̳߳�__��
YYDS_YY�̳߳�__�ڲ��ʼ��
YYDS_YY�̳߳�__�ڲ��
YYDS_YY�̳߳�__�ڲ��ͷ�
YYDS_YY�̳߳�__ȡ_��
YYDS_YY�̳߳�__ȡ_��߳��
YYDS_YY�̳߳�__ȡ_�Ƿ��ȫ��
YYDS_YY�̳߳�__ȡ_�Ƿ��п��
YYDS_YY�̳߳�__ȡ_�Ƿ��п��ж�
YYDS_YY�̳߳�__ȡ_�̳߳��
YYDS_YY�̳߳�__ȡ_ִ��߳��
YYDS_YY�̳߳�__ȡ_״̬
YYDS_YY�̳߳�__ȡ_��߳��
YYDS_YY�̳߳�__ȡ��Ex
YYDS_YY�̳߳�__ȡ��Զ��
YYDS_YY�̳߳�__�¼�_��ͣ
YYDS_YY�̳߳�__Ͷ��
YYDS_YY�̳߳�__Ͷ��Ex
YYDS_YY�̳߳�__Ͷ��_��
YYDS_YY�̳߳�__Ͷ��_��ת��
YYDS_YY�̳߳�__Ͷ��_�Զ��
YYDS_YY�̳߳�__��
YYDS_YY�̳߳�__��ͣ
YYDS_YY�̳߳�__��_��ʼջ��С
YYDS_YY�̳߳�__��_��л��ʱ��
YYDS_YY�̳߳�__��_��̻߳ص�
YYDS_YY�̳߳�__��_�̳߳ػص�
YYDS_YY�̳߳�__��_��߳��
YYDS_YY�ź��__��
YYDS_YY�ź��__��
YYDS_YY�ź��__�ݼ�
YYDS_YY�ź��__�ر�
YYDS_YY�ź��__��
YYDS_YY�ź��__�ڲ��ʼ��
YYDS_YY�ź��__�ڲ��
YYDS_YY�ź��__�ڲ��ͷ�
YYDS_YY�ź��__�Ƿ��Ѵ��
YYDS_YY�ź��__��
YYDS__��ڴ��
YYDS__д�ڴ��
YYDS_deflate_��ѹ_
YYDS_deflate_��ѹ_ָ��2_
YYDS_deflate_��ѹ_ָ��_
YYDS_��_URL��_
YYDS_��_URL��_
YYDS_��_��W_
YYDS_��_��_
YYDS_��_��_
YYDS_��CRC_
YYDS_��ֵ��_
YYDS_��б�_
YYDS_��ʱ��ı�_
YYDS_��ı�_
YYDS_��ı��ʱ��_
YYDS_��ȡ��YZC__��ʼ��
YYDS_��ȡ��YZC__��
YYDS_��ȡ��YZC__��β��
YYDS_��ȡ��YZC__�ٽ��
YYDS_��ȡ��YZC__�ٽ��˳�
YYDS_��ȡ��YZC__�ڲ��ʼ��
YYDS_��ȡ��YZC__�ڲ��
YYDS_��ȡ��YZC__�ڲ��ͷ�
YYDS_��ȡ��YZC__��
YYDS_��ȡ��YZC__ȡ��
YYDS_��ȡ��YZC__ѹ�붥��
YYDS_��ȡ��YZC__ѹ��
YYDS_��ȡ��YZC__�û��ֵ
YYDS_��ȡ��YZC__��³�ʼ��
YYDS_��ȡ��ֵ��YZC__��ļ�
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ϴ��ļ��
YYDS_��ȡ��ֵ��YZC__��Base64��
YYDS_��ȡ��ֵ��YZC__��JSON��
YYDS_��ȡ��ֵ��YZC__��XML��
YYDS_��ȡ��ֵ��YZC__�ӱ��
YYDS_��ȡ��ֵ��YZC__�Ӿ��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ļ��
YYDS_��ȡ��ֵ��YZC__��ָ��
YYDS_��ȡ��ֵ��YZC__��ֽڼ��Ex
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��Ex
YYDS_��ȡ��ֵ��YZC__��ļ�
YYDS_��ȡ��ֵ��YZC__��Base64
YYDS_��ȡ��ֵ��YZC__��JSON
YYDS_��ȡ��ֵ��YZC__��JSON��
YYDS_��ȡ��ֵ��YZC__��Xml
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__��ͷ
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__��ֽڼ�Ex
YYDS_��ȡ��ֵ��YZC__�ر��ļ�
YYDS_��ȡ��ֵ��YZC__�ϲ��
YYDS_��ȡ��ֵ��YZC__��ֵ��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��Ex
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ֵ
YYDS_��ȡ��ֵ��YZC__��ļ�
