gh0strat | malz5[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

malz5.zip
Size

12.1MB
MD5

1468c1908845ef238f7f196809946288
SHA1

62f0bd56b0e1235b99940b34916c19ecfac8e80c
SHA256

438e44aae94e8376d2e36e23212920e936b7517bca24eaf66e9d7d014e21552c
SHA512

83d65df17c88a4cbc64c6fe4d5e064850aeb3cccba2eb5097d3385f4195e1b94a374528e0a6b92f7ad1db2c78bb7fae3c0e563a2a828f5f8ce0459eccd72b496
SSDEEP

196608:NllU8B3ffcP4fQ74RGBP91vnbcMlB4mVgGj/oRPA4CbyrE2C2+QQnr1Gh922bkHy:TtB3HcPEwpBPTvbtVfcq/yzR8Bt2aT8V

Score

10^/10

upx gh0strat

Malware Config

Signatures

Gh0st RAT payload 7 IoCs

resource	yara_rule
static1/unpack002/2211/update/server.Dat	family_gh0strat
static1/unpack004/out.upx	family_gh0strat
static1/unpack001/bjyk.exe	family_gh0strat
static1/unpack001/ceshi.exe	family_gh0strat
static1/unpack001/server.exe	family_gh0strat
static1/unpack001/smss.exe	family_gh0strat
static1/unpack001/yk.exe	family_gh0strat

Gh0strat family
gh0strat

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/2211/SkinH.dll	acprotect
static1/unpack006/BIN/SkinH.dll	acprotect

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/2211/SkinH.dll	upx
static1/unpack001/360sb.exe	upx
static1/unpack005/711/服务器(Server).exe	upx
static1/unpack006/BIN/SkinH.dll	upx
static1/unpack001/Linux577	upx
static1/unpack001/SETUP.exe	upx
static1/unpack001/TX98	upx
static1/unpack001/dhl.exe	upx

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

resource
unpack001/123.exe
unpack002/2211/SkinH.dll
unpack002/2211/update/server.Dat
unpack002/2211/小七论坛仿白金体验版.exe
unpack001/360sb.exe
unpack004/out.upx
unpack005/711/服务器(Server).exe
unpack006/BIN/Fallen.dat
unpack006/BIN/SkinH.dll
unpack006/BIN/主控端.exe
unpack006/BIN/生成器.exe
unpack001/Mh.exe
unpack001/Mh1.exe
unpack001/Mh2.exe
unpack001/SETUP.exe
unpack001/bjyk.exe
unpack001/ceshi.exe
unpack001/ddos.exe
unpack001/dhl.exe
unpack001/mh3.exe
unpack001/server.exe
unpack001/smss.exe
unpack001/xiaoqi.exe
unpack001/xiaose.exe
unpack001/yk.exe

Files

malz5.zip
.zip

Password: infected
123.exe
.exe windows:4 windows x86 arch:x86

35efa1824e1be4dcf052136096e9ae03

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
Sleep
CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
SetFilePointer
HeapReAlloc
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
IsBadWritePtr
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetLastError
SetConsoleCtrlHandler
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LocalAlloc
InterlockedExchange
LocalFree

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2211.rar
.rar
2211/SkinH.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2211/update/server.Dat
.exe windows:4 windows x86 arch:x86

23b766d4ea7005b885dbd5e8c06daa70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatusEx
GetSystemInfo
SetThreadPriority
GetCurrentThread
GetCurrentProcess
GetShortPathNameA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
GetModuleHandleA
Module32Next
Module32First
LocalSize
GetProcessHeap
HeapAlloc
SetLastError
GetModuleFileNameA
MoveFileA
WriteFile
SetFilePointer
HeapFree
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
CancelIo
InterlockedExchange
lstrcpyA
ResetEvent
VirtualAlloc
EnterCriticalSection
Sleep
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
OutputDebugStringA
GetLocalTime
GetTickCount
MoveFileExA
ExitProcess
OpenProcess
VirtualAllocEx
ReadFile
CreateRemoteThread
InitializeCriticalSection
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
CreateEventA
GetEnvironmentVariableA

