MalScore
100/100
MalFamily
Airjp

shj.exe

Is DLL Packer Anti Debug Anti VM Signed XOR
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 2737.50 KB (2803200 bytes)
Compile time: 2017-06-02 09:29:25
MD5: 406414842167df8d8e2acc150837af9e
SHA1: 0757e6870e574726b8aa88cdbedfe8290a15836f
SHA256: 02e96915e29e5c3f5a545976152ffcab3f5f698b529f8f561a56d48dac90f392
Import hash: 8a468e3b246fb0ed198252dfc5430619
Sections 5 .text .rdata .data .rsrc .reloc
Directories 3 import resource relocation
First submission: 2022-03-01 06:57:11
Last submission: 2022-03-01 06:57:11
Filename detected: - shj.exe (1)
URL file hosting
hXXp://download.game.yy.com/weiduan/shj.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
No report available
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0x15f0ed 1438208 78914bd5ddda3bbf61cbc41ae9c882d8 7b46f1eb1dbc4914a84fa7c522358b94945f29b3
.rdata 0x161000 0x51e1a 335872 21a1fb5170a40baee9823ce1af172405 e92a7ec78fb07a0b50f17bece2432ecdfee44c5b
.data 0x1b3000 0x29688 27136 85b9c55e2565e19f0f5a8ef1d5efa720 c5ec5cdfdf17b5df5385f8bd668c263bcc7dc021
.rsrc 0x1dd000 0xd6198 877056 f4013bafa1584fc358fd879d98187e50 6684b528de402c1cda73b837bcd6c8a6575db7a9
.reloc 0x2b4000 0x1e36c 123904 8423226a883f6e4375e25e7c52dfc584 41252357b03ca7e04d2d93b3483e5ad4f44be194
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C++ 8
File found
FIle type: Object
hhctrl.ocx
FIle type: Compressed
ShjClient.zip
FIle type: Text
%s\%s_log.txt
FIle type: Library
Vkernel32.dll
QRICHED20.DLL
USER32.dll
mscoree.dll
WININET.dll
dwrite.dll
comctl32.dll
VComdlg32.dll
UxTheme.dll
dwmapi.dll
SHELL32.dll
CD2D1.dll
ADVAPI32.dll
comdlg32.dll
SHLWAPI.dll
OLEAUT32.dll
oledlg.dll
IMM32.dll
GDI32.dll
%s%s.dll
ole32.dll
MSIMG32.dll
KERNEL32.dll
gdiplus.dll
Aadvapi32.dll
WINMM.dll
mfcm120.dll
OLEACC.dll
IP Found
1.0.0.12
URL(s)
http://admin.shj.youxi-api.com/applay?key=
http://
http://www.w3.org/1999/02/22-rdf-syntax-ns#
http://bbs.open.qq.com/forum.php?mod=forumdisplay&action=list&fid=5713
http://ns.adobe.com/xap/1.0/mm/
http://bbs.open.qq.com/thread-48295732-1-1.html
http://res.shj.g.yx-g.cn/launcher/
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://shj.swjoy.com/embed/3417/
http://ns.adobe.com/xap/1.0/
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2022-03-01 06:31:19 2022-03-01 06:34:27 188

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2022-03-01 06:31:19 2022-03-01 06:34:27 188

7 Summary items with data

Files

C:\Users\Seven01\AppData\Local\Temp\launcher_log.txt
C:\Users\Seven01\AppData\Local\Temp\ShjLauncher.mdb
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\shj\
C:\
C:\shj\launcher_version.mdb.temp
C:\shj\launcher_version.mdb

Read Files

C:\Users\Seven01\AppData\Local\Temp\ShjLauncher.mdb
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Users\Seven01\AppData\Local\Temp\launcher_log.txt
C:\shj\launcher_version.mdb

Write Files

C:\Users\Seven01\AppData\Local\Temp\launcher_log.txt
C:\Users\Seven01\AppData\Local\Temp\ShjLauncher.mdb
C:\shj\launcher_version.mdb.temp
C:\shj\launcher_version.mdb

Delete Files

C:\shj\launcher_version.mdb.temp

Keys

HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable

Read Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
rasapi32.dll.RasConnectionNotificationW
sechost.dll.NotifyServiceStatusChangeA
cryptbase.dll.SystemFunction036

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2022-03-01 06:31:19 2022-03-01 06:34:27 188

2 HTTP Request(s) detected

http://res.wbly.shj.ate.cn/launcher/launcher_version.mdb
  • Hostname: res.wbly.shj.ate.cn
  • IP Address: 0.0.0.0
  • Port: 80
  • Count: 1

HEAD /launcher/launcher_version.mdb HTTP/1.1
User-Agent: MyAppByMulinB
Host: res.wbly.shj.ate.cn
Content-Length: 0
Cache-Control: no-cache

http://res.wbly.shj.ate.cn/launcher/launcher_version.mdb
  • Hostname: res.wbly.shj.ate.cn
  • IP Address: 0.0.0.0
  • Port: 80
  • Count: 1

GET /launcher/launcher_version.mdb HTTP/1.1
Range: bytes=0-257
User-Agent: MyAppByMulinB
Host: res.wbly.shj.ate.cn
Cache-Control: no-cache

#infosec #automation

TheSystem Itself @ 2022-03-01 06:57:12

Detected family: #Airjp

TheSystem Itself @ 2022-03-01 07:03:03