down.exe

First submission 2024-10-15 18:00:05

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	756.0 KB (774144 bytes)
Compile time:	2024-10-12 03:43:08
MD5:	623e0133db39d7c2efda2796158a1b12
SHA1:	b847e7a29bea393bae9002ba980c9fb39882af37
SHA256:	77a53280fd609c5594c6f78453ca8468dc4d0305c87293655b85a50f88681792
Import Hash :	915938313dcfffe3f6c57db35c7a9d34
Sections 4	.text .rdata .data .rsrc
Directories 2	import resource

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	45/77 VT report date: 2024-10-15 08:52:02
Malware Type 3	trojan dropper pua
Threat Type 1	flystudio

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://49.234.48.162/pdd_biaoge/soft/down.exe	49.234.48.162	2024-10-15 18:00:05

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x84e9e	544768	32779c64eeaf60323e461700f97c5f1b924911ec	487c6d94923072dc33f1f7bcf6d902c0
.rdata	0x86000	0x1e4de	126976	028988c94063b3a05648cf30e1e4e732c3754ead	27971fa8e2e1c764e2e82fdd5fd4950b
.data	0xa5000	0x4c68a	73728	8e8e2ba8cc495c80a65369f94326bd20d7052a73	25d036d7750c5064fe880c018e8f6022
.rsrc	0xf2000	0x5904	24576	b1646e2001eb173c44f1108862c4212c9dd6ef9f	5962008a34709fd158119beeaed540fd

PE Resources 10

Name	Language	Sublanguage	Offset	Size	Data
TEXTINCLUDE	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xf2c30	337	PE Resource: TEXTINCLUDE - Data #define _AFX_NO_SPLITTER_RESOURCES #define _AFX_NO_OLE_RESOURCES #define _AFX_NO_TRACKER_RESOURCES #define _AFX_NO_PROPERTY_RESOURCES #if !defined(AFX_RESOURCE_DLL) \|\| defined(AFX_TARG_CHS) #ifdef _WIN32 LANGUAGE 4, 2 #pragma code_page(936) #endif //_WIN32 #include "l.chs\afxres.rc" // Standard components #endif
RT_CURSOR	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xf3120	180
RT_BITMAP	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xf4994	324
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xf52f8	1640	PE Resource: RT_ICON - Data (0`wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwfffffffffffowwwwvfffffffwwvfoffoffwwwwvfffffwwwwwvfofoffofwwwvffffffwwfofofffwwvfffofwvofofofofwwwvfffofwwwvfofofoofwwvfffofwwvffofofwwvfffofffwwvfffofffffwwvffwvofwvfffffffffowwvfowwwwvfowwwwwvfffffffffowwwvowwvffwwwwfffffffffffhwwwwfffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
RT_MENU	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xf596c	644	PE Resource: RT_MENU - Data &R.U_ &F.0RU_ Ctrl+PageUp&L.0R>\U_ Ctrl+PageDown&P. NNU_ Ctrl+!&N.NNU_ Ctrl+!&U. NNu PageUp &D.NNu PageDown&G.0Rc[U_ Ctrl+G&F.W[k&F.0RW[k Ctrl+Home&L.0R>\W[k Ctrl+End&P. NNW[k Shift+Tab &N.NNW[k Tab/Enter &U. NNL !&D.NNL !&D.X R&A.mRzzU_ Ctrl+N&D.9eS Rdr` Ctrl+D&K.nd@b g RdU_&Z.nzzpenc^
RT_DIALOG	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xf6bb4	396
RT_STRING	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xf75fc	36
RT_GROUP_CURSOR	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xf7648	34
RT_GROUP_ICON	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xf76b0	20
RT_VERSION	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xf76c4	576	PE Resource: RT_VERSION - Data @4VS_VERSION_INFOStringFileInfo\|080404B00FileVersion1.0.0.04FileDescriptionfz^,ProductNamefz^4ProductVersion1.0.0.0DLegalCopyright\OHrCg@b g \v^O(uckHr\"Comments,gz^O(ufQ(http://www.eyuyan.com)DVarFileInfo$Translation