user32

LoadCursorA
DestroyCursor
SystemParametersInfoA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
CloseClipboard
MessageBoxA
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
SetProcessWindowStation
IsWindow
CloseWindow
GetAsyncKeyState
GetForegroundWindow
GetLastInputInfo
EnumWindows
DispatchMessageA
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
SendMessageA
CharNextA
wsprintfA
SetClipboardData
TranslateMessage
GetMessageA
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
ExitWindowsEx
GetProcessWindowStation
OpenWindowStationA

gdi32

DeleteObject
BitBlt
CreateDIBSection
SelectObject
CreateCompatibleBitmap
GetDIBits
CreateCompatibleDC
DeleteDC

advapi32

QueryServiceStatus
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
CloseServiceHandle
DeleteService
ControlService
OpenServiceA
StartServiceA
RegSetValueExA
RegCreateKeyA
SetNamedSecurityInfoA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetEntriesInAclA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
QueryServiceConfigA
EnumServicesStatusA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
SetServiceStatus
StartServiceCtrlDispatcherA
ChangeServiceConfig2A
CreateServiceA
LookupAccountSidA
GetTokenInformation
RegOpenKeyExA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

msvcrt

_strcmpi
__setusermatherr
_strnicmp
_onexit
__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_strnset
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
calloc
_snprintf
_beginthreadex
strncmp
exit
rand
atol
sprintf
strncat
_vsnprintf
realloc
atoi
fopen
fwrite
fclose
strncpy
strrchr
_except_handler3
free
malloc
strchr
strstr
_ftol
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
ceil

winmm

waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInClose
waveOutReset
waveOutClose
waveInPrepareHeader
waveOutUnprepareHeader

ws2_32

WSACleanup
setsockopt
select
connect
htons
gethostbyname
socket
closesocket
ntohs
recv
getpeername
accept
bind
listen
inet_addr
__WSAFDIsSet
ioctlsocket
getsockname
gethostname
send
WSAStartup
WSAIoctl

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICSeqCompressFrameStart
ICSendMessage
ICOpen

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2211/update/server.map
2211/小七论坛仿白金体验版.exe
.exe windows:4 windows x86 arch:x86

f5a836646022cb6027a16b5977bf60a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHAutoComplete
PathRemoveFileSpecA

winmm

waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
PlaySoundA
waveInReset
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInOpen
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringW
SetEnvironmentVariableA
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
SetStdHandle
HeapSize
TerminateProcess
GetProfileStringA
Sleep
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
VirtualFree
VirtualAlloc
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
CopyFileA
DeleteFileA
GetModuleFileNameA
GetFileAttributesA
GetDiskFreeSpaceExA
GetVolumeInformationA
lstrlenA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
RemoveDirectoryA
MoveFileA
GetLastError
CreateDirectoryA
lstrcpyA
LocalSize
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetSystemTime
GetTimeZoneInformation
GetACP
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RaiseException
ExitThread
HeapAlloc
HeapFree
RtlUnwind
SetErrorMode
GetProcessVersion
GlobalFlags
SystemTimeToFileTime
LocalFileTimeToFileTime
GetProfileIntA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetCurrentThread
LocalLock
LocalUnlock
SetLastError
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
lstrcatA
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FormatMessageA
CompareStringA
GetCurrentDirectoryA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetTempPathA
GetTempFileNameA
GetPrivateProfileSectionNamesA
lstrcmpA
LockResource
GetLocalTime
GetExitCodeThread
SetThreadPriority
ResetEvent
GetOEMCP
GetCPInfo
GetVersionExA
GetCurrentThreadId
FreeLibrary
SetFileAttributesA
MulDiv
GetVersion
GetModuleHandleA
LoadLibraryA
GetProcAddress
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ExitProcess
FindResourceA
LoadResource
SizeofResource
DeleteCriticalSection
CancelIo
GetTickCount
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
EnterCriticalSection
PostQueuedCompletionStatus
LeaveCriticalSection
InitializeCriticalSection
IsBadWritePtr

