blackmoon | 3a2576374b78295aaa2b2af46e3e78bcf9f74784c3e2759f1c94b12de81b61e1

Sharing

Copy URL

Twitter E-mail

General

Target

3a2576374b78295aaa2b2af46e3e78bcf9f74784c3e2759f1c94b12de81b61e1
Size

8.4MB
MD5

35eb63082239f24fa56c425f15ec1c2c
SHA1

ce56fdf3fd0c9dc85a4a162312e91f106891fdfd
SHA256

3a2576374b78295aaa2b2af46e3e78bcf9f74784c3e2759f1c94b12de81b61e1
SHA512

e183ea2dece61b1bdb916464ec67689da1325e000ca49b806c5dc0d43c9e4481f405becd2edbc93654d99d9987eb4bbc8bcb819d39b6457c641fcb86c4780307
SSDEEP

196608:3pt9VWIZAnGkibqxKRwS7k7BX2WEwc3APEfkofUofj0uPO:3f9MItkibtWywc3f7BO

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/RPA截流大师红薯一键克隆/RPA截流大师红薯一键克隆.exe	family_blackmoon

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RPA截流大师红薯一键克隆/HPSocket4C_.dll
unpack001/RPA截流大师红薯一键克隆/RPA截流大师红薯一键克隆.exe
unpack001/RPA截流大师红薯一键克隆/Temp.dat
unpack001/RPA截流大师红薯一键克隆/libwebp.dll

Files

3a2576374b78295aaa2b2af46e3e78bcf9f74784c3e2759f1c94b12de81b61e1
.zip
RPA截流大师红薯一键克隆/HPSocket4C_.dll
.dll windows:5 windows x86 arch:x86

b9e0a4d4ab733f3a99273f6ef9363116

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MyWork\Linux\MyWork\HP-Socket\Windows\Lib\HPSocket4C\x86\HPSocket4C.pdb

Imports

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
CreateTimerQueue
DeleteTimerQueueEx
CreateWaitableTimerA
GetSystemInfo
GetExitCodeThread
TerminateThread
ResetEvent
InterlockedExchange
PostQueuedCompletionStatus
RaiseException
SetEvent
GetQueuedCompletionStatus
CreateIoCompletionPort
UnmapViewOfFile
lstrlenA
lstrcmpiA
CreateFileA
GetProcAddress
GetModuleHandleA
GetFileSize
CreateFileMappingA
MapViewOfFileEx
MultiByteToWideChar
WaitForMultipleObjects
InterlockedExchangeAdd
SetWaitableTimer
CancelWaitableTimer
TryEnterCriticalSection
CreateTimerQueueTimer
DeleteTimerQueueTimer
SystemTimeToFileTime
GetSystemTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteFiber
SwitchToFiber
CreateFiber
FindNextFileW
FindFirstFileW
FindClose
GetModuleHandleW
GetVersion
WriteFile
GetFileType
GetStdHandle
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetConsoleMode
SetConsoleMode
ReadConsoleA
SizeofResource
GetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetEndOfFile
GetDriveTypeW
WideCharToMultiByte
Sleep
CreateEventA
GetNativeSystemInfo
SwitchToThread
ReleaseSemaphore
WaitForSingleObject
CloseHandle
CreateSemaphoreA
GetCurrentProcessId
GetCurrentThreadId
SetLastError
GetLastError
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
SetFilePointer
SetStdHandle
FlushFileBuffers
CreateFileW
GetConsoleCP
ReadFile
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsProcessorFeaturePresent
RtlUnwind
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryW
GetStartupInfoW
SetHandleCount
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetConsoleCtrlHandler
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCommandLineA
CreateThread
ExitThread
EncodePointer
DecodePointer
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
InterlockedCompareExchange
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
DeleteCriticalSection
ReadConsoleW
InitializeCriticalSectionAndSpinCount

user32

GetProcessWindowStation
GetUserObjectInformationW
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
MessageBoxW
PeekMessageA

advapi32

CryptSignHashW
ReportEventW
RegisterEventSourceW
CryptEnumProvidersW
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptGenRandom
CryptDecrypt
CryptCreateHash
CryptSetHashParam
DeregisterEventSource
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextW

shlwapi

StrChrA
StrPBrkA
PathIsDirectoryA
PathFileExistsA

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod
timeGetDevCaps

ws2_32

WSARecv
WSASend
closesocket
shutdown
sendto
send
ioctlsocket
setsockopt
htonl
ntohl
WSASendTo
getsockname
WSAAddressToStringA
freeaddrinfo
getaddrinfo
WSAStringToAddressA
getsockopt
WSAIoctl
WSASetLastError
htons
WSAGetLastError
ntohs
WSARecvFrom
WSAStartup
WSACleanup
bind
socket
WSAGetOverlappedResult
connect
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
recv
WSACloseEvent
listen
recvfrom
getpeername

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore

Exports

Exports

Create_HP_BrotliCompressor
Create_HP_BrotliCompressorEx
Create_HP_BrotliDecompressor
Create_HP_GZipCompressor
Create_HP_GZipCompressorEx
Create_HP_GZipDecompressor
Create_HP_HttpAgent
Create_HP_HttpAgentListener
Create_HP_HttpClient
Create_HP_HttpClientListener
Create_HP_HttpServer
Create_HP_HttpServerListener
Create_HP_HttpSyncClient
Create_HP_HttpsAgent
Create_HP_HttpsClient
Create_HP_HttpsServer
Create_HP_HttpsSyncClient
Create_HP_SSLAgent
Create_HP_SSLClient
Create_HP_SSLPackAgent
Create_HP_SSLPackClient
Create_HP_SSLPackServer
Create_HP_SSLPullAgent
Create_HP_SSLPullClient
Create_HP_SSLPullServer
Create_HP_SSLServer
Create_HP_SocketTaskObj
Create_HP_TcpAgent
Create_HP_TcpAgentListener
Create_HP_TcpClient
Create_HP_TcpClientListener
Create_HP_TcpPackAgent
Create_HP_TcpPackAgentListener
Create_HP_TcpPackClient
Create_HP_TcpPackClientListener
Create_HP_TcpPackServer
Create_HP_TcpPackServerListener
Create_HP_TcpPullAgent
Create_HP_TcpPullAgentListener
Create_HP_TcpPullClient
Create_HP_TcpPullClientListener
Create_HP_TcpPullServer
Create_HP_TcpPullServerListener
Create_HP_TcpServer
Create_HP_TcpServerListener
Create_HP_ThreadPool
Create_HP_ThreadPoolListener
Create_HP_UdpArqClient
Create_HP_UdpArqClientListener
Create_HP_UdpArqServer
Create_HP_UdpArqServerListener
Create_HP_UdpCast
Create_HP_UdpCastListener
Create_HP_UdpClient
Create_HP_UdpClientListener
Create_HP_UdpNode
Create_HP_UdpNodeListener
Create_HP_UdpServer
Create_HP_UdpServerListener
Create_HP_ZLibCompressor
Create_HP_ZLibCompressorEx
Create_HP_ZLibDecompressor
Create_HP_ZLibDecompressorEx
Destroy_HP_Compressor
Destroy_HP_Decompressor
Destroy_HP_HttpAgent
Destroy_HP_HttpAgentListener
Destroy_HP_HttpClient
Destroy_HP_HttpClientListener
Destroy_HP_HttpServer
Destroy_HP_HttpServerListener
Destroy_HP_HttpSyncClient
Destroy_HP_HttpsAgent
Destroy_HP_HttpsClient
Destroy_HP_HttpsServer
Destroy_HP_HttpsSyncClient
Destroy_HP_SSLAgent
Destroy_HP_SSLClient
Destroy_HP_SSLPackAgent
Destroy_HP_SSLPackClient
Destroy_HP_SSLPackServer
Destroy_HP_SSLPullAgent
Destroy_HP_SSLPullClient
Destroy_HP_SSLPullServer
Destroy_HP_SSLServer
Destroy_HP_SocketTaskObj
Destroy_HP_TcpAgent
Destroy_HP_TcpAgentListener
Destroy_HP_TcpClient
Destroy_HP_TcpClientListener
Destroy_HP_TcpPackAgent
Destroy_HP_TcpPackAgentListener
