87b11f2a235d602956e76d6d085343cd5e25557b976a353c6b5b9ccce860d0be

Sharing

Copy URL

Twitter E-mail

General

Target

87b11f2a235d602956e76d6d085343cd5e25557b976a353c6b5b9ccce860d0be
Size

996KB
MD5

2114545beb1f0a33f14f108e9c461182
SHA1

3a3c5cb0985c00e3f485abc02896aaf89b2ecc72
SHA256

87b11f2a235d602956e76d6d085343cd5e25557b976a353c6b5b9ccce860d0be
SHA512

5f3bacf6e5235342261812e1d9379aa3d256a7e6614dcc54b0c4c93c10b720fce9d92c08d6dc71a9eff4b23a2ec77d772f495c00d41cd9f13044f630d04bba23
SSDEEP

24576:ZttV07sLZA6EfjbRrT0GhGNCujmvYxUUzGN7UhM2+2rAQL:ZttV07sL+6EfjbRH06uHN6brElL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Windows使用记录查看工具.exe

Files

87b11f2a235d602956e76d6d085343cd5e25557b976a353c6b5b9ccce860d0be
.zip
Windows使用记录查看工具.exe
.exe windows x86

e9bfb6bc17ff2d1bb6d74b3472b356af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeW
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
IsDebuggerPresent
UnhandledExceptionFilter
GetOEMCP
GetACP
EnumSystemLocalesA
GetCPInfo
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
DeleteCriticalSection
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
ExitThread
HeapReAlloc
RaiseException
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetTickCount
GetTempPathW
GetTempFileNameW
SetErrorMode
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
GetFileAttributesExW
GetFullPathNameW
GetVolumeInformationW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameW
GetThreadLocale
DeleteFileW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetSystemDirectoryW
ReleaseActCtx
CreateActCtxW
GlobalFindAtomW
CompareStringW
GlobalAddAtomW
ResumeThread
SetThreadPriority
lstrlenA
CopyFileW
GlobalSize
MulDiv
GetCurrentProcessId
WaitForSingleObject
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeResource
GlobalFree
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareFileTime
lstrcmpiW
lstrcmpW
lstrcpyW
lstrlenW
InterlockedExchange
CreateFileW
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentDirectoryW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FindFirstFileW
LocalFree
FreeLibrary
FormatMessageW
LoadLibraryExW
ExpandEnvironmentStringsW
GetVersionExW
GetDriveTypeW
WideCharToMultiByte
MultiByteToWideChar
FileTimeToSystemTime
CreateThread
GetVolumePathNamesForVolumeNameW
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
TerminateProcess
OpenProcess
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
ActivateActCtx
GetProcAddress
GetModuleHandleW
LoadLibraryW
DeactivateActCtx
SetLastError
InitializeCriticalSectionAndSpinCount
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoA

user32

GetIconInfo
HideCaret
InvertRect
RegisterClipboardFormatW
LockWindowUpdate
SetCursorPos
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
UnregisterClassW
CopyImage
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
SetWindowRgn
CharUpperW
DestroyIcon
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
OffsetRect
CharNextW
KillTimer
RealChildWindowFromPoint
GetSysColorBrush
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
LoadCursorW
WindowFromPoint
SetCapture
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
FrameRect
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
IntersectRect
InflateRect
GetWindowTextLengthW
GetWindowTextW
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
CheckDlgButton
UnhookWindowsHookEx
GetClassNameW
UpdateWindow
DrawStateW
ShowOwnedPopups
SetCursor
GetDC
GetWindowRect
GetSysColor
LoadIconW
GetSystemMenu
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
MapVirtualKeyW
GetKeyNameTextW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
ScreenToClient
CopyIcon
CharUpperBuffW
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
GrayStringW
DrawTextExW
TabbedTextOutW
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
GetWindowThreadProcessId
GetLastActivePopup
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DestroyCursor
GetWindowRgn
GetScrollRange
AppendMenuW
SendMessageW
SetTimer
GetWindowLongW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
PostMessageW
FindWindowW
LoadMenuW
GetSubMenu
GetCursorPos
EnableMenuItem
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetFocus
IsChild
EnableWindow
LoadBitmapW
IsWindow
InvalidateRect
LoadImageW
IsRectEmpty
DrawTextW
PtInRect
RedrawWindow
CopyRect
FillRect
SetRect
PostQuitMessage
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
RegisterWindowMessageW
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
MessageBoxW
CreateAcceleratorTableW

gdi32

DPtoLP
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
Rectangle
GetMapMode
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
GetPixel
GetWindowExtEx
GetViewportExtEx
SetRectRgn
CombineRgn
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
EnumFontFamiliesExW
CreateCompatibleDC
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateSolidBrush
CreateRectRgnIndirect
GetTextExtentPoint32W
GetDIBColorTable
SelectObject
DeleteDC
DeleteObject
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
SetPixel
PatBlt
BitBlt
StretchBlt
CreateBitmap

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryInfoKeyW
RegCloseKey
RegEnumValueW
RegQueryValueExW
OpenEventLogW
GetOldestEventLogRecord
ReadEventLogW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetDesktopFolder
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHAppBarMessage
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

StrRetToStrW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
StrStrIW

ole32

OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CLSIDFromString
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
CLSIDFromProgID
CoCreateGuid
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
RevokeDragDrop
CoLockObjectExternal
CreateILockBytesOnHGlobal
RegisterDragDrop

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
VarBstrFromDate
SysStringLen
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
软件下载与安装.png
.png

Sharing

General

Malware Config

Signatures

Files

e9bfb6bc17ff2d1bb6d74b3472b356af

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 297KB - Virtual size: 296KB

.data Size: 34KB - Virtual size: 65KB

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 173KB - Virtual size: 172KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 297KB - Virtual size: 296KB

.data
Size: 34KB - Virtual size: 65KB

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 173KB - Virtual size: 172KB