user32

GetNextDlgGroupItem
GetSysColorBrush
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
ValidateRect
UnpackDDElParam
ReuseDDElParam
TranslateAcceleratorA
EndPaint
BeginPaint
GetWindowDC
DestroyMenu
LoadStringA
wvsprintfA
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
SetWindowTextA
SetDlgItemTextA
GetDlgItemTextA
SendDlgItemMessageA
ScrollWindow
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
WinHelpA
GetClassInfoA
RegisterClassA
CreateWindowExA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetClipboardFormatNameA
GetTabbedTextExtentA
SetForegroundWindow
SendMessageTimeoutA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
DeferWindowPos
GetMenuStringW
LookupIconIdFromDirectoryEx
GetMenu
DrawEdge
GetScrollInfo
GetDoubleClickTime
GetWindowRgn
HideCaret
ShowCaret
IsMenu
GetMenuDefaultItem
GetMenuItemInfoA
GetMenuItemID
GetDlgItem
AdjustWindowRectEx
UnionRect
BeginDeferWindowPos
EndDeferWindowPos
CopyIcon
CreateIconIndirect
CreateIconFromResourceEx
RegisterClipboardFormatA
SetCursorPos
SetWindowRgn
GetCursor
GrayStringA
TabbedTextOutA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
GetForegroundWindow
GetLastActivePopup
LockWindowUpdate
GetDCEx
InvertRect
GetClassLongA
GetActiveWindow
SetActiveWindow
GetNextDlgTabItem
DrawStateA
EqualRect
GetClassNameA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
IsDialogMessageA
IsClipboardFormatAvailable
CharUpperA
GetKeyboardLayoutList
UnregisterClassA
ExcludeUpdateRgn
DefDlgProcA
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
SendMessageA
EnableWindow
RegisterWindowMessageA
SetRect
CallWindowProcA
MessageBoxA
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
IsWindowEnabled
IsIconic
LoadAcceleratorsA
CopyAcceleratorTableA
SetParent
ShowWindow
IsChild
SetFocus
MoveWindow
DrawFocusRect
WaitMessage
MapVirtualKeyA
GetTopWindow
SystemParametersInfoA
IsRectEmpty
IsZoomed
SetRectEmpty
CreatePopupMenu
InsertMenuA
TrackPopupMenu
PeekMessageA
BringWindowToTop
LoadBitmapA
DestroyIcon
IsWindow
GetMenuStringA
PtInRect
GetMessagePos
KillTimer
GetCapture
MapWindowPoints
SetTimer
DrawFrameControl
CopyRect
GetSysColor
FillRect
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawTextA
CheckMenuItem
GetMenuState
ShowScrollBar
DrawIconEx
IntersectRect
GetWindowRect
CheckMenuRadioItem
GetIconInfo
SetClassLongA
DestroyCursor
LoadImageA
PostMessageA
FindWindowA
wsprintfA
GetWindow
GetClientRect
SetCapture
LoadCursorA
SetCursor
ScreenToClient
UpdateWindow
WindowFromPoint
ClientToScreen
ReleaseCapture
GetParent
IsWindowVisible
SetWindowPos
GetDlgCtrlID
GetFocus
GetCursorPos
PostThreadMessageA
EnableMenuItem
GetMenuItemCount
DeleteMenu
GetSubMenu
LoadMenuA
CharNextA
OffsetRect
GetSystemMetrics
InflateRect
MessageBeep
AppendMenuA
GetSystemMenu
GetKeyState
SetMenu
RedrawWindow
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
SetWindowLongA
GetWindowLongA

gdi32

GetCharWidthA
GetCurrentPositionEx
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
ExtFloodFill
LPtoDP
DPtoLP
StartDocA
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
SetTextAlign
CombineRgn
ExtTextOutW
GetMapMode
SetRectRgn
CopyMetaFileA
CreateDCA
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
ExtCreateRegion
GetBitmapBits
Escape
RectVisible
PtVisible
EnumFontFamiliesExA
PatBlt
GetWindowOrgEx
CreateRectRgnIndirect
GetTextAlign
StretchBlt
GetDeviceCaps
GetStockObject
GetTextColor
GetCurrentObject
GetPixel
GetTextExtentPointA
TextOutA
GetObjectA
Rectangle
CreateCompatibleBitmap
CreatePen
SetBkColor
SetTextColor
ExtTextOutA
BitBlt
StretchDIBits
CreateCompatibleDC
CreateDIBSection
GetTextExtentPoint32W
GetClipBox
OffsetViewportOrgEx
BeginPath
PolyBezierTo
LineTo
MoveToEx
CloseFigure
EndPath
StrokeAndFillPath
FillPath
StrokePath
Ellipse
GetWindowExtEx
GetViewportExtEx
RoundRect
CreatePolygonRgn
GetRgnBox
GetBkColor
CreatePatternBrush
GetViewportOrgEx
Polyline
CreateFontA
PtInRegion
GetDIBits
SetStretchBltMode
CreateBitmap
DeleteDC
CreateRectRgn
SelectObject
DeleteObject
CreateDIBitmap
SetPixel
Polygon
CreateSolidBrush
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
SetBkMode