Destroy_HP_TcpPackClient
Destroy_HP_TcpPackClientListener
Destroy_HP_TcpPackServer
Destroy_HP_TcpPackServerListener
Destroy_HP_TcpPullAgent
Destroy_HP_TcpPullAgentListener
Destroy_HP_TcpPullClient
Destroy_HP_TcpPullClientListener
Destroy_HP_TcpPullServer
Destroy_HP_TcpPullServerListener
Destroy_HP_TcpServer
Destroy_HP_TcpServerListener
Destroy_HP_ThreadPool
Destroy_HP_ThreadPoolListener
Destroy_HP_UdpArqClient
Destroy_HP_UdpArqClientListener
Destroy_HP_UdpArqServer
Destroy_HP_UdpArqServerListener
Destroy_HP_UdpCast
Destroy_HP_UdpCastListener
Destroy_HP_UdpClient
Destroy_HP_UdpClientListener
Destroy_HP_UdpNode
Destroy_HP_UdpNodeListener
Destroy_HP_UdpServer
Destroy_HP_UdpServerListener
HP_Agent_Connect
HP_Agent_ConnectWithExtra
HP_Agent_ConnectWithExtraAndLocalAddressPort
HP_Agent_ConnectWithExtraAndLocalPort
HP_Agent_ConnectWithLocalAddress
HP_Agent_ConnectWithLocalPort
HP_Agent_Disconnect
HP_Agent_DisconnectLongConnections
HP_Agent_DisconnectSilenceConnections
HP_Agent_GetAllConnectionIDs
HP_Agent_GetConnectPeriod
HP_Agent_GetConnectionCount
HP_Agent_GetConnectionExtra
HP_Agent_GetFreeBufferObjHold
HP_Agent_GetFreeBufferObjPool
HP_Agent_GetFreeSocketObjHold
HP_Agent_GetFreeSocketObjLockTime
HP_Agent_GetFreeSocketObjPool
HP_Agent_GetLastError
HP_Agent_GetLastErrorDesc
HP_Agent_GetLocalAddress
HP_Agent_GetMaxConnectionCount
HP_Agent_GetOnSendSyncPolicy
HP_Agent_GetPendingDataLength
HP_Agent_GetRemoteAddress
HP_Agent_GetRemoteHost
HP_Agent_GetReuseAddressPolicy
HP_Agent_GetSendPolicy
HP_Agent_GetSilencePeriod
HP_Agent_GetState
HP_Agent_GetWorkerThreadCount
HP_Agent_HasStarted
HP_Agent_IsConnected
HP_Agent_IsMarkSilence
HP_Agent_IsPauseReceive
HP_Agent_IsSecure
HP_Agent_PauseReceive
HP_Agent_Send
HP_Agent_SendPackets
HP_Agent_SendPart
HP_Agent_SetConnectionExtra
HP_Agent_SetFreeBufferObjHold
HP_Agent_SetFreeBufferObjPool
HP_Agent_SetFreeSocketObjHold
HP_Agent_SetFreeSocketObjLockTime
HP_Agent_SetFreeSocketObjPool
HP_Agent_SetMarkSilence
HP_Agent_SetMaxConnectionCount
HP_Agent_SetOnSendSyncPolicy
HP_Agent_SetReuseAddressPolicy
HP_Agent_SetSendPolicy
HP_Agent_SetWorkerThreadCount
HP_Agent_Start
HP_Agent_Stop
HP_Agent_Wait
HP_Client_GetConnectionID
HP_Client_GetExtra
HP_Client_GetFreeBufferPoolHold
HP_Client_GetFreeBufferPoolSize
HP_Client_GetLastError
HP_Client_GetLastErrorDesc
HP_Client_GetLocalAddress
HP_Client_GetPendingDataLength
HP_Client_GetRemoteHost
HP_Client_GetReuseAddressPolicy
HP_Client_GetState
HP_Client_HasStarted
HP_Client_IsConnected
HP_Client_IsPauseReceive
HP_Client_IsSecure
HP_Client_PauseReceive
HP_Client_Send
HP_Client_SendPackets
HP_Client_SendPart
HP_Client_SetExtra
HP_Client_SetFreeBufferPoolHold
HP_Client_SetFreeBufferPoolSize
HP_Client_SetReuseAddressPolicy
HP_Client_Start
HP_Client_StartWithBindAddress
HP_Client_StartWithBindAddressAndLocalPort
HP_Client_Stop
HP_Client_Wait
HP_Compressor_IsValid
HP_Compressor_Process
