infected2023042501[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

infected2023042501.rar
Size

17.7MB
MD5

72e4f3608ecfbb1098a5ff7ea171d541
SHA1

995598c603e6f212005a8dd6f3150d780fac8ded
SHA256

82b8d175292a3441624af910e61ef4c6abadbea2efe824e7883b145acdf18974
SHA512

6d97d452505e48ccbd32a08ef9be803bbc6ef2781af06ad5917f80597ad3601ad09ff221105cd4e6f4caf3b2ae69356eb31837fc216b21802dde8fa823765224
SSDEEP

393216:Y8Kw9H0QleuaUhxiC7DJxi9pOvjdd6KsDvDiMV3cMy:YcUQl8JaJ49wv3SDiMV3cJ

Score

7^/10

pyinstaller upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/infected2023042501/Downloads/中航信移动科技有限公司〔2023〕7号.‮xcod.exe.exe	upx

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/infected2023042501/Downloads/getsysteminfo.exe	pyinstaller

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/infected2023042501/Downloads/2021-2022年度民航青年文明号拟命名集体名单.pdf .exe
unpack001/infected2023042501/Downloads/2023企业个人最新版所得税缴纳标准1.exe
unpack001/infected2023042501/Downloads/Quotation_copy_xls.exe
unpack001/infected2023042501/Downloads/getsysteminfo.exe
unpack001/infected2023042501/Downloads/中航信移动科技有限公司〔2023〕7号.‮xcod.exe.exe
unpack001/infected2023042501/Downloads/公积金信息_20230425.exe
unpack001/infected2023042501/Downloads/工号：YC01198-工作邮箱：[email protected]使用工位网口异常反馈.exe
unpack001/infected2023042501/Downloads/永赢基金管理有限公司客户相关的投诉信件内容_maxwealthfund.com
unpack001/infected2023042501/Downloads/深圳智园总部饭堂吃出小蟑螂食品安全事件图片证据jpeg.exe
unpack001/infected2023042501/Downloads/资金账户对账单导出#r.com

Files

infected2023042501.rar
.rar
infected2023042501/Downloads/-252871022_150(1).CHM
.chm
infected2023042501/Downloads/2021-2022年度民航青年文明号拟命名集体名单.pdf .exe
.exe windows x64

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 621KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 34B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
infected2023042501/Downloads/2023企业个人最新版所得税缴纳标准1.exe
.exe windows x86

db2475a8ffe9e88bdede9b428c196715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
GetSystemInfo
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetCommandLineW
GetCommandLineA
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringEx
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetUserDefaultLCID
GetTempFileNameW
FindResourceExW
GetProfileIntW
SearchPathW
SetErrorMode
VirtualProtect
VerifyVersionInfoW
VerSetConditionMask
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
InitializeCriticalSection
GlobalGetAtomNameW
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
GetThreadLocale
lstrcmpiW
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LocalAlloc
CompareStringW
GlobalFindAtomW
LoadLibraryA
GlobalAddAtomW
SetThreadPriority
EncodePointer
CompareStringA
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
GetCurrentThreadId
OutputDebugStringA
SetLastError
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
MultiByteToWideChar
GetVersionExW
WritePrivateProfileStructW
GetPrivateProfileStructW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcatW
lstrcpyW
GetSystemDefaultLangID
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
VirtualQueryEx
GetLogicalDrives
QueryDosDeviceW
GetDriveTypeW
DuplicateHandle
GetCurrentProcess
Process32FirstW
IsWow64Process
OpenProcess
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32FirstW
TerminateProcess
CreateRemoteThread
GetExitCodeThread
Module32NextW
Process32NextW
SetFileAttributesW
DeleteFileW
OutputDebugStringW
CreateDirectoryW
FreeLibrary
GetFileAttributesW
GetSystemDirectoryW
GetWindowsDirectoryW
GetFileTime
CreateFileW
ResetEvent
SetEvent
CreateEventW
WideCharToMultiByte
GetProcessHeap
DecodePointer
HeapAlloc
LoadLibraryW
RaiseException
GetNativeSystemInfo
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetCurrentThread
QueueUserAPC
GetModuleHandleA
GetProcAddress
ResumeThread
CreateThread
Sleep
SuspendThread
EnterCriticalSection
GetTickCount
GetTempPathW
TerminateThread
WaitForSingleObject
CopyFileW
GetModuleFileNameW
UnmapViewOfFile
VirtualAlloc
MapViewOfFile
CreateFileMappingW
MoveFileA
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
GetLastError
CreateMutexW
LeaveCriticalSection
ExitProcess

user32

DeleteMenu
CopyImage
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
LoadCursorW
GetSysColorBrush
CharUpperW
FillRect
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
EqualRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
EndPaint
BeginPaint
SetForegroundWindow
UpdateWindow
RealChildWindowFromPoint
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetKeyboardLayout
RegisterWindowMessageW
GetSysColor
GetMenuItemInfoW
DestroyMenu
ModifyMenuW
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxW
GetKeyboardState
MapVirtualKeyW
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
LoadIconW
GetSystemMenu
AppendMenuW
SetCursor
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetKeyState
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
InvalidateRect
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
CreatePopupMenu
InsertMenuItemW
IntersectRect
DestroyIcon
LoadImageW
UnpackDDElParam
ReuseDDElParam
SetParent
MonitorFromPoint
CreateDialogIndirectParamW
DestroyWindow
SetLayeredWindowAttributes
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
TrackMouseEvent
GetAsyncKeyState
SetWindowRgn
TrackPopupMenu
SendMessageW
SetTimer
PostQuitMessage
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetCursorPos
IsRectEmpty
PtInRect
SetRectEmpty
KillTimer
CopyRect
SetRect
PostMessageW
OffsetRect
GetWindowRect
EnableWindow
CharUpperBuffW
UnregisterClassW
EnumDisplayMonitors
GetWindowPlacement
InflateRect
SystemParametersInfoW
GetWindowLongW
GetForegroundWindow
IsWindowVisible
GetParent
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
IsZoomed
RedrawWindow
MessageBeep
SetWindowPos
SetWindowContextHelpId
GetWindow
MapDialogRect
IsWindow
EnumChildWindows
RegisterClipboardFormatW
LockWindowUpdate
SetClassLongW
NotifyWinEvent
PostThreadMessageW
UnhookWindowsHookEx
ToUnicodeEx
CharNextW
InvalidateRgn
GetNextDlgGroupItem
IsClipboardFormatAvailable
SendDlgItemMessageA
GetKeyNameTextW
UnionRect
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
SetCursorPos
InvertRect
HideCaret
GetWindowRgn
GetComboBoxInfo
DestroyCursor
CreateMenu
GetIconInfo
GetDoubleClickTime
GetUpdateRect
SubtractRect
MapVirtualKeyExW
IsCharLowerW
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CopyIcon
SetMenuDefaultItem
GetMenuDefaultItem
EnableScrollBar
UpdateLayeredWindow
GetMessagePos

gdi32

GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateCompatibleBitmap
CreateDIBitmap
CreateRectRgnIndirect
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
GetPixel
GetDIBits
PatBlt
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
GetRgnBox
OffsetRgn
GetTextColor
GetBkColor
DPtoLP
GetMapMode
SetRectRgn
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
RoundRect
CreatePalette
GetPaletteEntries
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetNearestPaletteIndex
GetSystemPaletteEntries
GetTextFaceW
SetPixelV
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
SetTextColor
SetBkColor
ExtTextOutW
GetObjectW
GetTextExtentPoint32W
CreateFontIndirectW
CreateCompatibleDC
BitBlt
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
CombineRgn
GetObjectType
DeleteDC

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueExW
LookupPrivilegeValueW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
AdjustTokenPrivileges
RegOpenKeyExW
RegCloseKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
OpenProcessToken

shell32

ShellExecuteW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathFindFileNameA
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
UrlUnescapeW

uxtheme

DrawThemeText
DrawThemeParentBackground
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed
GetThemeColor
GetCurrentThemeName
GetWindowTheme
GetThemeSysColor

ole32

OleIsCurrentClipboard
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
OleGetClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
OleLockRunning
StgCreateDocfileOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoInitialize
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantChangeType
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
VariantInit

oledlg

OleUIBusyW

gdiplus

GdipCreateFromHDC
GdipDrawImageI
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

psapi

GetProcessImageFileNameW
GetMappedFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

wininet

HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpQueryInfoW

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
infected2023042501/Downloads/Quotation_copy_xls.exe
.exe windows x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
infected2023042501/Downloads/getsysteminfo.exe
.exe windows x64

1e92fd54d65284238a0e3b74b2715062

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetCPInfo
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
GetEnvironmentVariableW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
infected2023042501/Downloads/中航信移动科技有限公司〔2023〕7号.‮xcod.exe.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 681KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
infected2023042501/Downloads/公积金信息_20230425.exe
.exe windows x64

d87675047f53428fe6e9eee62dc46129

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlUnwindEx
GetACP
CloseHandle
LocalFree
VirtualProtect
QueryPerformanceFrequency
VirtualFree
GetFullPathNameW
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
lstrcpynW
GetLastError
GetModuleFileNameW
SetLastError
GetNativeSystemInfo
lstrlenA
CreateThread
CompareStringW
CopyFileW
lstrcpyA
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
ExpandEnvironmentStringsW
LoadLibraryExW
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
SuspendThread
GetTickCount
lstrcmpiA
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
CreateMutexA
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
GetLogicalProcessorInformation
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
CreateEventW
SetThreadLocale
GetThreadLocale

ole32

CoInitializeEx
CoInitialize
CoInitializeSecurity
CoCreateInstance
CoUninitialize

user32

GetMessageW
TranslateMessage
CharLowerBuffW
PeekMessageW
CharUpperW
GetSystemMetrics
MessageBoxA
MessageBoxW
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
DispatchMessageW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

msvcrt

_wcslwr
isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

advapi32

CryptDeriveKey
CryptGetKeyParam
CryptSetKeyParam
CryptDecrypt
CryptImportKey
CryptDestroyKey
AdjustTokenPrivileges
GetUserNameW
CryptDestroyHash
LookupPrivilegeValueA
RegOpenKeyExW
OpenProcessToken
CryptReleaseContext
CryptGetHashParam
RegQueryValueExW
RegCloseKey
CryptHashData
CryptCreateHash
CryptAcquireContextW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 770KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 50KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 568B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
infected2023042501/Downloads/工号：YC01198-工作邮箱：[email protected]使用工位网口异常反馈.exe
.exe windows x64

d87675047f53428fe6e9eee62dc46129

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlUnwindEx
GetACP
CloseHandle
LocalFree
VirtualProtect
QueryPerformanceFrequency
VirtualFree
GetFullPathNameW
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
lstrcpynW
GetLastError
GetModuleFileNameW
SetLastError
GetNativeSystemInfo
lstrlenA
CreateThread
CompareStringW
CopyFileW
lstrcpyA
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
ExpandEnvironmentStringsW
LoadLibraryExW
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
SuspendThread
GetTickCount
lstrcmpiA
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
CreateMutexA
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
GetLogicalProcessorInformation
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
CreateEventW
SetThreadLocale
GetThreadLocale

ole32

CoInitializeEx
CoInitialize
CoInitializeSecurity
CoCreateInstance
CoUninitialize

user32

GetMessageW
TranslateMessage
CharLowerBuffW
PeekMessageW
CharUpperW
GetSystemMetrics
MessageBoxA
MessageBoxW
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
DispatchMessageW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

msvcrt

_wcslwr
isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

advapi32

CryptDeriveKey
CryptGetKeyParam
CryptSetKeyParam
CryptDecrypt
CryptImportKey
CryptDestroyKey
AdjustTokenPrivileges
GetUserNameW
CryptDestroyHash
LookupPrivilegeValueA
RegOpenKeyExW
OpenProcessToken
CryptReleaseContext
CryptGetHashParam
RegQueryValueExW
RegCloseKey
CryptHashData
CryptCreateHash
CryptAcquireContextW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 702KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 50KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 568B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
infected2023042501/Downloads/永赢基金管理有限公司客户相关的投诉信件内容_maxwealthfund.com
.exe windows x64

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 654KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
infected2023042501/Downloads/深圳智园总部饭堂吃出小蟑螂食品安全事件图片证据jpeg.exe
.exe windows x64

53e22939c3dc2b61cd5205e10e34ba47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CreateProcessW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
memcpy
memset

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
exit
terminate

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
infected2023042501/Downloads/资金账户对账单导出#r.com
.exe windows x86

3708fbbcc08bea10dc844b08d789cd0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertFindExtension
CryptDecodeObjectEx
CryptQueryObject
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryW
CertCloseStore
CertFindCertificateInStore
PFXImportCertStore
CertAddCertificateContextToStore
CertFreeCertificateContext

kernel32

GetTimeFormatA
GetDateFormatA
RtlUnwind
ExitProcess
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
CreateThread
VirtualFree
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
GetProcessHeap
GetCurrentDirectoryA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
CreateFileA
GetDriveTypeA
SetEnvironmentVariableA
ExitThread
GetDriveTypeW
GetFileInformationByHandle
HeapReAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
GetStartupInfoW
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetStringTypeExW
DeleteFileW
MoveFileW
lstrlenA
GetThreadLocale
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalFree
LocalAlloc
InterlockedDecrement
GlobalFlags
MulDiv
GlobalGetAtomNameW
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
GlobalFindAtomW
GetVersionExW
CompareStringW
GetVersionExA
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAlloc
GlobalUnlock
GlobalLock
lstrcmpW
GetFileSizeEx
SleepEx
GetModuleHandleA
VerSetConditionMask
VerifyVersionInfoW
WaitForSingleObject
MoveFileExW
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
GetCurrentProcessId
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleW
LoadLibraryW
GetSystemDirectoryW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetLastError
FormatMessageW
LocalFileTimeToFileTime
CloseHandle
GetCurrentDirectoryW
CreateFileW
ReadFile
GetFileAttributesW
WriteFile
SetFileTime
CreateDirectoryW
SystemTimeToFileTime
SetFilePointer
ExpandEnvironmentStringsW
FindNextFileW
GetModuleFileNameA
LockResource
GetLastError
CreateDirectoryA
lstrlenW
MultiByteToWideChar
CreateEventA
SizeofResource
Sleep
WideCharToMultiByte
FindFirstFileExW
LoadResource
FindResourceW
FindResourceExW
FindFirstFileW
LoadLibraryA
FindClose
GetProcAddress
GetEnvironmentVariableA
GetTickCount
HeapDestroy
DeleteFileA

user32

GetDC
ReleaseDC
LoadCursorW
DestroyCursor
SetRect
UnpackDDElParam
ReuseDDElParam
ReleaseCapture
InvalidateRect
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorW
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetTabbedTextExtentA
GetWindowRect
FillRect
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
IsWindow
SetWindowTextW
IsDialogMessageW
UpdateWindow
CreateMenu
KillTimer
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
LoadMenuW
LoadAcceleratorsW
DestroyMenu
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
RegisterClipboardFormatW
PostMessageW
PostQuitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
wsprintfW
EnableWindow
UnregisterClassW
LockWindowUpdate
GetDCEx
GetSystemMetrics
WindowFromPoint
SetTimer
SetWindowRgn
DrawIcon
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
GetSysColorBrush
CharUpperW
DestroyIcon
MessageBeep
GetNextDlgGroupItem
SetCapture
InvalidateRgn
CopyAcceleratorTableW
CharNextW
PostThreadMessageW
TranslateMDISysAccel
RemoveMenu
InsertMenuW
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
SetParent
GetSystemMenu
AppendMenuW
DeleteMenu
IsRectEmpty
IsZoomed
GetWindowPlacement
RedrawWindow
GetMenuStringW