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA
CommDlgExtendedError
ChooseColorA
ReplaceTextA
FindTextA
PrintDlgA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

SetFileSecurityA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegSetValueA
GetFileSecurityA
RegCloseKey
RegEnumKeyA
RegQueryValueA
RegOpenKeyA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteA
DragFinish
DragQueryFileA
ExtractIconA
ord71
SHGetFileInfoA

comctl32

ImageList_LoadImageA
ord17
ImageList_Remove
ImageList_Create
ImageList_GetImageInfo
ImageList_Add
ImageList_Destroy
_TrackMouseEvent
ImageList_GetImageCount
ImageList_GetIcon
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_AddMasked
ImageList_BeginDrag
ImageList_DrawEx
ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetIconSize

oledlg

ord8
ord1

ole32

CLSIDFromProgID
CLSIDFromString
RegisterDragDrop
RevokeDragDrop
CoTaskMemFree
ReleaseStgMedium
OleGetClipboard
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
CoCreateInstance
OleUninitialize
OleInitialize
CoUninitialize
StgCreateDocfileOnILockBytes
CoGetClassObject
StgOpenStorageOnILockBytes
CoInitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CoLockObjectExternal

olepro32

ord253

oleaut32

VariantCopy
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarDateFromStr
VarBstrFromDate
SafeArrayGetDim
SysAllocStringLen
VariantTimeToSystemTime
SysStringLen
LoadTypeLi
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeTypeEx
OleLoadPicturePath
SysFreeString
VariantClear
SysAllocString

skinh

SkinH_AttachRes

ws2_32

recv
gethostname
gethostbyname
WSACloseEvent
WSASend
WSARecv
socket
accept
WSAGetLastError
setsockopt
send
WSAEnumNetworkEvents
WSASocketA
__WSAFDIsSet
select
ntohs
getsockname
WSACreateEvent
WSAEventSelect
htons
connect
inet_addr
WSAIoctl
ioctlsocket
inet_ntoa
getpeername
closesocket
WSAStartup
WSACleanup
listen
bind
WSAWaitForMultipleEvents

pdh

PdhAddCounterA
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery

avifil32

AVIFileInit
AVIFileExit
AVIStreamSetFormat
AVIFileOpenA
AVIStreamWrite
AVIFileRelease
AVIFileCreateStreamA
AVIStreamRelease

msvfw32

DrawDibDraw
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICDecompress
DrawDibOpen
DrawDibClose

wininet

InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetLastResponseInfoA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360sb.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7000.32
.elf linux x86
7000.64
.elf linux x64
711.rar
.rar
711/Control.ini
711/FilterList.txt
711/QQWry.Dat
711/Segment.txt
711/服务器(Server).exe
.exe windows:5 windows x86 arch:x86

bd218d5fec8f946a736dd56b549ea08d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOpen

ws2_32

WSAAsyncSelect

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA

kernel32

GetVersionExA
GetVersion
lstrcpyA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DrawEdge