HP_Compressor_Reset
HP_Decompressor_IsValid
HP_Decompressor_Process
HP_Decompressor_Reset
HP_GetHPSocketVersion
HP_GetSocketErrorDesc
HP_HttpAgent_GetAllCookies
HP_HttpAgent_GetAllHeaderNames
HP_HttpAgent_GetAllHeaders
HP_HttpAgent_GetContentEncoding
HP_HttpAgent_GetContentLength
HP_HttpAgent_GetContentType
HP_HttpAgent_GetCookie
HP_HttpAgent_GetHeader
HP_HttpAgent_GetHeaders
HP_HttpAgent_GetLocalVersion
HP_HttpAgent_GetParseErrorCode
HP_HttpAgent_GetStatusCode
HP_HttpAgent_GetTransferEncoding
HP_HttpAgent_GetUpgradeType
HP_HttpAgent_GetVersion
HP_HttpAgent_GetWSMessageState
HP_HttpAgent_IsHttpAutoStart
HP_HttpAgent_IsKeepAlive
HP_HttpAgent_IsUpgrade
HP_HttpAgent_IsUseCookie
HP_HttpAgent_SendChunkData
HP_HttpAgent_SendConnect
HP_HttpAgent_SendDelete
HP_HttpAgent_SendGet
HP_HttpAgent_SendHead
HP_HttpAgent_SendLocalFile
HP_HttpAgent_SendOptions
HP_HttpAgent_SendPatch
HP_HttpAgent_SendPost
HP_HttpAgent_SendPut
HP_HttpAgent_SendRequest
HP_HttpAgent_SendTrace
HP_HttpAgent_SendWSMessage
HP_HttpAgent_SetHttpAutoStart
HP_HttpAgent_SetLocalVersion
HP_HttpAgent_SetUseCookie
HP_HttpAgent_StartHttp
HP_HttpClient_GetAllCookies
HP_HttpClient_GetAllHeaderNames
HP_HttpClient_GetAllHeaders
HP_HttpClient_GetContentEncoding
HP_HttpClient_GetContentLength
HP_HttpClient_GetContentType
HP_HttpClient_GetCookie
HP_HttpClient_GetHeader
HP_HttpClient_GetHeaders
HP_HttpClient_GetLocalVersion
HP_HttpClient_GetParseErrorCode
HP_HttpClient_GetStatusCode
HP_HttpClient_GetTransferEncoding
HP_HttpClient_GetUpgradeType
HP_HttpClient_GetVersion
HP_HttpClient_GetWSMessageState
HP_HttpClient_IsHttpAutoStart
HP_HttpClient_IsKeepAlive
HP_HttpClient_IsUpgrade
HP_HttpClient_IsUseCookie
HP_HttpClient_SendChunkData
HP_HttpClient_SendConnect
HP_HttpClient_SendDelete
HP_HttpClient_SendGet
HP_HttpClient_SendHead
HP_HttpClient_SendLocalFile
HP_HttpClient_SendOptions
HP_HttpClient_SendPatch
HP_HttpClient_SendPost
HP_HttpClient_SendPut
HP_HttpClient_SendRequest
HP_HttpClient_SendTrace
HP_HttpClient_SendWSMessage
HP_HttpClient_SetHttpAutoStart
HP_HttpClient_SetLocalVersion
HP_HttpClient_SetUseCookie
HP_HttpClient_StartHttp
HP_HttpCookie_HLP_CurrentUTCTime
HP_HttpCookie_HLP_ExpiresToMaxAge
HP_HttpCookie_HLP_MakeExpiresStr
HP_HttpCookie_HLP_MaxAgeToExpires
HP_HttpCookie_HLP_ParseExpires
HP_HttpCookie_HLP_ToString
HP_HttpCookie_MGR_ClearCookies
HP_HttpCookie_MGR_DeleteCookie
HP_HttpCookie_MGR_IsEnableThirdPartyCookie
HP_HttpCookie_MGR_LoadFromFile
HP_HttpCookie_MGR_RemoveExpiredCookies
HP_HttpCookie_MGR_SaveToFile
HP_HttpCookie_MGR_SetCookie
HP_HttpCookie_MGR_SetEnableThirdPartyCookie
HP_HttpServer_GetAllCookies
HP_HttpServer_GetAllHeaderNames
HP_HttpServer_GetAllHeaders
HP_HttpServer_GetContentEncoding
HP_HttpServer_GetContentLength
HP_HttpServer_GetContentType
HP_HttpServer_GetCookie
HP_HttpServer_GetHeader
HP_HttpServer_GetHeaders
HP_HttpServer_GetHost
HP_HttpServer_GetLocalVersion
HP_HttpServer_GetMethod
