5ae3c10cbc0edb80411da4a78d6617ea914574b8318349142c41f6d421671a8bN

Sharing

Copy URL Twitter E-mail

General

Target

5ae3c10cbc0edb80411da4a78d6617ea914574b8318349142c41f6d421671a8bN
Size

4.8MB
MD5

0285d645b88108bf013ac6f5283f3510
SHA1

5c755c0e3a683ccf13a74e9af241ba7cb2b8aaa1
SHA256

5ae3c10cbc0edb80411da4a78d6617ea914574b8318349142c41f6d421671a8b
SHA512

211079d6e1d831e8836873b948021ad4c7a7b9dd47a54b17d2c7fe15fe3fb2b01bc80af58d4e67675f508e4be1f4d9c6ed129b267c6fe2e6f967f1e238734d22
SSDEEP

98304:8+LBAWnU4cesSmclWxXn6zbovWkZcS/Gg1MpZsJzPWNymY/DFLOAkGkzdnEVomFP:8+LBjUGfE+S1MpZBNymY7FLOyomFHKnP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ae3c10cbc0edb80411da4a78d6617ea914574b8318349142c41f6d421671a8bN

Files

5ae3c10cbc0edb80411da4a78d6617ea914574b8318349142c41f6d421671a8bN
.exe windows:5 windows x86 arch:x86

9f4940a7b71e114ebad80656371861b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\code\liuliangshenqi\trunk\LLSQ2016\Client\NewLLSQ\NewLLSQ\output\Release\流量吧.pdb

Imports

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
socket

wldap32

ord147
ord133
ord79
ord167
ord142
ord27
ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord145
ord301
ord127

kernel32

ResumeThread
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
GetThreadLocale
GetFileAttributesExW
GetFileSizeEx
GetFileTime
GlobalGetAtomNameW
TlsAlloc
TlsGetValue
TlsSetValue
FileTimeToLocalFileTime
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
EncodePointer
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GlobalFindAtomW
SetErrorMode
GetTempFileNameW
GetTempPathW
VirtualProtect
GetProfileIntW
SearchPathW
FindResourceExW
GetUserDefaultLCID
GetWindowsDirectoryW
GetCommandLineW
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
VirtualAlloc
VirtualQuery
AreFileApisANSI
RtlUnwind
SetFilePointerEx
GetModuleHandleExW
HeapQueryInformation
SetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
MoveFileExW
GetStringTypeW
ReadConsoleW
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
WriteConsoleW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableA
LocalFree
GlobalSize
GetCurrentProcessId
GetSystemDirectoryW
ExpandEnvironmentStringsA
PeekNamedPipe
GetStdHandle
WaitForMultipleObjects
FreeLibrary
VerifyVersionInfoW
SleepEx
VerSetConditionMask
FormatMessageA
SetLastError
GetSystemTime
GetFileInformationByHandle
FindNextFileW
FileTimeToSystemTime
FileTimeToDosDateTime
GlobalFree
SetThreadPriority
GetVersionExW
CopyFileA
CreateDirectoryA
CreateFileA
FormatMessageW
lstrcmpiW
CreateMutexW
GetFileSize
MulDiv
CreateFileW
CreateDirectoryW
DosDateTimeToFileTime
SystemTimeToFileTime
DuplicateHandle
SetFileTime
SetFilePointer
GetFileType
InterlockedIncrement
ExitProcess
FreeResource
GetCurrentDirectoryW
GetModuleHandleW
LoadLibraryW
GetACP
FindNextFileA
FindFirstFileA
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
FlushFileBuffers
WriteFile
ReadFile
InterlockedDecrement
DeleteFileA
GetFileAttributesA
DeleteFileW
CopyFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateProcessW
FindResourceW
LoadResource
LockResource
SizeofResource
TerminateJobObject
DecodePointer
HeapSize
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
CreateEventW
ResetEvent
SetEvent
GlobalAddAtomW
OutputDebugStringW
SetInformationJobObject
CreateJobObjectW
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
OutputDebugStringA
CreateThread
GetProcAddress
LoadLibraryA
GetCurrentProcess
ReleaseSemaphore
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetPrivateProfileStringA
GetPrivateProfileIntA
DeleteCriticalSection
GetModuleFileNameA
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
Sleep
lstrcpyW
GetSystemInfo
CreateSemaphoreW
RaiseException
GetTickCount
InterlockedCompareExchange
WaitForSingleObject
GetFileAttributesW
FindClose
FindFirstFileW
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcatW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
lstrlenW
GetPrivateProfileStringW
GetModuleHandleA
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetSystemTimes
GetCurrentThread
lstrlenA
TlsFree

user32

SendDlgItemMessageA
ToUnicodeEx
GetKeyboardState
MapVirtualKeyW
SubtractRect
CreateDialogIndirectParamW
EndDialog
CharUpperBuffW
UpdateLayeredWindow
FrameRect
IsClipboardFormatAvailable
PostThreadMessageW
IsCharLowerW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
CreateMenu
DestroyCursor
GetWindowRgn
DrawIcon
InvertRect
SetRectEmpty
SetLayeredWindowAttributes
WinHelpW
GetScrollInfo
SetScrollInfo
GetClassLongW
RemovePropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
GetForegroundWindow
SetActiveWindow
SetMenu
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
GetClassInfoW
GetMessageTime
GetMessagePos
GetTopWindow
MessageBeep
GetNextDlgTabItem
GetNextDlgGroupItem
IsChild
EqualRect
CopyAcceleratorTableW
CopyRect
IsDialogMessageW
CheckDlgButton
GetDlgItem
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
UpdateWindow
RealChildWindowFromPoint
GetClassNameW
GetDlgCtrlID
DeleteMenu
SystemParametersInfoW
CopyImage
GetDesktopWindow
WindowFromPoint
GetCapture
WaitMessage
ShowOwnedPopups
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
CharUpperW
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
ValidateRect
PeekMessageW
DrawIconEx
DrawFocusRect
GetSysColorBrush
RedrawWindow
DrawStateW
RegisterClipboardFormatW
DrawEdge
RegisterWindowMessageW
MapDialogRect
SetParent
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
GetLastActivePopup
IsWindowEnabled
EnumWindows
GetSysColor
ShowCaret
HideCaret
CreateCaret
SetRect
CharPrevW
GetGUIThreadInfo
ClientToScreen
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
FillRect
SetCaretPos
DrawTextW
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
GetCaretPos
GetCaretBlinkTime
GetWindowTextLengthW
GetWindowTextW
LoadImageW
AdjustWindowRectEx
GetMenu
GetSystemMetrics
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
PostQuitMessage
DefWindowProcW
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
SetWindowRgn
IsZoomed
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
IntersectRect
MapWindowPoints
ScreenToClient
GetWindowRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
CharNextW
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
OffsetRect
UnionRect
InflateRect
SetCursor
wvsprintfW
GetWindowThreadProcessId
PostMessageW
FindWindowW
UnregisterClassW
RegisterHotKey
UnregisterHotKey
DestroyMenu
GetSubMenu
TrackPopupMenu
GetCursorPos
LoadMenuW
GetClientRect
wsprintfW
SetFocus
ShowWindow
SetWindowTextW
SetPropW
SetForegroundWindow
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
SetClassLongW
DestroyAcceleratorTable
ModifyMenuW
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemInfoW
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
CreatePopupMenu
SendMessageW
IsIconic
GetPropW
GetThreadDesktop
BringWindowToTop
SetCursorPos
NotifyWinEvent
GetSystemMenu
GetAsyncKeyState
TrackMouseEvent
DestroyIcon
DrawFrameControl
MonitorFromPoint
CreateDesktopA
LoadIconW
KillTimer
SetTimer
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SetWindowContextHelpId
EnumDisplayMonitors
MessageBoxA

gdi32

GetCharABCWidthsW
GetClipBox
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
StretchBlt
SetStretchBltMode
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
PtVisible
RectVisible
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
Escape
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetRgnBox
GetMapMode
SetRectRgn
CreateRectRgnIndirect
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
SetPixel
SetDIBColorTable
OffsetRgn
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceW
CreateBitmap
Polyline
Polygon
CreatePolygonRgn
PatBlt
GetTextColor
GetBkColor
CreatePenIndirect
CombineRgn
GetDeviceCaps
GetTextExtentPoint32W
SetTextColor
SetBkMode
CreateSolidBrush
CreatePatternBrush
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
SaveDC
RestoreDC
GetObjectType
Rectangle
GetStockObject
DeleteObject
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DPtoLP
DeleteDC
Ellipse
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
CreateDCW
CopyMetaFileW
GetObjectA
GdiFlush
ExcludeClipRect

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

CryptDestroyHash
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptReleaseContext
RegOpenKeyExW
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW

shell32

SHAppBarMessage
Shell_NotifyIconW
ShellExecuteA
SHGetSpecialFolderPathW
SHGetFolderPathW
SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW
DragFinish
DragQueryFileW
ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathRemoveFileSpecW
StrCpyW
StrFormatKBSizeW

uxtheme

GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeParentBackground
DrawThemeText
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeSysColor

ole32

CoRevokeClassObject
OleDuplicateData
ReleaseStgMedium
CoCreateGuid
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoSetProxyBlanket
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleUninitialize
OleInitialize
OleCreateMenuDescriptor
CoRegisterMessageFilter

oleaut32

SysStringLen
SysAllocStringLen
VariantChangeType
VariantCopy
VariantInit
SafeArrayDestroy
SystemTimeToVariantTime
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantTimeToSystemTime
VariantClear
SysAllocString
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePaletteSize
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipGetFamily
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDrawImageRectI
GdipDrawImage
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight
GdipCreateLineBrushI
GdipDeleteBrush
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneBrush

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetSetCookieW
InternetCheckConnectionW
InternetReadFile

imm32

ImmGetOpenStatus
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext

netapi32

Netbios

iphlpapi

GetAdaptersInfo

psapi

GetPerformanceInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winmm

PlaySoundW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f4940a7b71e114ebad80656371861b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

wininet

imm32

netapi32

iphlpapi

psapi

version

oleacc

winmm

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 500KB - Virtual size: 500KB

.data Size: 57KB - Virtual size: 91KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 165KB - Virtual size: 165KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 500KB - Virtual size: 500KB

.data
Size: 57KB - Virtual size: 91KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 165KB - Virtual size: 165KB