gdi32

StartPage

winspool.drv

OpenPrinterA

comdlg32

GetSaveFileNameA

advapi32

RegCreateKeyExA

shell32

ShellExecuteA

ole32

OleInitialize

oleaut32

VariantCopyInd

comctl32

ord17

Exports

Exports

0��k�4z��~y�O��V,W�s�݋}��10�_a=�%�#˫7��bM�X�j��K�}�C3x�R&,��;Wuj�c׹��C�~��;�d4�j�!�CQ�?�:�{oB�^��?e:C2��q��mm8_x�ï�w�j�K*�w�wtQ�B wWS~��q� B�;�<�}��-��':��j��F6�W��L��d�b��E�z��x��[��$B�,�4ꕦR��f��Ζ�'�(��5�2�W%I`�T��vT��+�)<��,��-xXG�흰/�VT>7�F��z*Sni!)d��R��S&��@��n` }T?��j��@-l�\�l��Տ��}��VH��W�}�� Ή�a��?>�߾�C��F�uv�_'=��+`6z{�r�}�밁j��N�ީ��rB3;�i�@ş�>�q�H��GIjA��w+��Tٰ�zشe��Q��ɳ��k�0+?�^#A�n�9�ˎqp�?<��؉(��3+�iGS�K�5Gŀ��N5�~k[�zvp&��vd�*A��԰z!<��.�5-Z�4�AZ��(A�Y%��Ȓ��_(8o�:��/�"&̶lt�S_V4ߴc��2��5�k�a#��yȞ��r�sY��t��Ȓ��}xB7G�z��ۡ�[�M��t�\@yM�!��&7�5�*c� �>X��H��ݯ8�̤m�*� �6��[�=��u�wM��D`O�>��-�K�A��.��'��f��5��q�β4-�H��-�N��%��O�Ǧ��'�� w�F)��\l��Br��z4�7Q��xj��SY��(J6�a��x�TjHC��)��l-]�Ƿ⎑Xg��V�v��'��R0�x�*u ъƪ��ZH�f��Цhd��g}��hL{��iWFQ@��:�ϰi�`k��}�iN_��x{gp��f6Jc;�QL� #�:��8ŃZ^��2<��m��5/E�i�x��qsA6ߣSm�;�8�F�㬎s��Ųr�P*��؊ٍ��P_U ��+ 7Pv��UoJ�|b�4�(F2ƉӚ�]�好�8�} ӵ��\��X�éQe�O�j��# �wP��g��WςH��U �D��ڱX��h�, ��h��D-k�o��\J*{ m��6�fZm��EiU��I��_%��Xҍ&@X�5n�+��B�T�3��c\��r}Q9e��U�b�9�hah-��8��n�)h�� j�l �>�'<��6��헕��>Ƶ#y1�;)Í��u��Mw,Oq{��X{꽧�Lư�P��b<ק��9�@"�z��T��uOҖ�d��rU�@�j��mȭ�R8��9��b0Q��bD�` ��{�6��b|m�m=�)&#��c�=K+�\X��Î��cjK!r`d}�:��.��!�)U�y��اMD��pnB��پ��oF��2��f��x��}�;�R�)%p��l��%��(��|�&k��>ؾ4��4�sW�1s+�iA��!��d��բQ�u��8�r�E�|(sL/&Y��C�P�S5�I�%*�{ ڈ��-"M�d�"R��I��|?��6��b��1f�'�� Me��F/�>Ț��R��W�2=E6��>��A�;B��ƭ�z`��g��/Ц0�Z4 ��/fӇ^�.�ܢa�]Be�8hU�Z��@�\=��~ ��f�-G)p�ۤ�Bb��̉�E&�0a^i��T��B#�3AF�Nbk�C�G�� 0Re�f�&96��[�O�1f� "�g�*�t[�6�1�V��p\��Y��f �:�jK�n�]0�B{$��]'��?�冟S5��Y��,�Y�K��"�wm*ym��V��0Z��2p8[7_B8�0��N-��0�<~ �5�SPup�#0M>o�n<ݙU4;c�!��6��.P�7�V��a ,'�xi��d]�;�㢗̎H��|^��X>H=F�,PA{#Z+�O�ezm0�]�<hA��(Nb�:?�j'�}��_0HH:�r��a�D�,��9�{��9�+U�K�g�;��,�N�c��:��2�e��z��ҋ��X�mF��P�l��W ��}�.y�A�hb��2�kX�� x�k��!�]ȦO��Y&;.7��')[X�Q�f.UZ��.Ӂ�i{{��*t6y�U��i"��Boi��/1�p��{$��s��Q��+v�IV�Sy9=�?��D��K��s�%Ş/Q��+x��,n��5&y�j��Aa�R��6�oIZ��D�t�M0��Ubb?��Z�M�+#1*��\ZD%�r��6XOh35��ej)nX�\��U7د0��mշ�f��t�g��֡��3Av��Д¤Fn��~��R�F7��̸��V �jc}qt�l��@D�T��O��G!i� ̫�)��B�� F��A�u��):(�7�r%Q��%��0;�Tt5}l�#�eE�TDv�_��Y��w΁�ZK�T߅��B��S��D$�fN��V��9�-f��$I!F�E]�� T�n�ν�Ε��B�A/�z�#��7KV��|��kP��W�(0�~�a/� �"YS/N%�s ��#-\ٻ"xe��w }Q[=�BBf��r��7�[Җg�� S`p�s��\�LPM9��I_ox.�uU#p�P瑼�܋f�I?��ъq�KJqf��Q�NU��N�ݯ¨� |��\�Nd�,��W�q�Z��Pܒ��~��'��5R0�NK��#�K'�sT��̕yl ŕ?�~Sה��Ͱ��w��fVO��w`�`�� v��U�q��c��B߶�C�

Sections

.text
Size: - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX
Size: - Virtual size: 921KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BIN3333.rar
.rar
BIN/Fallen.dat
.exe windows:4 windows x86 arch:x86

c812e1a6ad9f5238ea5742cba100d24c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
DeleteFileA
GetModuleHandleA
GetStartupInfoA
CreateThread
GetSystemInfo
Sleep
LoadLibraryA
GetProcAddress
GetCurrentProcessId
GetTickCount

user32

wsprintfA

advapi32

OpenServiceA
DeleteService
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

ws2_32

select
__WSAFDIsSet
recv
closesocket
setsockopt
sendto
WSAStartup
htons
socket
connect
send
inet_addr
gethostbyname

iphlpapi

GetIfEntry
GetIfTable
GetInterfaceInfo

msvcrt

free
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
time
localtime
memset
memcpy
??3@YAXPAX@Z
rand
strrchr
??2@YAPAXI@Z
strcpy
sprintf
strcat
malloc
strstr
__CxxFrameHandler
_CxxThrowException
exit
_controlfp

Sections

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BIN/Server.map
BIN/SkinH.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BIN/主控端.exe
.exe windows:4 windows x86 arch:x86

9628375d3d63d98764d4cc166324d0a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3370
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3640
ord693
ord641
ord860
ord540
ord567
ord324
ord825
ord2362
ord2370
ord2302
ord4234
ord3092
ord3996
ord1768
ord4710
ord2818
ord6907
ord3998
ord4224
ord6334
ord6675
ord2915
ord5290
ord858
ord3301
ord2411
ord2023
ord4218
ord2578
ord4398
ord3402
ord3582
ord616
ord2301
ord2642
ord823
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord1168
ord2621
ord1134
ord1146
ord6215
ord2086
ord4160
ord2863
ord2379
ord755
ord470
ord6007
ord5953
ord3286
ord1200
ord6888
ord4353
ord6374
ord5163
ord2385
ord5241
ord4402
ord1776
ord4078
ord6055
ord2582
ord3597
ord4425
ord5280
ord4407
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord800
ord1175
ord537
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_mbscmp
atoi
__CxxFrameHandler
_setmbcp
_controlfp

kernel32

LeaveCriticalSection
Sleep
EnterCriticalSection
GlobalFree
GetQueuedCompletionStatus
CreateIoCompletionPort
GlobalAlloc
GetProcAddress
LoadLibraryA
GetLastError
InitializeCriticalSection
CloseHandle
GetSystemInfo
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
GetStartupInfoA
CreateThread

user32

GetSystemMenu
DrawIcon
MessageBoxA
AppendMenuA
IsIconic
SendMessageA
LoadIconA
GetSystemMetrics
EnableWindow
GetClientRect

ws2_32

WSASend
WSACleanup
WSAAccept
bind
htons
htonl
WSASocketA
inet_ntoa
gethostbyname
gethostname
WSAGetLastError
WSAStartup
setsockopt
getpeername
WSARecv
closesocket
listen

skinh

SkinH_SetAero
SkinH_AttachRes

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iidvliw
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BIN/生成器.exe
.exe windows:4 windows x86 arch:x86

a784d078901c807d0f26f6cfb66885fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord800
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4486
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord860
ord540
ord2370
ord4160
ord2863
ord2379
ord755
ord470
ord665
ord6385
ord4224
ord1979
ord5442
ord3318
ord5186
ord354
ord2915
ord6334
ord6375
ord4274
ord4078
ord4673
ord1576