Meta infos 7

LegalCopyright:	\x4f5c\x8005\x7248\x6743\x6240\x6709 \x8bf7\x5c0a\x91cd\x5e76\x4f7f\x7528\x6b63\x7248
ProductVersion:	1.0.0.0
FileDescription:	\x6613\x8bed\x8a00\x7a0b\x5e8f
Translation:	0x0804 0x04b0
ProductName:	\x6613\x8bed\x8a00\x7a0b\x5e8f
Comments:	\x672c\x7a0b\x5e8f\x4f7f\x7528\x6613\x8bed\x8a00\x7f16\x5199(http://www.eyuyan.com)
FileVersion:	1.0.0.0

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 4

GetLastError
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
SHLWAPI.dll
OLEAUT32.dll
ADVAPI32.dll
VERSION.dll
GDI32.dll
MPR.dll
WSOCK32.dll
USER32.dll
SHELL32.dll
WS2_32.dll
COMCTL32.dll
ole32.dll
WININET.dll
KERNEL32.dll
WINMM.dll
IPHLPAPI.DLL
COMDLG32.dll
RASAPI32.dll

Strings analysis - Possible IPs found 1

49.234.48.162

Strings analysis - Possible URLs found 2

http://www.eyuyan.com)
http://49.234.48.162/pdd_biaoge/soft/

Import functions

comdlg32.dll 4 WINMM.dll 17 WININET.dll 10 GDI32.dll 82 SHELL32.dll 2 KERNEL32.dll 129 RASAPI32.dll 2 WINSPOOL.DRV 3 ADVAPI32.dll 5 ole32.dll 3 COMCTL32.dll 2 WS2_32.dll 12 USER32.dll 154 OLEAUT32.dll 3

Function	Address	Souspicious	Anti Debug
ChooseColorA	0x4866c4
GetFileTitleA	0x4866c8
GetSaveFileNameA	0x4866cc
GetOpenFileNameA	0x4866d0

Function	Address	Souspicious	Anti Debug
midiStreamOut	0x486638
midiOutPrepareHeader	0x48663c
midiStreamProperty	0x486640
midiStreamOpen	0x486644
midiOutUnprepareHeader	0x486648
waveOutOpen	0x48664c
waveOutUnprepareHeader	0x486650
waveOutPrepareHeader	0x486654
waveOutWrite	0x486658
waveOutPause	0x48665c
waveOutReset	0x486660
waveOutClose	0x486664
waveOutGetNumDevs	0x486668
midiStreamRestart	0x48666c
midiStreamStop	0x486670
midiOutReset	0x486674
midiStreamClose	0x486678

Function	Address	Souspicious	Anti Debug
InternetCanonicalizeUrlA	0x48660c
InternetCrackUrlA	0x486610
HttpOpenRequestA	0x486614
HttpSendRequestA	0x486618
HttpQueryInfoA	0x48661c
InternetReadFile	0x486620
InternetConnectA	0x486624
InternetSetOptionA	0x486628
InternetCloseHandle	0x48662c
InternetOpenA	0x486630

Function	Address	Souspicious	Anti Debug
PtVisible	0x486024
GetViewportExtEx	0x486028
ExtSelectClipRgn	0x48602c
LineTo	0x486030
MoveToEx	0x486034
GetViewportOrgEx	0x486038
GetWindowOrgEx	0x48603c
BeginPath	0x486040
EndPath	0x486044
PathToRegion	0x486048
CreateEllipticRgn	0x48604c
CreateRoundRectRgn	0x486050
GetTextColor	0x486054
GetBkMode	0x486058
GetBkColor	0x48605c
GetROP2	0x486060
GetStretchBltMode	0x486064
GetPolyFillMode	0x486068
RectVisible	0x48606c
CreateDCA	0x486070
CreateBitmap	0x486074
SelectObject	0x486078
GetObjectA	0x48607c
CreatePen	0x486080
PatBlt	0x486084
CombineRgn	0x486088
CreateRectRgn	0x48608c
FillRgn	0x486090
CreateSolidBrush	0x486094
GetStockObject	0x486098
CreateFontIndirectA	0x48609c
EndPage	0x4860a0
EndDoc	0x4860a4
DeleteDC	0x4860a8
StartDocA	0x4860ac
StartPage	0x4860b0
BitBlt	0x4860b4
CreateCompatibleDC	0x4860b8
Ellipse	0x4860bc
Rectangle	0x4860c0
LPtoDP	0x4860c4
DPtoLP	0x4860c8
GetCurrentObject	0x4860cc
RoundRect	0x4860d0
GetTextExtentPoint32A	0x4860d4
GetDeviceCaps	0x4860d8
TextOutA	0x4860dc
ExtTextOutA	0x4860e0
Escape	0x4860e4
SetTextColor	0x4860e8
CreateDIBitmap	0x4860ec
SetROP2	0x4860f0
SetPolyFillMode	0x4860f4
SetBkMode	0x4860f8
RestoreDC	0x4860fc
SaveDC	0x486100
DeleteObject	0x486104
SelectClipRgn	0x486108
CreatePolygonRgn	0x48610c
GetClipRgn	0x486110
SetStretchBltMode	0x486114
CreateRectRgnIndirect	0x486118
SetBkColor	0x48611c
GetTextMetricsA	0x486120
ExcludeClipRect	0x486124
GetClipBox	0x486128
ScaleWindowExtEx	0x48612c
SetWindowExtEx	0x486130
GetWindowExtEx	0x486134
SetWindowOrgEx	0x486138
ScaleViewportExtEx	0x48613c
SetViewportExtEx	0x486140
OffsetViewportOrgEx	0x486144
SetViewportOrgEx	0x486148
SetMapMode	0x48614c
GetDIBits	0x486150
RealizePalette	0x486154
SelectPalette	0x486158
StretchBlt	0x48615c
CreatePalette	0x486160
CreateCompatibleBitmap	0x486164
GetSystemPaletteEntries	0x486168

