新建文件夹[.]7z

Resubmissions

30/06/2023, 07:22

230630-h7cexahd3s 7

30/06/2023, 07:01

230630-htgsgahc6s 7

Sharing

Copy URL Twitter E-mail

General

Target

新建文件夹.7z
Size

882KB
MD5

e06e026e959e78e29f78e5f09d811eb5
SHA1

1a0649289c56436297c9a4807441ab93a028b56e
SHA256

681f79129739b9c5d94a8a165363fd4de9f4843946d05c9fa68b427071c79a7d
SHA512

ff1879810ebae346c8fa802ac70cb7bf280ec4ab8470ffb16c53f8f8075ca3d60547a3bc829138f1aabe38c5a531fc2bcbf7aac2b223ac4190a21bdec7285796
SSDEEP

24576:28UlNbLUKDSe/CNXddc93dH50VQC3DwnSFhkjJ4bI:8pJ2e/mT8dH2dB3lk

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/新建文件夹/新建文件夹/hodll.dll	vmprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/新建文件夹/4354f07c674a42dca5f0b7683cee22396e5ce4f619c45b7e4d8440db5d8dcbe4.exe
unpack001/新建文件夹/新建文件夹 (2)/BEIL.exe
unpack001/新建文件夹/新建文件夹/hodll.dll

Files

新建文件夹.7z
.7z

Password: infected
新建文件夹/4354f07c674a42dca5f0b7683cee22396e5ce4f619c45b7e4d8440db5d8dcbe4.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 662KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新建文件夹/新建文件夹 (2)/BEIL.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新建文件夹/新建文件夹/akwhxy.exe
.exe windows x86

60d3ee01dc799c8cae485f40c029636f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:56:de:cd:d5:a7:97:51:38:45:ef:61:ba:ee:10:de
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/01/2020, 00:00

Not After

15/01/2021, 12:00

Subject

CN=Beijing Watchsmart Technologies Co.\,Ltd,OU=It dept,O=Beijing Watchsmart Technologies Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:18:df:3a:9d:69:98:5b:e5:28:22:b0:24:ee:bc:c4
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/01/2020, 00:00

Not After

15/01/2021, 12:00

Subject

CN=Beijing Watchsmart Technologies Co.\,Ltd,OU=IT dept,O=Beijing Watchsmart Technologies Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:1b:94:8b:eb:90:fd:b8:f9:00:1f:da:33:bc:ba:55:2c:01:ac:bb:71:25:d8:80:b8:59:5c:a9:e7:d7:75:d5
Signer

Actual PE Digest

e7:1b:94:8b:eb:90:fd:b8:f9:00:1f:da:33:bc:ba:55:2c:01:ac:bb:71:25:d8:80:b8:59:5c:a9:e7:d7:75:d5

Digest Algorithm

sha256

PE Digest Matches

true

51:98:84:56:3e:36:ac:8e:8a:09:d7:50:29:f9:8a:b9:ec:0f:11:b5
Signer

Actual PE Digest

51:98:84:56:3e:36:ac:8e:8a:09:d7:50:29:f9:8a:b9:ec:0f:11:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winscard

SCardListReadersA
SCardFreeMemory

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
strstr
malloc
fopen
fclose
free
_setmbcp
_strupr
strrchr
sprintf
??3@YAXPAX@Z
__CxxFrameHandler

mfc42

ord6052
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord2514
ord1200
ord1168
ord2621
ord1134
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord1576
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord4224
ord6215
ord800
ord4160
ord540
ord2863
ord1768
ord2864
ord2379
ord6453

kernel32

WaitForSingleObject
GetStartupInfoA
lstrlenA
CreateThread
SetThreadPriority
ResumeThread
GetProcAddress
WaitForMultipleObjects
CreateMutexA
GetLastError
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
Sleep
FreeLibrary
LoadLibraryA

user32

AppendMenuA
SendMessageA
EnableWindow
LoadIconA
GetSystemMenu
GetDesktopWindow

advapi32

RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新建文件夹/新建文件夹/hodll.dll
.dll windows x86

245fd3d47c88c9059168a6f6b837583b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleOutputCP
WriteConsoleW
CreateFileA
ReadFile
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleW
GlobalDeleteAtom
GlobalAlloc
lstrcmpW
GlobalLock
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
SetThreadPriority
ResumeThread
SuspendThread
CreateEventW
GlobalAddAtomW
FreeResource
GlobalFree
GlobalUnlock
GlobalFindAtomW
MulDiv
LockFile
WriteConsoleA
GetFileSize
DuplicateHandle
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
LocalFree
FormatMessageW
WritePrivateProfileStringW
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
lstrlenA
GetFileAttributesW
GetFileTime
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InterlockedExchange
InitializeCriticalSection
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetDateFormatA
GetTimeFormatA
HeapSize
FlushFileBuffers
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
CloseHandle
GetTimeZoneInformation
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
GetModuleHandleA
HeapCreate
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetVersionExA
ExitThread
VirtualQuery
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
FindClose
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetFileAttributesA
RaiseException
RtlUnwind
HeapReAlloc
GetLastError
LoadResource
LockResource
SizeofResource
FindResourceW
SetEvent
ResetEvent
ExitProcess
CreateThread
CreateProcessW
WaitForSingleObject
GetShortPathNameW
CreateDirectoryW
Sleep
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
lstrlenW
GetThreadLocale
HeapFree
IsBadReadPtr
VirtualProtect
SetLastError
GetSystemInfo
GetProcessHeap
HeapAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualFree
UnlockFile
VirtualAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DestroyMenu
RegisterClipboardFormatW
PostThreadMessageW
GetSysColorBrush
ReleaseCapture
LoadCursorW
SetCapture
CharUpperW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
ReleaseDC
GetDC
CopyRect
SetTimer
KillTimer
WaitMessage
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
RemovePropW
CharNextW
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageW
GetWindowLongW
SetWindowLongW
EnableWindow
LoadIconW
UnregisterClassA

gdi32

ExtSelectClipRgn
DeleteDC
TextOutW
GetStockObject
GetDeviceCaps
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateBitmap
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
OleIsCurrentClipboard
CLSIDFromProgID
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CLSIDFromString

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocStringLen

ws2_32

ntohs
inet_ntoa
WSAStartup
WSACleanup
gethostbyname
closesocket
htonl
htons
inet_addr
accept
socket
select
bind
WSAGetLastError
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
send
recv

Exports

Exports

?KeyboardProc_EAL@@YGJHIJ@Z
AuxAddFirFoxRootCert
AuxCheckPINValid
AuxDebugTrace
AuxDebugTraceEx
AuxEnablePrivilege
AuxGetConfDword
AuxGetConfString
AuxGetIEProp
AuxGetTempCertDIR
AuxGetTempCertDIRForDaemon
AuxGetWatchSafeDllDIR
AuxIsCertInIEStore
AuxIsProcessRunning
AuxIsUsersPri
AuxIsWDCCID
AuxIsWDDev
AuxIsWDHID
AuxIsWDUDK
AuxIsWDUNICCID
AuxIsWin2K
AuxIsWin2K3
AuxIsWin7
AuxIsWin98
AuxIsWinVista
AuxIsWinXP
AuxKillProcess
AuxRegCACert
AuxRegDevMsg
AuxRegTrustSite
AuxRegUserCert
AuxSetConfFilePath
AuxSignFile
AuxStartApp
AuxStartKeyMutex
AuxStopKeyMutex
AuxSystemOSCheck
AuxTransSKBStyle
AuxUnRegUserCert
AuxVerifyFile
AuxWriteLog
AuxWriteLogHex
GUgd
KeyboardProc
PWD_ChangeUserPIN
PWD_CheckNewPIN
PWD_CheckNewPINRule
PWD_CheckNewPINStrength
PWD_ClearAllPINAndKey
PWD_ClearStoreAndKey
PWD_GetString
PWD_PreparePINOperation
PWD_SetCurPwdType
PWD_SetUserPIN
PWD_VerifyDefaultUserPIN
PWD_VerifyUserPIN
SKBCreate
SKBDestroy
SKBSetEncMode
SKBSetOutEditData
SKBSetOutEditWnd
SKBShow
installhook
installhook_EAL
unhook
�ʧ.<�5�<څvpoa�0��Fd��:.Z��e��`�錶<�*��=: `��Z�@�FNT;��x��OGE��6�FŁw�CH_E�R.��1��4W�*��S�� {t�$9�e��x}@�gR��q4l.jq�2e��Z*�ݎ�n��\ ,�_�t��3��S©��D'Y�k�A��i�}�6�$Y��_�w9��Y�I~�N�3 �"�B��^a�y�}'S�%�Ԛa��GF�f�[T��N׮�j��,��T"��1��t��F�dI{�r�V>�{�]��x ��M��'�BC��6u�<�ќ��i��=!�[��a"��z{sA'��=p8�s'�Q^H��O��(W��Bw5��E��d?Wٓ��T�V�lw� mrˎ�=��hL�4>�GV��%{�C�?�~��p��=�!��4� ��{Z��gTu[qI�7~�T��L�iy��4��e4��i��zXߕ��B;0��Lx��燽$dD�?��b�z�eU��a�[Z�U)f��z!w�c�^�}��)� L$��Ă�UOf�)\��E�3��:n'[�ne�-^��(��Mx ��%qʾ;+z~�+P�A�V��~a�y�]��>�Ǌا�,��,�k�ܽ|Hb��@��ā��$�pG&��K��L��M�uY�]�+��0ONy��#�R�� [&B�3��M��L�� M�3��M��m}��.�t��ؾ�L��xl�r�n��ñ�-�2$\�^��l��եa1��r�r�Q��kPP�+�}��(�4�\��Čvd��7�`��r��4-�\�5�r��GF@��q� Z�r8�<�y`kƪ'54��*�m\��F�KᛲE"�'".��dv[�=�G��E��Mt�*�t@*�p�s��{��mAE��BC�Tc8��Ta:->,ejF��u�MJn*��)��(0J<�\�5C�o�:� ��sH2��pJ�&��C˷�X~��ܦz��e��C��ry �5Ɨ5�D+v��!v|��b��T:?�Z�͝��&Y�=;6ʅ��UM| Nla)f@ۣ��K�u�"�np�۵��ۤL��!e[9�+��L�7W�s�9�pF�}�M�0h��n��Ӱ��]u��{'��ʚ)v ��C�#��)�c��U�$X�9��ēb��4Y-�3�^i��V��DwinO�o��3+�1��4oW��>a��hU��I�e��^�S��+`��^j֘�oδ��n��=�W(�kߜj5�l��>�訧A\-U.1�k�2<7|�b��g �A�豉��@z|��h�P��hTl��* ��E��Ȋ�2�r��{��.��0rl�� 0�{��xּ�ѯT��7o��rz�p�d��<t�#V��k�_�o:t�&*鑠\��Y�a�X��c��<�~8A7�3{?�_�(��慲7z��qtn��PfC��0ק��^�L6��m�N-��z󗰦p]�bW�T')jH��2T��v��釤�&�K:��j��q��l�L��l��U0+��@f��E�Ŀ,��&$_2mv��v�vfe�=o�{��ӻ٪s:�z�ZQT��C %�\�%�-��ߟ=mǜ?��)��_�@@vცۑU��'�C�4 �m%kB^H~��m�k��+��&B>�<Nȍ ~u��X�ĳ\��p�+��(^]*��La#�Y�2�Jf\�:/no�} ��Zn$�ea5�J1�CH��!p��Y��^8ڕ_��w��eN#V�#U��5��7�۳�8�۹+Z](�d1��%Ϛh��# ��0�?�V�� Rn��6��W��9��|5HA�ޠ��䣫��.p��i� Xk�`;xO��~�9xIڍ��6�zp��֙�� p�X�r�]-<��c��۟H:¢��b*DC�_�4<��ڨ��kB��5�.ǘ�X}�"��˒��L�&g<d��q "��k��v&{T��,��Ų_jX��L��f��ij��[L"��T�8�;�ȲY�,'p\�)0�S,2�~2��,3<y��8��>��m�my�I��Դslٚ��F��ٖ[�)�\�_ԫ��)�j��y�`5�:��s�g�f��O��Tt��9�#��[�D�y��͟�1�p�%c)�+�0��]��MZ`�.�?��)�V�+��]C��[4��.�c��u\�J�h��Y�&2PX�)�0��5��0��Ú�R��_��,��\;��.�et��08쀏�EL�/6`2�i� j��)�EQz�6s�A�;3,�1�Yv[ �c�$��HU��_��̵�\NLPٲkK Q�|�Q�±I��1.��\4~�.��6"dݥ��MH�B��qIo�P\6��>��U�P�(��3(�B'��##�h5��kO�z�+��t-TM��<�[��2� �Ħ�W��7��Z�Ջ��Ͽ:a�E�D��.��D��sF�t۵/PaR�s1N��Z�B�j�QN�Z'yl��I�x8�\�� QV��5 ##�V��1 I��*�>w |�a[E|�C�'^��%��ߠ��G�3��jsVn ��`|D�#�{K��j�YA-��}�̾C��3i�"d��%B�Ɯ�tXr5�z�m1��8JkƵa+�%��v�L*G��=9t�عOirK��.��ic�M�N�`�¼��h5��%�;>�k��R��5L'Q ��"�a�酿8�ݣ~��x�[&a�g��_��PL�O`+��w�v��]Pc��L�X�K�?�1�F�x�`��ֹ� n�,|�#�f�fc��l�G6s��5��\�)�!��,�a�,>�oh��{�G

Sections

.text
Size: - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新建文件夹/新建文件夹/info.txt
新建文件夹/新建文件夹/out.gin

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

CODE Size: 662KB - Virtual size: 661KB

DATA Size: 33KB - Virtual size: 33KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 34KB - Virtual size: 33KB

.rsrc Size: 30KB - Virtual size: 30KB

Headers

File Characteristics

Sections

CODE Size: 305KB - Virtual size: 305KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 7KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 21KB - Virtual size: 21KB

.rsrc Size: 24KB - Virtual size: 24KB

60d3ee01dc799c8cae485f40c029636f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

0a:56:de:cd:d5:a7:97:51:38:45:ef:61:ba:ee:10:deCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:18:df:3a:9d:69:98:5b:e5:28:22:b0:24:ee:bc:c4Certificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

e7:1b:94:8b:eb:90:fd:b8:f9:00:1f:da:33:bc:ba:55:2c:01:ac:bb:71:25:d8:80:b8:59:5c:a9:e7:d7:75:d5Signer

51:98:84:56:3e:36:ac:8e:8a:09:d7:50:29:f9:8a:b9:ec:0f:11:b5Signer

Headers

File Characteristics

Imports

winscard

msvcrt

mfc42

kernel32

user32

advapi32

shell32

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 2KB

245fd3d47c88c9059168a6f6b837583b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

CODE
Size: 662KB - Virtual size: 661KB

DATA
Size: 33KB - Virtual size: 33KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 30KB - Virtual size: 30KB

CODE
Size: 305KB - Virtual size: 305KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 24KB - Virtual size: 24KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

0a:56:de:cd:d5:a7:97:51:38:45:ef:61:ba:ee:10:de
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:18:df:3a:9d:69:98:5b:e5:28:22:b0:24:ee:bc:c4
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

e7:1b:94:8b:eb:90:fd:b8:f9:00:1f:da:33:bc:ba:55:2c:01:ac:bb:71:25:d8:80:b8:59:5c:a9:e7:d7:75:d5
Signer

51:98:84:56:3e:36:ac:8e:8a:09:d7:50:29:f9:8a:b9:ec:0f:11:b5
Signer

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: - Virtual size: 322KB

.rdata
Size: - Virtual size: 74KB

.data
Size: - Virtual size: 28KB

.vmp0
Size: - Virtual size: 10KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 300KB - Virtual size: 298KB

.reloc
Size: 4KB - Virtual size: 300B

.rsrc
Size: 28KB - Virtual size: 34KB