YYDS_��ȡ��ֵ��YZC__ö��_��ݹ�ö��
YYDS_��ȡ��ֵ��YZC__ö��_��ö�ٳ�ʼ��
YYDS_��ȡ��ֵ��YZC__ö��_�ͷ�
YYDS_��ȡ��ֵ��YZC__ö��_��ݹ�ö��
YYDS_��ȡ��ֵ��YZC__ö��_��ö�ٳ�ʼ��
YYDS_��ȡ��ֵ��YZC__�ڲ��ʼ��
YYDS_��ȡ��ֵ��YZC__�ڲ��
YYDS_��ȡ��ֵ��YZC__�ڲ��ͷ�
YYDS_��ȡ��ֵ��YZC__��ò�׽��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__ȡJSONֵ
YYDS_��ȡ��ֵ��YZC__ȡYJ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��ԭ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��2
YYDS_��ȡ��ֵ��YZC__ȡ��ֵ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��ı�
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��YY
YYDS_��ȡ��ֵ��YZC__ȡ�б�
YYDS_��ȡ��ֵ��YZC__ȡ�߼�ֵ
YYDS_��ȡ��ֵ��YZC__ȡ�ڴ�ʹ��
YYDS_��ȡ��ֵ��YZC__ȡʱ��
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡ��ֵ��
YYDS_��ȡ��ֵ��YZC__ȡ˫��С��
YYDS_��ȡ��ֵ��YZC__ȡ�ı�
YYDS_��ȡ��ֵ��YZC__ȡ�ı�W
YYDS_��ȡ��ֵ��YZC__ȡС��
YYDS_��ȡ��ֵ��YZC__ȡ��ü�ֵ��
YYDS_��ȡ��ֵ��YZC__ȡ��ü�ֵ��_��
YYDS_��ȡ��ֵ��YZC__ȡ��б�
YYDS_��ȡ��ֵ��YZC__ȡ��
YYDS_��ȡ��ֵ��YZC__ȡֵ
YYDS_��ȡ��ֵ��YZC__ȡָ��
YYDS_��ȡ��ֵ��YZC__ȡ��б�
YYDS_��ȡ��ֵ��YZC__ȡ�ֽڼ�
YYDS_��ȡ��ֵ��YZC__ɾ��
YYDS_��ȡ��ֵ��YZC__�Ƿ��
YYDS_��ȡ��ֵ��YZC__�Ƿ�Ϊ��ֵ
YYDS_��ȡ��ֵ��YZC__�ͷ��ڴ�
YYDS_��ȡ��ֵ��YZC__��ӳ��
YYDS_��ȡ��ֵ��YZC__��Ӽ�ֵ��
YYDS_��ȡ��ֵ��YZC__��б�
YYDS_��ȡ��ֵ��YZC__��߼�ֵ
YYDS_��ȡ��ֵ��YZC__��ʱ��
YYDS_��ȡ��ֵ��YZC__��˫��С��
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__��С��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ֵ
YYDS_��ȡ��ֵ��YZC__��ֽڼ�
YYDS_��ȡ��ֵ��YZC__δʵ��
YYDS_��ȡ��ֵ��YZC__��JSONֵ
YYDS_��ȡ��ֵ��YZC__�ó��
YYDS_��ȡ��ֵ��YZC__�ü�ֵ��
YYDS_��ȡ��ֵ��YZC__�ÿռ�ֵ��
YYDS_��ȡ��ֵ��YZC__�ÿ��б�
YYDS_��ȡ��ֵ��YZC__��б�
YYDS_��ȡ��ֵ��YZC__��߼�ֵ
YYDS_��ȡ��ֵ��YZC__��ʱ��
YYDS_��ȡ��ֵ��YZC__��˫��С��
YYDS_��ȡ��ֵ��YZC__��Ϊ��ֵ
YYDS_��ȡ��ֵ��YZC__��ı�
YYDS_��ȡ��ֵ��YZC__��С��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��ֵ
YYDS_��ȡ��ֵ��YZC__��ָ��
YYDS_��ȡ��ֵ��YZC__��ֽڼ�
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��
YYDS_��ȡ��ֵ��YZC__��б��
YYDS_��ȡ��ֵ��YZC__��б��
YYDS_��ȡ��ֵ��YZC__��б�ɾ��
YYDS_��ȡ��ֵ��YZC__��б��
YYDS_��ȡ�б�YZC__��ļ�
YYDS_��ȡ�б�YZC__��볤��
YYDS_��ȡ�б�YZC__��ֵ��
YYDS_��ȡ�б�YZC__��б�
YYDS_��ȡ�б�YZC__��߼�
YYDS_��ȡ�б�YZC__��ʱ��
YYDS_��ȡ�б�YZC__��˫��С��
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��С��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ֵ
YYDS_��ȡ�б�YZC__��ֽڼ�
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ȡ��ͷ
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��Base64��
YYDS_��ȡ�б�YZC__��CSV��
YYDS_��ȡ�б�YZC__��JSON��
YYDS_��ȡ�б�YZC__�Ӿ��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ı��ָ�
YYDS_��ȡ�б�YZC__��ļ��
YYDS_��ȡ�б�YZC__��ָ��
YYDS_��ȡ�б�YZC__��ֽڼ��Ex
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��Ex
YYDS_��ȡ�б�YZC__��ļ�
YYDS_��ȡ�б�YZC__��Base64
YYDS_��ȡ�б�YZC__��CSV
YYDS_��ȡ�б�YZC__��JSON
YYDS_��ȡ�б�YZC__��JSON��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��ֽڼ�Ex
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__�ر��ļ�
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__�ϲ��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��Ex
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��ļ�
YYDS_��ȡ�б�YZC__ö��_��ݹ�ö��
YYDS_��ȡ�б�YZC__ö��_��ö�ٳ�ʼ��
YYDS_��ȡ�б�YZC__ö��_�ͷ�
YYDS_��ȡ�б�YZC__ö��_��ݹ�ö��
YYDS_��ȡ�б�YZC__ö��_��ö�ٳ�ʼ��
YYDS_��ȡ�б�YZC__�ڲ��ʼ��
YYDS_��ȡ�б�YZC__�ڲ��
YYDS_��ȡ�б�YZC__�ڲ��ͷ�
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ò�׽��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__ȡJSONֵ
YYDS_��ȡ�б�YZC__ȡYJ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ�
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��ԭ��
YYDS_��ȡ�б�YZC__ȡ��ֵ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��ı�
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��YY
YYDS_��ȡ�б�YZC__ȡ�б�
YYDS_��ȡ�б�YZC__ȡ�߼�ֵ
YYDS_��ȡ�б�YZC__ȡ�ڴ�ʹ��
YYDS_��ȡ�б�YZC__ȡʱ��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡ��ֵ��
YYDS_��ȡ�б�YZC__ȡ˫��С��
YYDS_��ȡ�б�YZC__ȡ�ı�
YYDS_��ȡ�б�YZC__ȡ�ı�W
YYDS_��ȡ�б�YZC__ȡС��
YYDS_��ȡ�б�YZC__ȡ��ü�ֵ��
YYDS_��ȡ�б�YZC__ȡ��б�
YYDS_��ȡ�б�YZC__ȡ��б�_��
YYDS_��ȡ�б�YZC__ȡ��
YYDS_��ȡ�б�YZC__ȡֵ
YYDS_��ȡ�б�YZC__ȡָ��
YYDS_��ȡ�б�YZC__ȡ��б�
YYDS_��ȡ�б�YZC__ȡ�ֽڼ�
YYDS_��ȡ�б�YZC__ȥ�ظ�
YYDS_��ȡ�б�YZC__ɾ��
YYDS_��ȡ�б�YZC__�Ƿ��
YYDS_��ȡ�б�YZC__�Ƿ�Ϊ��ֵ
YYDS_��ȡ�б�YZC__�ͷ��ڴ�
YYDS_��ȡ�б�YZC__��ӳ��
YYDS_��ȡ�б�YZC__��Ӽ�ֵ��
YYDS_��ȡ�б�YZC__��Ӽ�ֵ��_��
YYDS_��ȡ�б�YZC__��б�
YYDS_��ȡ�б�YZC__��б�_��
YYDS_��ȡ�б�YZC__��߼�ֵ
YYDS_��ȡ�б�YZC__��ʱ��
YYDS_��ȡ�б�YZC__��˫��С��
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��С��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ֵ
YYDS_��ȡ�б�YZC__��ֽڼ�
YYDS_��ȡ�б�YZC__��JSONֵ
YYDS_��ȡ�б�YZC__�ó��
YYDS_��ȡ�б�YZC__�ü�ֵ��
YYDS_��ȡ�б�YZC__��б�
YYDS_��ȡ�б�YZC__��߼�ֵ
YYDS_��ȡ�б�YZC__��ʱ��
YYDS_��ȡ�б�YZC__��˫��
YYDS_��ȡ�б�YZC__��Ϊ��ֵ
YYDS_��ȡ�б�YZC__��ı�
YYDS_��ȡ�б�YZC__��С��
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��ֵ
YYDS_��ȡ�б�YZC__��ָ��
YYDS_��ȡ�б�YZC__��ֽڼ�
YYDS_��ȡ�б�YZC__��
YYDS_��ȡ�б�YZC__��
YYDS_��YYDS
YYDS_��ӳ��YZC_
YYDS_��ı��ļ�_
YYDS_�ָ��ı�_�ͷ�_
YYDS_�ָ��ı�_ֻ��_
YYDS_��ʽ��_δʵ��
YYDS_�ϲ��ı�_
YYDS_��ԭ��_
YYDS_��_ת��_
YYDS_�ӽ��ܶ��YZC__��
YYDS_�ӽ��ܶ��YZC__��
YYDS_�ӽ��ܶ��YZC__�ڲ��ʼ��
YYDS_�ӽ��ܶ��YZC__�ڲ��
YYDS_�ӽ��ܶ��YZC__�ڲ��ͷ�
YYDS_�ӽ��ܶ��YZC__ȡHMACֵ
YYDS_�ӽ��ܶ��YZC__ȡ��ϣ��
YYDS_��_��ֵYYDS
YYDS_��_ȡ��YYDS
YYDS_��_ȡ��YYDS
YYDS_��_ȡ�߼�ֵYYDS
YYDS_��_ȡ��ʱ��YYDS
YYDS_��_ȡ˫��С��YYDS
YYDS_��_ȡ�ı�YYDS
YYDS_��_ȡ�ı�wYYDS
YYDS_��_ȡ��YYDS
YYDS_��_ȡ�ֽڼ�YYDS
YYDS_��_�ó��YYDS
YYDS_��_��߼�ֵYYDS
YYDS_��_��˫��YYDS
YYDS_��_��ı�YYDS
YYDS_Ŀ¼_��_
YYDS_Ŀ¼_��YZC_
YYDS_Ŀ¼_�ӷ��_
YYDS_Ŀ¼_ȡ��Ŀ¼_
YYDS_Ŀ¼_ȡ�ض�Ŀ¼_
YYDS_Ŀ¼_ȥ��_
YYDS_�ڴ��ؿ�YZC__��
YYDS_�ڴ��ؿ�YZC__�ڲ��ʼ��
YYDS_�ڴ��ؿ�YZC__�ڲ��
YYDS_�ڴ��ؿ�YZC__�ڲ��ͷ�
YYDS_�ڴ��ؿ�YZC__ȡ��ַ
YYDS_�ڴ��ؿ�YZC__ȡ��ַ
YYDS_�ڴ��ؿ�YZC__ȡ��ط�ʽ
YYDS_�ڴ��ؿ�YZC__ȡ��
YYDS_�ڴ��ؿ�YZC__�ͷ�
YYDS_��߳�_
YYDS_ȡ��ַ_
YYDS_ȡ��ݵ�ַ_
YYDS_ȡ�ڴ��С_
YYDS_ȡ��_
YYDS_ȡ��·��_
YYDS_��ڴ�_
YYDS_ʱ��_JSONתΪʱ��_
YYDS_ʱ��_��Jsonʱ��_
YYDS_ʱ��_��ʱ��_
YYDS_ʱ��_��ı�_
YYDS_ʱ��_��ʽ��_
YYDS_ʱ��_ȡ��ʱ��_
YYDS_ʱ��_ʱ��ʱ��_
YYDS_ʱ��_ʱ��ת�ı�_
YYDS_�ͷ��ڴ�_
YYDS_��֤��YZC__��JSON��
YYDS_��֤��YZC__��JSON
YYDS_��֤��YZC__��
YYDS_��֤��YZC__��ʼ��
YYDS_��֤��YZC__�ڲ��ʼ��
YYDS_��֤��YZC__�ڲ��
YYDS_��֤��YZC__�ڲ��ͷ�
YYDS_��֤��YZC__��
YYDS_��֤��YZC__��ӳ��ӳ��
YYDS_��֤��YZC__��֤��
YYDS_��֤��YZC__��֤��
YYDS_��֤��YZC__��֤��
YYDS_��_��ת_
YYDS_��_��_
YYDS_��_��_
YYDS_��_ȡ��_
YYDS_��_ȡ�_
YYDS_��_ȡ��_
YYDS_��_ȡ��_
YYDS_��_ȥ�ظ�_
YYDS_��_�Ƿ��_
YYDS_��_ת��_
YYDS_��ҳ_��YY_
YYDS_��վ�ͻ��YZC__��ϴ��ļ��
YYDS_��վ�ͻ��YZC__��ϴ��ļ��_��ֽڼ�
YYDS_��վ�ͻ��YZC__�ڲ��ʼ��
YYDS_��վ�ͻ��YZC__�ڲ��
YYDS_��վ�ͻ��YZC__�ڲ��ͷ�
YYDS_��վ�ͻ��YZC__ȡCookie
YYDS_��վ�ͻ��YZC__ȡ��
YYDS_��վ�ͻ��YZC__ȡ��ʶ
YYDS_��վ�ͻ��YZC__ȡ��
YYDS_��վ�ͻ��YZC__ȡ��Ӧͷ
YYDS_��վ�ͻ��YZC__ȡ��Ӧͷ�ı�
YYDS_��վ�ͻ��YZC__ȡ��Ӧ״̬
YYDS_��վ�ͻ��YZC__ȡ��Ӧ״̬�ı�
YYDS_��վ�ͻ��YZC__ȡ��
YYDS_��վ�ͻ��YZC__ȡЭ��汾��
YYDS_��վ�ͻ��YZC__�Ƿ��ô��
YYDS_��վ�ͻ��YZC__�Ƿ��ȡ��
YYDS_��վ�ͻ��YZC__�Ƿ��Զ��ת
YYDS_��վ�ͻ��YZC__ִ��GET
YYDS_��վ�ͻ��YZC__ִ��POST
YYDS_��վ�ͻ��YZC__ִ��PUT��
YYDS_��վ�ͻ��YZC__ִ��PUT�ļ�
YYDS_��վ�ͻ��YZC__ִ��
YYDS_��վ�ͻ��YZC__ִ��
YYDS_��վ�ͻ��YZC__��Cookie
YYDS_��վ�ͻ��YZC__�ñ��ļ�
YYDS_��վ�ͻ��YZC__�ñ��
YYDS_��վ�ͻ��YZC__�ñ�ʶ
YYDS_��վ�ͻ��YZC__�ñ�ʶ1
YYDS_��վ�ͻ��YZC__�ó�ʱʱ��
YYDS_��վ�ͻ��YZC__�ô��
YYDS_��վ�ͻ��YZC__�ý��Ȼص�
YYDS_��վ�ͻ��YZC__��ͷ
YYDS_��վ�ͻ��YZC__��ͷs
YYDS_��վ�ͻ��YZC__��Զ��Cookie
YYDS_��վ�ͻ��YZC__��Զ��ת
YYDS_��վ�ͻ��YZC__��
YYDS_�ı�_ȡ��м��ı�_
YYDS_�ı�_ȡƴ��_
YYDS_�ı�_ȡ�ı��ұ�_
YYDS_�ı�_ȡ�ı��_
YYDS_�ı�_ȡ��_
YYDS_�ı�_ȡ��_
YYDS_�ı�_ɾ��YZC_
YYDS_�ı�_ɾ��β��EX_
YYDS_�ı�_�滻_
YYDS_�ı��ת��_
YYDS_�ļ�_��_
YYDS_�ļ�_ö��_��YZC_
YYDS_�ļ�_ö��_��YZC_
YYDS_�ļ�_ȡ��׺_
YYDS_�ļ�_ȡĿ¼_
YYDS_�ļ�_ȡ�ļ��_
YYDS_�߳�_��_
YYDS_�߳�_��_��_
YYDS_�߳�_��_��ת��_
YYDS_д��ı��ļ�_
YYDS_ѹ��_
YYDS_�ӳ�_
YYDS_ӳ��_Json_ת�Զ��
YYDS_ӳ��_Json_ת�Զ��
YYDS_ӳ��_��_��ʼ��
YYDS_ӳ��_��_ֵת��
YYDS_ӳ��_��_ע��ת��
YYDS_ӳ��_��ʼ��
YYDS_ӳ��_��ֵ��_ת�Զ��
YYDS_ӳ��_�б�_ת�Զ��
YYDS_ӳ��_��
YYDS_ӳ��_�Զ��_תJson
YYDS_ӳ��_�Զ��_ת��ֵ��

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 778KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 468KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 778KB - Virtual size: 780KB

.rsrc Size: 19KB - Virtual size: 20KB

Headers

File Characteristics

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 468KB - Virtual size: 586KB

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 64KB - Virtual size: 63KB

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 778KB - Virtual size: 780KB

.rsrc
Size: 19KB - Virtual size: 20KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 468KB - Virtual size: 586KB

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 64KB - Virtual size: 63KB