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
malloc
free
__CxxFrameHandler
_setmbcp
_onexit

kernel32

GetCurrentDirectoryA
GetStartupInfoA
GetModuleHandleA

user32

AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
LoadIconA
SendMessageA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eazfpfa
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Linux577
.elf linux x86
Mh.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Exetest
okHost

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tqn
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Mh1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Exetest
okHost

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tqn
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Mh2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Exetest
okHost

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nlfxseo
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ifc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SETUP.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 558KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TX98
.elf linux x86
TX981
.elf linux x86
TX982
.elf linux x86
TX984
.elf linux arm
TX985
.elf linux mipsel
TX986
.elf linux mipsbe
bjyk.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qnk
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ceshi.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zwt
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ddos.exe
.exe windows:4 windows x86 arch:x86

c812e1a6ad9f5238ea5742cba100d24c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
DeleteFileA
GetModuleHandleA
GetStartupInfoA
CreateThread
GetSystemInfo
Sleep
LoadLibraryA
GetProcAddress
GetCurrentProcessId
GetTickCount

user32

wsprintfA

advapi32

OpenServiceA
DeleteService
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

ws2_32

select
__WSAFDIsSet
recv
closesocket
setsockopt
sendto
WSAStartup
htons
socket
connect
send
inet_addr
gethostbyname

iphlpapi

GetIfEntry
GetIfTable
GetInterfaceInfo

msvcrt

free
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
time
localtime
memset
memcpy
??3@YAXPAX@Z
rand
strrchr
??2@YAPAXI@Z
strcpy
sprintf
strcat
malloc
strstr
__CxxFrameHandler
_CxxThrowException
exit
_controlfp

Sections

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dhl.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gda
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mh3.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

AAA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xlxczht
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ifc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
server.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xur
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
smss.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xiaoqi.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heb
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xiaose.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zatnyrl
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ifc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yk.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rol
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

35efa1824e1be4dcf052136096e9ae03

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 12KB - Virtual size: 8KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 148KB

UPX1 Size: 81KB - Virtual size: 84KB

.rsrc Size: 2KB - Virtual size: 4KB

23b766d4ea7005b885dbd5e8c06daa70

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

winmm

ws2_32

msvcp60

wininet

avicap32

msvfw32

psapi

wtsapi32

Sections

.text Size: 88KB - Virtual size: 84KB

PAGE Size: 4KB - Virtual size: 3KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 8KB - Virtual size: 6KB

f5a836646022cb6027a16b5977bf60a2

Headers

File Characteristics

Imports

shlwapi

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

skinh

ws2_32

pdh

avifil32

msvfw32

wininet

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 260KB - Virtual size: 259KB

.data Size: 88KB - Virtual size: 118KB

.rsrc Size: 172KB - Virtual size: 168KB

Headers

File Characteristics

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 12KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 148KB

UPX1
Size: 81KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 88KB - Virtual size: 84KB

PAGE
Size: 4KB - Virtual size: 3KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 260KB - Virtual size: 259KB

.data
Size: 88KB - Virtual size: 118KB

.rsrc
Size: 172KB - Virtual size: 168KB

UPX0
Size: - Virtual size: 116KB

UPX1
Size: 62KB - Virtual size: 64KB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: - Virtual size: 738KB

.rdata
Size: - Virtual size: 105KB

.data
Size: - Virtual size: 364KB

.UPX
Size: - Virtual size: 921KB

.tls
Size: 4KB - Virtual size: 24B

.UPX
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 92KB - Virtual size: 90KB

.data
Size: 10KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 148KB

UPX1
Size: 81KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB