Sample[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Sample.rar
Size

21.2MB
MD5

cb7b54b1d0a1d6c7156bd55db83fc0fd
SHA1

2ccc7a502f6ea408274453c04a0f297d997c4dcf
SHA256

4c824c6096b9b770214a8df43eb6b1ef1220fae34668d913297d3d83fe019e99
SHA512

6a489a71f4d72de616742159a452bd865e12367166f65c86401cf125203f411631dd17148ac74e89504c55801ca453d12a2bb6c656832a000d7634555fa9d1da
SSDEEP

393216:Jxk4Sr5gE761Es5GdcsEewM/1QYNhECBmel3Hhz58pf9bmt16UjGv7J3kvdbT:k4Ygg6NYdctet9V7E9eJhd8p1b6jAO

Score

7^/10

vmprotect pyinstaller

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Sample/Sample/wps安装@3164.exe	vmprotect

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/Sample/Sample/投诉某某产品经理不正当行为（证据见附件详情）.pdf.exe	pyinstaller

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Sample/Sample/44a6bfbe74ebb6955080974ce84771dfbb353989fcb4109f691c9b33fca95cb9.exe
unpack001/Sample/Sample/Cert.exe
unpack001/Sample/Sample/wps安装@3164.exe
unpack001/Sample/Sample/投诉某某产品经理不正当行为（证据见附件详情）.pdf.exe

Files

Sample.rar
.rar
Sample/Sample/44a6bfbe74ebb6955080974ce84771dfbb353989fcb4109f691c9b33fca95cb9.exe
.exe windows x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 621KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 684KB - Virtual size: 683KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sample/Sample/Cert.exe
.exe windows x64

4e53160a12270531910b87162a608761

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

ChoosePixelFormat
CreateBitmap
CreateDCW
CreateDIBSection
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
GetDeviceCaps
GetDeviceGammaRamp
SetDeviceGammaRamp
SetPixelFormat
SwapBuffers

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetThreadExecutionState
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_errno
_exit
_fmode
_initterm
_onexit
_snwprintf
_vsnprintf
abort
calloc
exit
fprintf
free
fwprintf
fwrite
malloc
memcpy
memmove
memset
qsort
raise
realloc
signal
sprintf
sscanf
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strspn
strstr
strtok
strtol
strtoul
vfprintf
wcscmp
wcscpy

opengl32

wglGetProcAddress

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint

user32

AdjustWindowRectEx
BringWindowToTop
ChangeDisplaySettingsExW
ClientToScreen
ClipCursor
CloseClipboard
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsExW
EnumDisplaySettingsW
FlashWindow
GetActiveWindow
GetClassLongPtrW
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyState
GetLayeredWindowAttributes
GetMessageTime
GetMonitorInfoW
GetPropW
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetWindowLongW
GetWindowPlacement
GetWindowRect
IsIconic
IsWindowVisible
IsZoomed
LoadCursorW
LoadImageW
MapVirtualKeyW
MessageBoxW
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PtInRect
RegisterClassExW
RegisterDeviceNotificationW
RegisterRawInputDevices
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetPropW
SetRect
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
ToUnicode
TrackMouseEvent
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
WaitMessage
WindowFromPoint

Exports

Exports

_cgo_dummy_export
glowDebugCallback_glcore32
goCharCB
goCharModsCB
goCursorEnterCB
goCursorPosCB
goDropCB
goErrorCB
goFramebufferSizeCB
goJoystickCB
goKeyCB
goMonitorCB
goMouseButtonCB
goScrollCB
goWindowCloseCB
goWindowContentScaleCB
goWindowFocusCB
goWindowIconifyCB
goWindowMaximizeCB
goWindowPosCB
goWindowRefreshCB
goWindowSizeCB

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 398KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 605B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/106
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sample/Sample/wps安装@3164.exe
.exe windows x64

f752eaa70063307669b7ee7152a70508

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryPerformanceCounter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

crypt32

CertCloseStore

bcrypt

BCryptGenRandom

ws2_32

getsockname

ntdll

NtDeviceIoControlFile

secur32

ApplyControlToken

advapi32

RegCloseKey

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sample/Sample/【移动云】个人实名认证失败身份证材料信息.exe
.exe windows x64

2af26869e0a6e54dc76fa23422640c07

Code Sign

33:00:59:f8:b6:da:86:89:70:6f:fa:1b:d9:00:00:00:59:f8:b6
Certificate

Issuer

CN=Microsoft Azure TLS Issuing CA 06,O=Microsoft Corporation,C=US

Not Before

04/10/2022, 23:23

Not After

29/09/2023, 23:23

Subject

CN=www.microsoft.com,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:23:d5:ed:96:60:df:49:10:22:88:18:56:32:b0:7b:70:11:b7:10:22:7f:95:07:89:be:34:b4:da:a4:a8:32
Signer

Actual PE Digest

41:23:d5:ed:96:60:df:49:10:22:88:18:56:32:b0:7b:70:11:b7:10:22:7f:95:07:89:be:34:b4:da:a4:a8:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindClose
ReadFile
WriteFile
VirtualProtect
HeapAlloc
GetProcessHeap
WriteConsoleW
CloseHandle
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetProcAddress
CreateFileW
HeapSize
SetStdHandle
SetEnvironmentVariableW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
IsValidCodePage
GetACP
GetOEMCP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindFirstFileExW
FindNextFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind

advapi32

CryptDestroyHash
CryptDestroyKey
CryptAcquireContextA
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptReleaseContext

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ldata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sample/Sample/投诉举报材料.exe
.exe windows x86

66cfea88e1093ac34f58bcddc05a36e3

Code Sign

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:fa:fe:5e:7b:76:00:e8:42:86:00:00:00:00:00:fa
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:98:d1:07:77:27:8e:31:e6:5b:af:df:de:b7:53:50:35:6e:b8:59:01:e0:8d:f7:ea:9b:11:45:db:a6:9b:f5
Signer

Actual PE Digest

d7:98:d1:07:77:27:8e:31:e6:5b:af:df:de:b7:53:50:35:6e:b8:59:01:e0:8d:f7:ea:9b:11:45:db:a6:9b:f5

Digest Algorithm

sha256

PE Digest Matches

false

29:2a:8e:6a:2d:12:d7:26:f0:63:e5:b9:e6:64:5e:d2:7b:93:5c:42
Signer

Actual PE Digest

29:2a:8e:6a:2d:12:d7:26:f0:63:e5:b9:e6:64:5e:d2:7b:93:5c:42

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidLocale
WriteConsoleW
LCMapStringW
SetEnvironmentVariableA
CompareStringW
GetStringTypeW
IsValidCodePage
GetLocaleInfoW
SetConsoleCtrlHandler
FatalAppExitA
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
LoadLibraryA
CreateThread
ExitThread
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
ExitProcess
RtlUnwind
GetStartupInfoW
EnumSystemLocalesA
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
DecodePointer
EncodePointer
LocalLock
LocalUnlock
FindResourceExW
GetDiskFreeSpaceA
ReplaceFileA
GetUserDefaultLCID
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetWindowsDirectoryA
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetFileAttributesA
GetFileAttributesExA
GetTempPathA
GetTempFileNameA
SetErrorMode
GetOEMCP
GetCPInfo
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
GetConsoleMode
GetConsoleCP
HeapSetInformation
GetTimeZoneInformation
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
CreateFileA
lstrcmpiA
GetStringTypeExA
SystemTimeToFileTime
FileTimeToSystemTime
GetAtomNameA
GetACP
GetThreadLocale
DeleteFileA
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
lstrcpyA
GetSystemDirectoryW
GetCurrentDirectoryA
GlobalGetAtomNameA
GlobalFindAtomA
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
GetCurrentProcessId
GlobalUnlock
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
lstrlenA
FindResourceA
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
MultiByteToWideChar
CompareStringA
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleW
FreeLibrary
InterlockedExchange
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetCommandLineA
GetEnvironmentVariableA
FlsAlloc
Sleep
GetProcAddress
CreateFileW

user32

GetKeyNameTextA
PostThreadMessageA
CharUpperBuffA
CopyIcon
FrameRect
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetIconInfo
HideCaret
InvertRect
RegisterClipboardFormatA
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongA
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
LoadImageA
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
CopyImage
UnregisterClassA
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
CharUpperA
IsZoomed
GetAsyncKeyState
NotifyWinEvent
SetWindowRgn
LoadMenuW
GetDialogBaseUnits
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
CharNextA
KillTimer
RealChildWindowFromPoint
GetSysColorBrush
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
LoadCursorA
LoadCursorW
WindowFromPoint
SetCapture
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
DefFrameProcA
CheckRadioButton
CheckDlgButton
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
CopyRect
GetClassNameA
InvalidateRect
UpdateWindow
DrawStateA
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
UnhookWindowsHookEx
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
InSendMessage
GetTabbedTextExtentA
GetTabbedTextExtentW
GetWindowRgn
WindowFromDC
GetDCEx
EnumChildWindows
DestroyCursor
SubtractRect
MapVirtualKeyExA
GetCursorPos
CallNextHookEx
GetFocus
GetWindowRect
PtInRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
IsCharLowerA
GetDoubleClickTime
GetUpdateRect
SendNotifyMessageA
IsClipboardFormatAvailable
GetDlgItemInt
CreateMenu
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowThreadProcessId
GetLastActivePopup
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageA
EnableWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageA
AppendMenuA
GetSystemMenu
MessageBoxA
LoadIconW
SetTimer

gdi32

CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreateRoundRectRgn
CreateDIBSection
GetCharWidthA
CreateFontA
StretchDIBits
GetCurrentObject
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
GetDIBits
StretchBlt
CreateDIBitmap
CreateFontIndirectA
RoundRect
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
SetPixelV
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetPixel
GetTextExtentPoint32A
SelectObject
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
ScaleViewportExtEx
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
Rectangle
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectA
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetLayout
GetLayout
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
SetWindowOrgEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
GetJobA
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueA
RegEnumKeyA
RegQueryValueA
GetFileSecurityA
SetFileSecurityA
RegCloseKey
RegOpenKeyExW
RegEnumValueA

shell32

DragQueryFileA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHAddToRecentDocs
ShellExecuteExA
SHAppBarMessage
ShellExecuteA
SHGetDesktopFolder
DragFinish
SHGetFileInfoA
ExtractIconA

comctl32

InitCommonControlsEx
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

ole32

OleSetMenuDescriptor
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
StgCreateDocfile
CoInitializeEx
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
CoDisconnectObject
CoRegisterClassObject
PropVariantCopy
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoUninitialize
CoInitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
GetRunningObjectTable
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleSetContainedObject
GetHGlobalFromILockBytes
OleLoad
OleCreate
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSaveToStream
WriteClassStm
StringFromGUID2
OleSave
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
RegisterDragDrop
OleGetClipboard
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
CoRevokeClassObject

oleaut32

SysFreeString
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SafeArrayRedim

oledlg

ord8

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sample/Sample/投诉某某产品经理不正当行为（证据见附件详情）.pdf.exe
.exe windows x64

7320b3cae0f7c7e579e85728a091f04b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
FlushFileBuffers
GetCurrentDirectoryW
GetCPInfo
GetEnvironmentStringsW
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
FreeEnvironmentStringsW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
CloseHandle
GetCurrentProcess
LoadLibraryA
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 621KB - Virtual size: 620KB

.rdata Size: 684KB - Virtual size: 683KB

.data Size: 113KB - Virtual size: 473KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

.symtab Size: 512B - Virtual size: 4B

4e53160a12270531910b87162a608761

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

msvcrt

opengl32

shell32

user32

Exports

Exports

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.data Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 5.0MB - Virtual size: 5.0MB

.pdata Size: 22KB - Virtual size: 22KB

.xdata Size: 13KB - Virtual size: 12KB

.bss Size: - Virtual size: 398KB

.edata Size: 1024B - Virtual size: 605B

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 41KB - Virtual size: 41KB

.reloc Size: 103KB - Virtual size: 102KB

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 5.3MB - Virtual size: 5.3MB

/31 Size: 16KB - Virtual size: 15KB

/45 Size: 1.7MB - Virtual size: 1.7MB

/57 Size: 546KB - Virtual size: 546KB

/70 Size: 16KB - Virtual size: 16KB

/81 Size: 5.9MB - Virtual size: 5.9MB

/92 Size: 1.5MB - Virtual size: 1.5MB

/106 Size: 512B - Virtual size: 45B

f752eaa70063307669b7ee7152a70508

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

bcrypt

ws2_32

ntdll

secur32

advapi32

user32

Sections

.text Size: - Virtual size: 1.3MB

.rdata Size: 596KB - Virtual size: 595KB

.data Size: - Virtual size: 7KB

.pdata Size: - Virtual size: 23KB

_RDATA Size: - Virtual size: 244B

.vmp0 Size: - Virtual size: 979KB

.vmp1 Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 9KB - Virtual size: 9KB

2af26869e0a6e54dc76fa23422640c07

Code Sign

33:00:59:f8:b6:da:86:89:70:6f:fa:1b:d9:00:00:00:59:f8:b6Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

.text
Size: 621KB - Virtual size: 620KB

.rdata
Size: 684KB - Virtual size: 683KB

.data
Size: 113KB - Virtual size: 473KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB

.symtab
Size: 512B - Virtual size: 4B

.text
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 5.0MB - Virtual size: 5.0MB

.pdata
Size: 22KB - Virtual size: 22KB

.xdata
Size: 13KB - Virtual size: 12KB

.bss
Size: - Virtual size: 398KB

.edata
Size: 1024B - Virtual size: 605B

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 41KB - Virtual size: 41KB

.reloc
Size: 103KB - Virtual size: 102KB

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 5.3MB - Virtual size: 5.3MB

/31
Size: 16KB - Virtual size: 15KB

/45
Size: 1.7MB - Virtual size: 1.7MB

/57
Size: 546KB - Virtual size: 546KB

/70
Size: 16KB - Virtual size: 16KB

/81
Size: 5.9MB - Virtual size: 5.9MB

/92
Size: 1.5MB - Virtual size: 1.5MB

/106
Size: 512B - Virtual size: 45B

.text
Size: - Virtual size: 1.3MB

.rdata
Size: 596KB - Virtual size: 595KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 23KB

_RDATA
Size: - Virtual size: 244B

.vmp0
Size: - Virtual size: 979KB

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 9KB - Virtual size: 9KB

33:00:59:f8:b6:da:86:89:70:6f:fa:1b:d9:00:00:00:59:f8:b6
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

41:23:d5:ed:96:60:df:49:10:22:88:18:56:32:b0:7b:70:11:b7:10:22:7f:95:07:89:be:34:b4:da:a4:a8:32
Signer

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 9KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 256B

.ldata
Size: 512B - Virtual size: 4B

.sdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 163KB - Virtual size: 163KB

.reloc
Size: 3KB - Virtual size: 3KB

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

33:00:00:00:fa:fe:5e:7b:76:00:e8:42:86:00:00:00:00:00:fa
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

d7:98:d1:07:77:27:8e:31:e6:5b:af:df:de:b7:53:50:35:6e:b8:59:01:e0:8d:f7:ea:9b:11:45:db:a6:9b:f5
Signer

29:2a:8e:6a:2d:12:d7:26:f0:63:e5:b9:e6:64:5e:d2:7b:93:5c:42
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 479KB - Virtual size: 478KB

.data
Size: 34KB - Virtual size: 63KB

.rsrc
Size: 228KB - Virtual size: 228KB

.reloc
Size: 168KB - Virtual size: 168KB