Function	Address	Souspicious	Anti Debug
ShellExecuteA	0x486394
Shell_NotifyIconA	0x486398

Function	Address	Souspicious	Anti Debug
SetFilePointer	0x486170
GetFileSize	0x486174
TerminateProcess	0x486178
SetLastError	0x48617c
GetVersion	0x486180
CompareStringW	0x486184
CompareStringA	0x486188
GetStringTypeW	0x48618c
GetStringTypeA	0x486190
SetUnhandledExceptionFilter	0x486194
IsBadWritePtr	0x486198
VirtualAlloc	0x48619c
LCMapStringW	0x4861a0
LCMapStringA	0x4861a4
SetEnvironmentVariableA	0x4861a8
VirtualFree	0x4861ac
HeapCreate	0x4861b0
HeapDestroy	0x4861b4
GetEnvironmentVariableA	0x4861b8
GetStdHandle	0x4861bc
SetHandleCount	0x4861c0
GetEnvironmentStringsW	0x4861c4
GetEnvironmentStrings	0x4861c8
FreeEnvironmentStringsW	0x4861cc
FreeEnvironmentStringsA	0x4861d0
UnhandledExceptionFilter	0x4861d4
GetFileType	0x4861d8
SetStdHandle	0x4861dc
GetACP	0x4861e0
HeapSize	0x4861e4
RaiseException	0x4861e8
GetLocalTime	0x4861ec
GetSystemTime	0x4861f0
RtlUnwind	0x4861f4
GetStartupInfoA	0x4861f8
GetOEMCP	0x4861fc
GetCPInfo	0x486200
GetProcessVersion	0x486204
SetErrorMode	0x486208
GlobalFlags	0x48620c
GetCurrentThread	0x486210
GetFileTime	0x486214
TlsGetValue	0x486218
LocalReAlloc	0x48621c
TlsSetValue	0x486220
TlsFree	0x486224
GlobalHandle	0x486228
TlsAlloc	0x48622c
LocalAlloc	0x486230
lstrcmpA	0x486234
GlobalGetAtomNameA	0x486238
GlobalAddAtomA	0x48623c
GlobalFindAtomA	0x486240
GlobalDeleteAtom	0x486244
lstrcmpiA	0x486248
SetEndOfFile	0x48624c
UnlockFile	0x486250
LockFile	0x486254
FlushFileBuffers	0x486258
DuplicateHandle	0x48625c
lstrcpynA	0x486260
FileTimeToLocalFileTime	0x486264
LocalFree	0x486268
InterlockedDecrement	0x48626c
InterlockedIncrement	0x486270
GetTimeZoneInformation	0x486274
FileTimeToSystemTime	0x486278
GetCurrentProcess	0x48627c
CreateSemaphoreA	0x486280
ResumeThread	0x486284
ReleaseSemaphore	0x486288
EnterCriticalSection	0x48628c
LeaveCriticalSection	0x486290
GetProfileStringA	0x486294
WriteFile	0x486298
WaitForMultipleObjects	0x48629c
CreateFileA	0x4862a0
SetEvent	0x4862a4
FindResourceA	0x4862a8
LoadResource	0x4862ac
LockResource	0x4862b0
ReadFile	0x4862b4
GetModuleFileNameA	0x4862b8
WideCharToMultiByte	0x4862bc
MultiByteToWideChar	0x4862c0
GetCurrentThreadId	0x4862c4
ExitProcess	0x4862c8
GlobalSize	0x4862cc
GlobalFree	0x4862d0
DeleteCriticalSection	0x4862d4
InitializeCriticalSection	0x4862d8
lstrcatA	0x4862dc
lstrlenA	0x4862e0
WinExec	0x4862e4
lstrcpyA	0x4862e8
FindNextFileA	0x4862ec
GlobalReAlloc	0x4862f0
HeapFree	0x4862f4
HeapReAlloc	0x4862f8
GetProcessHeap	0x4862fc
HeapAlloc	0x486300
GetFullPathNameA	0x486304
FreeLibrary	0x486308
LoadLibraryA	0x48630c
GetLastError	0x486310
GetVersionExA	0x486314
WritePrivateProfileStringA	0x486318
CreateThread	0x48631c
CreateEventA	0x486320
Sleep	0x486324
GlobalAlloc	0x486328
GlobalLock	0x48632c
GlobalUnlock	0x486330
FindFirstFileA	0x486334
FindClose	0x486338
SetFileAttributesA	0x48633c
GetFileAttributesA	0x486340
SetCurrentDirectoryA	0x486344
GetVolumeInformationA	0x486348
GetModuleHandleA	0x48634c
GetProcAddress	0x486350
MulDiv	0x486354
GetCommandLineA	0x486358
GetTickCount	0x48635c
WaitForSingleObject	0x486360
CloseHandle	0x486364
IsBadReadPtr	0x486368
IsBadCodePtr	0x48636c
InterlockedExchange	0x486370