HP_HttpServer_GetParseErrorCode
HP_HttpServer_GetReleaseDelay
HP_HttpServer_GetTransferEncoding
HP_HttpServer_GetUpgradeType
HP_HttpServer_GetUrlField
HP_HttpServer_GetUrlFieldSet
HP_HttpServer_GetVersion
HP_HttpServer_GetWSMessageState
HP_HttpServer_IsHttpAutoStart
HP_HttpServer_IsKeepAlive
HP_HttpServer_IsUpgrade
HP_HttpServer_Release
HP_HttpServer_SendChunkData
HP_HttpServer_SendLocalFile
HP_HttpServer_SendResponse
HP_HttpServer_SendWSMessage
HP_HttpServer_SetHttpAutoStart
HP_HttpServer_SetLocalVersion
HP_HttpServer_SetReleaseDelay
HP_HttpServer_StartHttp
HP_HttpSyncClient_CleanupRequestResult
HP_HttpSyncClient_GetConnectTimeout
HP_HttpSyncClient_GetRequestTimeout
HP_HttpSyncClient_GetResponseBody
HP_HttpSyncClient_OpenUrl
HP_HttpSyncClient_SetConnectTimeout
HP_HttpSyncClient_SetRequestTimeout
HP_SSLAgent_CleanupSSLContext
HP_SSLAgent_GetSSLCipherList
HP_SSLAgent_GetSSLSessionInfo
HP_SSLAgent_IsSSLAutoHandShake
HP_SSLAgent_SetSSLAutoHandShake
HP_SSLAgent_SetSSLCipherList
HP_SSLAgent_SetupSSLContext
HP_SSLAgent_SetupSSLContextByMemory
HP_SSLAgent_StartSSLHandShake
HP_SSLClient_CleanupSSLContext
HP_SSLClient_GetSSLCipherList
HP_SSLClient_GetSSLSessionInfo
HP_SSLClient_IsSSLAutoHandShake
HP_SSLClient_SetSSLAutoHandShake
HP_SSLClient_SetSSLCipherList
HP_SSLClient_SetupSSLContext
HP_SSLClient_SetupSSLContextByMemory
HP_SSLClient_StartSSLHandShake
HP_SSLServer_AddSSLContext
HP_SSLServer_AddSSLContextByMemory
HP_SSLServer_BindSSLServerName
HP_SSLServer_CleanupSSLContext
HP_SSLServer_GetSSLCipherList
HP_SSLServer_GetSSLSessionInfo
HP_SSLServer_IsSSLAutoHandShake
HP_SSLServer_SetSSLAutoHandShake
HP_SSLServer_SetSSLCipherList
HP_SSLServer_SetupSSLContext
HP_SSLServer_SetupSSLContextByMemory
HP_SSLServer_StartSSLHandShake
HP_SSL_DefaultServerNameCallback
HP_SSL_RemoveThreadLocalState
HP_Server_Disconnect
HP_Server_DisconnectLongConnections
HP_Server_DisconnectSilenceConnections
HP_Server_GetAllConnectionIDs
HP_Server_GetConnectPeriod
HP_Server_GetConnectionCount
HP_Server_GetConnectionExtra
HP_Server_GetFreeBufferObjHold
HP_Server_GetFreeBufferObjPool
HP_Server_GetFreeSocketObjHold
HP_Server_GetFreeSocketObjLockTime
HP_Server_GetFreeSocketObjPool
HP_Server_GetLastError
HP_Server_GetLastErrorDesc
HP_Server_GetListenAddress
HP_Server_GetLocalAddress
HP_Server_GetMaxConnectionCount
HP_Server_GetOnSendSyncPolicy
HP_Server_GetPendingDataLength
HP_Server_GetRemoteAddress
HP_Server_GetReuseAddressPolicy
HP_Server_GetSendPolicy
HP_Server_GetSilencePeriod
HP_Server_GetState
HP_Server_GetWorkerThreadCount
HP_Server_HasStarted
HP_Server_IsConnected
HP_Server_IsMarkSilence
HP_Server_IsPauseReceive
HP_Server_IsSecure
HP_Server_PauseReceive
HP_Server_Send
HP_Server_SendPackets
HP_Server_SendPart
HP_Server_SetConnectionExtra
HP_Server_SetFreeBufferObjHold
HP_Server_SetFreeBufferObjPool
HP_Server_SetFreeSocketObjHold
HP_Server_SetFreeSocketObjLockTime
HP_Server_SetFreeSocketObjPool
HP_Server_SetMarkSilence
HP_Server_SetMaxConnectionCount
HP_Server_SetOnSendSyncPolicy
HP_Server_SetReuseAddressPolicy
HP_Server_SetSendPolicy
HP_Server_SetWorkerThreadCount
HP_Server_Start
HP_Server_Stop
HP_Server_Wait
HP_Set_FN_Agent_OnClose
HP_Set_FN_Agent_OnConnect
HP_Set_FN_Agent_OnHandShake
HP_Set_FN_Agent_OnPrepareConnect
HP_Set_FN_Agent_OnPullReceive
HP_Set_FN_Agent_OnReceive
HP_Set_FN_Agent_OnSend
HP_Set_FN_Agent_OnShutdown
HP_Set_FN_Client_OnClose
HP_Set_FN_Client_OnConnect
HP_Set_FN_Client_OnHandShake
HP_Set_FN_Client_OnPrepareConnect
HP_Set_FN_Client_OnPullReceive
HP_Set_FN_Client_OnReceive
HP_Set_FN_Client_OnSend
HP_Set_FN_HttpAgent_OnBody
HP_Set_FN_HttpAgent_OnChunkComplete
HP_Set_FN_HttpAgent_OnChunkHeader
HP_Set_FN_HttpAgent_OnClose
HP_Set_FN_HttpAgent_OnConnect
HP_Set_FN_HttpAgent_OnHandShake
HP_Set_FN_HttpAgent_OnHeader
HP_Set_FN_HttpAgent_OnHeadersComplete
HP_Set_FN_HttpAgent_OnMessageBegin
HP_Set_FN_HttpAgent_OnMessageComplete
HP_Set_FN_HttpAgent_OnParseError
HP_Set_FN_HttpAgent_OnPrepareConnect
HP_Set_FN_HttpAgent_OnReceive
HP_Set_FN_HttpAgent_OnSend
HP_Set_FN_HttpAgent_OnShutdown
HP_Set_FN_HttpAgent_OnStatusLine
HP_Set_FN_HttpAgent_OnUpgrade
HP_Set_FN_HttpAgent_OnWSMessageBody
HP_Set_FN_HttpAgent_OnWSMessageComplete
HP_Set_FN_HttpAgent_OnWSMessageHeader
HP_Set_FN_HttpClient_OnBody
HP_Set_FN_HttpClient_OnChunkComplete
HP_Set_FN_HttpClient_OnChunkHeader
HP_Set_FN_HttpClient_OnClose
HP_Set_FN_HttpClient_OnConnect
HP_Set_FN_HttpClient_OnHandShake
HP_Set_FN_HttpClient_OnHeader
HP_Set_FN_HttpClient_OnHeadersComplete
HP_Set_FN_HttpClient_OnMessageBegin
HP_Set_FN_HttpClient_OnMessageComplete
HP_Set_FN_HttpClient_OnParseError
HP_Set_FN_HttpClient_OnPrepareConnect
HP_Set_FN_HttpClient_OnReceive
HP_Set_FN_HttpClient_OnSend
HP_Set_FN_HttpClient_OnStatusLine
HP_Set_FN_HttpClient_OnUpgrade
HP_Set_FN_HttpClient_OnWSMessageBody
HP_Set_FN_HttpClient_OnWSMessageComplete
HP_Set_FN_HttpClient_OnWSMessageHeader
HP_Set_FN_HttpServer_OnAccept
HP_Set_FN_HttpServer_OnBody
HP_Set_FN_HttpServer_OnChunkComplete
HP_Set_FN_HttpServer_OnChunkHeader
HP_Set_FN_HttpServer_OnClose
HP_Set_FN_HttpServer_OnHandShake
HP_Set_FN_HttpServer_OnHeader
HP_Set_FN_HttpServer_OnHeadersComplete
HP_Set_FN_HttpServer_OnMessageBegin
HP_Set_FN_HttpServer_OnMessageComplete
HP_Set_FN_HttpServer_OnParseError
HP_Set_FN_HttpServer_OnPrepareListen
HP_Set_FN_HttpServer_OnReceive
HP_Set_FN_HttpServer_OnRequestLine
HP_Set_FN_HttpServer_OnSend
HP_Set_FN_HttpServer_OnShutdown
HP_Set_FN_HttpServer_OnUpgrade
HP_Set_FN_HttpServer_OnWSMessageBody
HP_Set_FN_HttpServer_OnWSMessageComplete
HP_Set_FN_HttpServer_OnWSMessageHeader
HP_Set_FN_Server_OnAccept
HP_Set_FN_Server_OnClose
HP_Set_FN_Server_OnHandShake
HP_Set_FN_Server_OnPrepareListen
HP_Set_FN_Server_OnPullReceive
HP_Set_FN_Server_OnReceive
HP_Set_FN_Server_OnSend
HP_Set_FN_Server_OnShutdown
HP_Set_FN_ThreadPool_OnShutdown

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 991KB - Virtual size: 991KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPA截流大师红薯一键克隆/RPA截流大师红薯一键克隆.exe
.exe windows:4 windows x86 arch:x86

fe361d01e72aff95af8e5346400888c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LoadResource
LockResource
CreateProcessA
lstrcpyn
RtlMoveMemory
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
OpenProcess
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
lstrcatA
GetCurrentThreadId
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
FindResourceA
GetModuleFileNameA
CreateDirectoryA
WriteFile
CreateFileA
GetFileSize
DeleteFileA
SetFileAttributesA
Sleep
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
GetModuleHandleA
TerminateThread
DeleteCriticalSection
CreateThread
CreateEventA
IsBadReadPtr
OpenEventA

user32

GetSystemMetrics
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetFocus
SetFocus
AttachThreadInput
MoveWindow
EnableWindow
IsWindowEnabled
CallWindowProcA
CopyImage
ShowWindow
EnumChildWindows
IsWindowVisible
GetWindowThreadProcessId
MessageBoxTimeoutA
PeekMessageA

shlwapi

PathFileExistsA
PathIsDirectoryA
PathRemoveExtensionA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

gdi32

DeleteObject

msvcrt

calloc
__CxxFrameHandler
malloc
free
_strnicmp
sprintf
??3@YAXPAX@Z
atoi
_ftol
strncpy
strncmp
floor
_CIfmod
tolower
_CIpow
strrchr
strchr
modf
memmove

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RPA截流大师红薯一键克隆/Temp.dat
.exe windows:4 windows x86 arch:x86

27941048f93f0242a6fc4cdc5eb69eca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

winmm

midiStreamProperty

ws2_32

inet_ntoa

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA

kernel32

GetVersion

user32

CharNextA

gdi32

CreateBitmap

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

comdlg32

ChooseColorA

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

CoTaskMemFree

oleaut32

VariantClear

comctl32

ImageList_GetIcon

oledlg

ord8

wininet

InternetConnectA

wldap32

ord29

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 2.6MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RPA截流大师红薯一键克隆/libwebp.dll
.dll windows:6 windows x86 arch:x86

9d39640f847a86c81107afefa71ac45f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WaitForSingleObjectEx
SetThreadPriority
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFileW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
DecodePointer
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW

Exports

Exports

VP8CheckSignature
VP8GetCPUInfo
VP8GetInfo
VP8LCheckSignature
VP8LGetInfo
WebPBlendAlpha
WebPCleanupTransparentArea
WebPConfigInitInternal
WebPConfigLosslessPreset
WebPCopyPixels
WebPCopyPlane
WebPDecode
WebPDecodeARGB
WebPDecodeARGBInto
WebPDecodeBGR
WebPDecodeBGRA
WebPDecodeBGRAInto
WebPDecodeBGRInto
WebPDecodeRGB
WebPDecodeRGBA
WebPDecodeRGBAInto
WebPDecodeRGBInto
WebPDecodeYUV
WebPDecodeYUVInto
WebPEncode
WebPEncodeBGR
WebPEncodeBGRA
WebPEncodeLosslessBGR
WebPEncodeLosslessBGRA
WebPEncodeLosslessRGB
WebPEncodeLosslessRGBA
WebPEncodeRGB
WebPEncodeRGBA
WebPFree
WebPFreeDecBuffer
WebPGetColorPalette
WebPGetDecoderVersion
WebPGetEncoderVersion
WebPGetFeaturesInternal
WebPGetInfo
WebPGetWorkerInterface
WebPIAppend
WebPIDecGetRGB
WebPIDecGetYUVA
WebPIDecode
WebPIDecodedArea
WebPIDelete
WebPINewDecoder
WebPINewRGB
WebPINewYUV
WebPINewYUVA
WebPIUpdate
WebPInitDecBufferInternal
WebPInitDecoderConfigInternal
WebPMalloc
WebPMemoryWrite
WebPMemoryWriterClear
WebPMemoryWriterInit
WebPPictureARGBToYUVA
WebPPictureARGBToYUVADithered
WebPPictureAlloc
WebPPictureCopy
WebPPictureCrop
WebPPictureDistortion
WebPPictureFree
WebPPictureHasTransparency
WebPPictureImportBGR
WebPPictureImportBGRA
WebPPictureImportBGRX
WebPPictureImportRGB
WebPPictureImportRGBA
WebPPictureImportRGBX
WebPPictureInitInternal
WebPPictureIsView
WebPPictureRescale
WebPPictureSharpARGBToYUVA
WebPPictureSmartARGBToYUVA
WebPPictureView
WebPPictureYUVAToARGB
WebPPlaneDistortion
WebPSafeCalloc
WebPSafeFree
WebPSafeMalloc
WebPSetWorkerInterface
WebPValidateConfig

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RPA截流大师红薯一键克隆/密码.ini
RPA截流大师红薯一键克隆/配置.ini

Sharing

General

Malware Config

Signatures

Files

b9e0a4d4ab733f3a99273f6ef9363116

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

winmm

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 991KB - Virtual size: 991KB

.data Size: 33KB - Virtual size: 51KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 110KB - Virtual size: 109KB

fe361d01e72aff95af8e5346400888c6

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

shell32

gdi32

msvcrt

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 41KB - Virtual size: 102KB

.rsrc Size: 3.4MB - Virtual size: 3.4MB

27941048f93f0242a6fc4cdc5eb69eca

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

msvfw32

avifil32

kernel32

user32

gdi32

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

wldap32

msvcrt

iphlpapi

psapi

Sections

.text Size: 2.6MB - Virtual size: 4.4MB

.sedata Size: 1.0MB - Virtual size: 1.0MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.sedata Size: 4KB - Virtual size: 4KB

9d39640f847a86c81107afefa71ac45f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 991KB - Virtual size: 991KB

.data
Size: 33KB - Virtual size: 51KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 110KB - Virtual size: 109KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 41KB - Virtual size: 102KB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

.text
Size: 2.6MB - Virtual size: 4.4MB

.sedata
Size: 1.0MB - Virtual size: 1.0MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.sedata
Size: 4KB - Virtual size: 4KB

.text
Size: 390KB - Virtual size: 390KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 2KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 12KB - Virtual size: 11KB