General

Malware Config

Signatures

Files

• 8d8478081d8f0b2173d1af6564b7e469a6528babda0761e282e0a5f9715d7217

  .exe windows x86

  a3d9eef0f705e98f79058466bc0635d3

  
  

  Code Sign

  06:ae:7e:c9:f9:f3:d0:15:a9:5d:a6:d5:33:8d:45:80:f1:8d:ed:b0

  Certificate

  Issuer

  CN=Guoshuyan Sign Root CA,O=Guoshuyan Root Co.,C=CN

  Not Before

  31-12-1969 16:00

  Not After

  31-12-2099 16:00

  Subject

  CN=guoshuyan.github.io,OU=技术部,O=Guoshuyan Virus Co.,L=新乡,ST=河南,C=CN

  b8:c2:64:7b:03:79:cd:7a:58:ee:ba:7c:07:bf:2c:8f:55:46:5d:9a:45:21:56:6a:c3:9d:3b:5a:57:2e:1a:43

  Signer

  Actual PE Digest

  b8:c2:64:7b:03:79:cd:7a:58:ee:ba:7c:07:bf:2c:8f:55:46:5d:9a:45:21:56:6a:c3:9d:3b:5a:57:2e:1a:43

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=guoshuyan.github.io,OU=技术部,O=Guoshuyan Virus Co.,L=新乡,ST=河南,C=CN

  29-09-2022 19:04

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LoadLibraryA

  DeleteFileW

  HeapReAlloc

  CloseHandle

  GetSystemInfo

  CreateThread

  HeapAlloc

  DecodePointer

  GetProcAddress

  DeleteCriticalSection

  ExitProcess

  GetProcessHeap

  CopyFileW

  WideCharToMultiByte

  WinExec

  WaitForSingleObjectEx

  GetExitCodeThread

  EnterCriticalSection

  LeaveCriticalSection

  EncodePointer

  LCMapStringEx

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  CreateFileA

  GetModuleHandleW

  GetStringTypeW

  GetCPInfo

  IsDebuggerPresent

  OutputDebugStringW

  RaiseException

  GetCurrentDirectoryW

  SetStdHandle

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetOEMCP

  GetACP

  IsValidCodePage

  GetTimeZoneInformation

  SetFilePointerEx

  GetFileSizeEx

  GetConsoleOutputCP

  FlushFileBuffers

  WriteConsoleW

  ReadConsoleW

  GetConsoleMode

  ReadFile

  GetFileAttributesExW

  CreateProcessW

  GetExitCodeProcess

  WaitForSingleObject

  GetFileType

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLastError

  Sleep

  MultiByteToWideChar

  SetFileAttributesW

  HeapSize

  GetCurrentThreadId

  CreateFileW

  InitializeCriticalSectionEx

  RemoveDirectoryW

  TerminateProcess

  WriteFile

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  lstrlenW

  GetCurrentProcess

  HeapFree

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  IsProcessorFeaturePresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  GetCurrentProcessId

  InitializeSListHead

  RtlUnwind

  SetLastError

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  LoadLibraryExW

  GetModuleHandleExW

  FindClose

  FindFirstFileExW

  FindNextFileW

  SystemTimeToTzSpecificLocalTime

  FileTimeToSystemTime

  ExitThread

  FreeLibraryAndExitThread

  GetModuleFileNameW

  GetStdHandle

  GetCommandLineA

  GetCommandLineW

  GetDriveTypeW

  GetFullPathNameW

  user32

  GetMessageW

  DefWindowProcW

  GetDC

  MessageBoxW

  CreateWindowExW

  CallNextHookEx

  GetSystemMetrics

  DrawIcon

  ShowWindow

  DispatchMessageW

  RegisterClassW

  MessageBoxA

  UnhookWindowsHookEx

  TranslateMessage

  LoadIconW

  FindWindowW

  LoadCursorW

  GetWindowDC

  SetWindowsHookExW

  GetDesktopWindow

  FindWindowA

  UpdateWindow

  SetCursorPos

  GetCursorPos

  ExitWindowsEx

  advapi32

  CryptAcquireContextW

  RegOpenKeyExW

  OpenProcessToken

  RegSetValueExW

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  RegCloseKey

  RegGetValueW

  CryptGenRandom

  RegCreateKeyExW

  shell32

  ord680

  ShellExecuteA

  gdi32

  StretchBlt

  BitBlt

  GetStockObject

  Exports

  Exports

  ?__FUCKYOU_FUCKYOU@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@Z

  ?__FUCKYOU_FUCKYOU_@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@Z

  ?__FUCKYOU_FUCKYOU__@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@Z

  ?__FUCKYOU_FUCKYOU___@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@Z

  ?__FUCKYOU_FUCKYOU____@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@Z

  ?__FUCKYOU_FUCKYOU_____@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@Z

  ?__FUCKYOU_FUCKYOU______@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@Z

  Sections

  .text

  Size: 198KB - Virtual size: 198KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 71KB - Virtual size: 70KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 27KB - Virtual size: 26KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