gdi32

SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
StretchDIBits
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
CreateSolidBrush
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
CreateFontIndirectW
SetRectRgn
CombineRgn
GetMapMode
CreateEllipticRgn
LPtoDP
Ellipse
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
GetTextExtentPoint32A
GetWindowOrgEx
CreateFontW
GetCharWidthW
DeleteObject
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
GetStockObject
PatBlt
Rectangle
GetViewportOrgEx
CreatePen
CreateDCW
DeleteDC
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocW
DPtoLP
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
Escape
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptEncrypt
CryptImportKey
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyW
RegSetValueW
GetFileSecurityW
SetFileSecurityW
RegEnumKeyW
RegOpenKeyW
RegDeleteValueW

shell32

DragFinish
ExtractIconW
SHGetFileInfoW
DragQueryFileW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoGetClassObject
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoUninitialize
CoCreateInstance
CoInitializeEx
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleInitialize
OleDestroyMenuDescriptor

oleaut32

SysFreeString
VariantClear
VariantChangeType
VariantInit
SysStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysAllocStringLen

ws2_32

closesocket
ioctlsocket
gethostname
getpeername
__WSAFDIsSet
select
connect
recv
WSAIoctl
setsockopt
getaddrinfo
freeaddrinfo
htonl
socket
listen
getsockname
accept
recvfrom
bind
sendto
htons
WSASetLastError
ntohs
WSACloseEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
getsockopt
WSACreateEvent
WSAStartup
WSACleanup
WSAGetLastError
send

wldap32

ord133
ord147
ord127
ord142
ord79
ord167
ord26
ord27
ord41
ord46
ord216
ord73
ord208
ord145
ord219
ord14
ord301
ord117

Sections

.text
Size: 753KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 621KB - Virtual size: 620KB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 94KB - Virtual size: 445KB

/4 Size: 512B - Virtual size: 295B

/19 Size: 130KB - Virtual size: 129KB

/32 Size: 25KB - Virtual size: 25KB

/46 Size: 512B - Virtual size: 34B

/65 Size: 241KB - Virtual size: 240KB

/78 Size: 133KB - Virtual size: 133KB

/90 Size: 42KB - Virtual size: 41KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 12KB - Virtual size: 11KB

.symtab Size: 104KB - Virtual size: 104KB

db2475a8ffe9e88bdede9b428c196715

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

psapi

version

oleacc

wininet

imm32

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 375KB - Virtual size: 375KB

.data Size: 25KB - Virtual size: 43KB

.rsrc Size: 312KB - Virtual size: 311KB

.reloc Size: 145KB - Virtual size: 145KB

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 6KB - Virtual size: 6KB

1e92fd54d65284238a0e3b74b2715062

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 621KB - Virtual size: 620KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 94KB - Virtual size: 445KB

/4
Size: 512B - Virtual size: 295B

/19
Size: 130KB - Virtual size: 129KB

/32
Size: 25KB - Virtual size: 25KB

/46
Size: 512B - Virtual size: 34B

/65
Size: 241KB - Virtual size: 240KB

/78
Size: 133KB - Virtual size: 133KB

/90
Size: 42KB - Virtual size: 41KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 11KB

.symtab
Size: 104KB - Virtual size: 104KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 375KB - Virtual size: 375KB

.data
Size: 25KB - Virtual size: 43KB

.rsrc
Size: 312KB - Virtual size: 311KB

.reloc
Size: 145KB - Virtual size: 145KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 681KB - Virtual size: 684KB

.rsrc
Size: 17KB - Virtual size: 20KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 770KB - Virtual size: 770KB

.bss
Size: - Virtual size: 50KB

.idata
Size: 6KB - Virtual size: 5KB

.tls
Size: - Virtual size: 568B

.rdata
Size: 512B - Virtual size: 109B

.reloc
Size: 64KB - Virtual size: 64KB

.pdata
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 160KB - Virtual size: 159KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 702KB - Virtual size: 702KB

.bss
Size: - Virtual size: 50KB

.idata
Size: 6KB - Virtual size: 5KB

.tls
Size: - Virtual size: 568B

.rdata
Size: 512B - Virtual size: 109B

.reloc
Size: 64KB - Virtual size: 64KB

.pdata
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 160KB - Virtual size: 159KB