Function	Address	Souspicious	Anti Debug
RasHangUpA	0x486388
RasGetConnectStatusA	0x48638c

Function	Address	Souspicious	Anti Debug
OpenPrinterA	0x486680
ClosePrinter	0x486684
DocumentPropertiesA	0x486688

Function	Address	Souspicious	Anti Debug
RegCreateKeyExA	0x486000
RegQueryValueA	0x486004
RegSetValueExA	0x486008
RegOpenKeyExA	0x48600c
RegCloseKey	0x486010

Function	Address	Souspicious	Anti Debug
CLSIDFromString	0x4866d8
OleUninitialize	0x4866dc
OleInitialize	0x4866e0

Function	Address	Souspicious	Anti Debug
ImageList_Destroy	0x486018
None	0x48601c

Function	Address	Souspicious	Anti Debug
WSAAsyncSelect	0x486690
closesocket	0x486694
send	0x486698
select	0x48669c
WSACleanup	0x4866a0
WSAStartup	0x4866a4
inet_ntoa	0x4866a8
recvfrom	0x4866ac
getpeername	0x4866b0
recv	0x4866b4
accept	0x4866b8
ioctlsocket	0x4866bc

Function	Address	Souspicious	Anti Debug
GetSysColorBrush	0x4863a0
GetClassNameA	0x4863a4
GetDesktopWindow	0x4863a8
SetWindowTextA	0x4863ac
GetForegroundWindow	0x4863b0
LoadIconA	0x4863b4
TranslateMessage	0x4863b8
DrawFrameControl	0x4863bc
DrawEdge	0x4863c0
DrawFocusRect	0x4863c4
WindowFromPoint	0x4863c8
GetMessageA	0x4863cc
DispatchMessageA	0x4863d0
SetRectEmpty	0x4863d4
RegisterClipboardFormatA	0x4863d8
CreateIconFromResourceEx	0x4863dc
CreateIconFromResource	0x4863e0
DrawIconEx	0x4863e4
CreatePopupMenu	0x4863e8
AppendMenuA	0x4863ec
ModifyMenuA	0x4863f0
CreateMenu	0x4863f4
CreateAcceleratorTableA	0x4863f8
GetDlgCtrlID	0x4863fc
GetSubMenu	0x486400
EnableMenuItem	0x486404
ClientToScreen	0x486408
EnumDisplaySettingsA	0x48640c
LoadImageA	0x486410
SystemParametersInfoA	0x486414
ShowWindow	0x486418
IsWindowEnabled	0x48641c
TranslateAcceleratorA	0x486420
GetKeyState	0x486424
CopyAcceleratorTableA	0x486428
PostQuitMessage	0x48642c
LoadStringA	0x486430
GetMenuCheckMarkDimensions	0x486434
GetMenuState	0x486438
SetMenuItemBitmaps	0x48643c
CheckMenuItem	0x486440
MoveWindow	0x486444
IsDialogMessageA	0x486448
ScrollWindowEx	0x48644c
SendDlgItemMessageA	0x486450
MapWindowPoints	0x486454
AdjustWindowRectEx	0x486458
GetScrollPos	0x48645c
RegisterClassA	0x486460
GetMenuItemCount	0x486464
CreateWindowExA	0x486468
SetWindowsHookExA	0x48646c
CallNextHookEx	0x486470
GetClassLongA	0x486474
SetPropA	0x486478
UnhookWindowsHookEx	0x48647c
GetPropA	0x486480
CallWindowProcA	0x486484
RemovePropA	0x486488
GetMessageTime	0x48648c
GetLastActivePopup	0x486490
IsZoomed	0x486494
GetClassInfoA	0x486498
DefWindowProcA	0x48649c
GetSystemMenu	0x4864a0
DeleteMenu	0x4864a4
GetMenu	0x4864a8
SetMenu	0x4864ac
PeekMessageA	0x4864b0
IsIconic	0x4864b4
SetFocus	0x4864b8
GetActiveWindow	0x4864bc
GetWindow	0x4864c0
DestroyAcceleratorTable	0x4864c4
SetWindowRgn	0x4864c8
GetMessagePos	0x4864cc
ScreenToClient	0x4864d0
ChildWindowFromPointEx	0x4864d4
CopyRect	0x4864d8
LoadBitmapA	0x4864dc
WinHelpA	0x4864e0
KillTimer	0x4864e4
SetTimer	0x4864e8
ReleaseCapture	0x4864ec
GetCapture	0x4864f0
SetCapture	0x4864f4
GetScrollRange	0x4864f8
SetScrollRange	0x4864fc
SetScrollPos	0x486500
SetRect	0x486504
InflateRect	0x486508
IntersectRect	0x48650c
DestroyIcon	0x486510
PtInRect	0x486514
OffsetRect	0x486518
IsWindowVisible	0x48651c
EnableWindow	0x486520
RedrawWindow	0x486524
GetWindowLongA	0x486528
SetWindowLongA	0x48652c
GetSysColor	0x486530
SetActiveWindow	0x486534
SetCursorPos	0x486538
LoadCursorA	0x48653c
SetCursor	0x486540
GetDC	0x486544
FillRect	0x486548
IsRectEmpty	0x48654c
ReleaseDC	0x486550
IsChild	0x486554
DestroyMenu	0x486558
SetForegroundWindow	0x48655c
GetWindowRect	0x486560
EqualRect	0x486564
UpdateWindow	0x486568
ValidateRect	0x48656c
InvalidateRect	0x486570
GetClientRect	0x486574
GetFocus	0x486578
GetParent	0x48657c
GetTopWindow	0x486580
PostMessageA	0x486584
IsWindow	0x486588
SetParent	0x48658c
DestroyCursor	0x486590
SendMessageA	0x486594
SetWindowPos	0x486598
MessageBoxA	0x48659c
GetCursorPos	0x4865a0
GetSystemMetrics	0x4865a4
EmptyClipboard	0x4865a8
SetClipboardData	0x4865ac
OpenClipboard	0x4865b0
GetClipboardData	0x4865b4
CloseClipboard	0x4865b8
wsprintfA	0x4865bc
GetWindowTextA	0x4865c0
GetMenuItemID	0x4865c4
UnregisterClassA	0x4865c8
GetDlgItem	0x4865cc
GetWindowTextLengthA	0x4865d0
CharUpperA	0x4865d4
GetWindowDC	0x4865d8
BeginPaint	0x4865dc
EndPaint	0x4865e0
TabbedTextOutA	0x4865e4
DrawTextA	0x4865e8
GrayStringA	0x4865ec
DestroyWindow	0x4865f0
CreateDialogIndirectParamA	0x4865f4
EndDialog	0x4865f8
GetNextDlgTabItem	0x4865fc
GetWindowPlacement	0x486600
RegisterWindowMessageA	0x486604

Function	Address	Souspicious	Anti Debug
UnRegisterTypeLib	0x486378
RegisterTypeLib	0x48637c
LoadTypeLib	0x486380