各科成绩说明[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

各科成绩说明.zip
Size

280KB
MD5

9ff60080aedfc092a58b21982c42c7bb
SHA1

eb186dfe57a3e679ac5a2dbd02f5879758ed4407
SHA256

6db794a92ed499adf63f83a2ba57eda0af4a93f0f14ba80f62207de9c353ba7e
SHA512

1af73d224356b45a6eaf102506761a4f00e0ffe3fa192220ffde6e3db11042a27f1de74072ada6fdbfc00f94518f5b33c4f5fdcb82d8ffea9aa9e3747ea2c0a6
SSDEEP

6144:lpEcKn8DIuSF/QawpJaPWk8LYL/DCctZs32l5nCDKtneYJ:bEcKnuIu05LuF8/BsGlRCutzJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ƴɼ˵/mpsvc.dll

Files

各科成绩说明.zip
.zip
Ƴɼ˵/mpsvc.dll
.dll windows x64

3f4403e89d79751af1598faa11e4e8a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateProcessA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryA
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter

user32

EnumDisplayMonitors

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list
memcpy
memmove
memset

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
exit

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

Exports

Exports

ServiceCrtMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 257KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voltbl
Size: 512B - Virtual size: 14B

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ƴɼ˵/ʦѧѧ-ͮ-Ƴɼ˵.doc.exe
.exe windows x64

121f8912a67e9da4738bae806109e4ca

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:10:0c:4d:8e:17:fe:30:96:7f:00:00:00:00:00:10
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/03/2013, 20:37

Not After

13/06/2014, 20:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:ae:ca:fa:5d:47:c8:cc:5e:15:1d:37:fa:36:9d:74:c0:91:0a:22:3e:1c:9c:b2:4a:ae:66:e6:82:dc:09:3d
Signer

Actual PE Digest

11:ae:ca:fa:5d:47:c8:cc:5e:15:1d:37:fa:36:9d:74:c0:91:0a:22:3e:1c:9c:b2:4a:ae:66:e6:82:dc:09:3d

Digest Algorithm

sha256

PE Digest Matches

true

f4:1f:0f:f2:06:61:7e:51:17:33:7b:30:1f:63:02:1f:ae:32:b1:c1
Signer

Actual PE Digest

f4:1f:0f:f2:06:61:7e:51:17:33:7b:30:1f:63:02:1f:ae:32:b1:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

mpsvc

ServiceCrtMain

Sections

.text
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f4403e89d79751af1598faa11e4e8a6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 257KB - Virtual size: 258KB

.pdata Size: 1024B - Virtual size: 912B

.00cfg Size: 512B - Virtual size: 40B

.voltbl Size: 512B - Virtual size: 14B

.rsrc Size: 512B - Virtual size: 232B

.reloc Size: 512B - Virtual size: 116B

121f8912a67e9da4738bae806109e4ca

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate

Extended Key Usages

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:10:0c:4d:8e:17:fe:30:96:7f:00:00:00:00:00:10Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

11:ae:ca:fa:5d:47:c8:cc:5e:15:1d:37:fa:36:9d:74:c0:91:0a:22:3e:1c:9c:b2:4a:ae:66:e6:82:dc:09:3dSigner

f4:1f:0f:f2:06:61:7e:51:17:33:7b:30:1f:63:02:1f:ae:32:b1:c1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mpsvc

Sections

.text Size: 1024B - Virtual size: 992B

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 36B

.idata Size: 1024B - Virtual size: 652B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 88B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 257KB - Virtual size: 258KB

.pdata
Size: 1024B - Virtual size: 912B

.00cfg
Size: 512B - Virtual size: 40B

.voltbl
Size: 512B - Virtual size: 14B

.rsrc
Size: 512B - Virtual size: 232B

.reloc
Size: 512B - Virtual size: 116B

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:10:0c:4d:8e:17:fe:30:96:7f:00:00:00:00:00:10
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

11:ae:ca:fa:5d:47:c8:cc:5e:15:1d:37:fa:36:9d:74:c0:91:0a:22:3e:1c:9c:b2:4a:ae:66:e6:82:dc:09:3d
Signer

f4:1f:0f:f2:06:61:7e:51:17:33:7b:30:1f:63:02:1f:ae:32:b1:c1
Signer

.text
Size: 1024B - Virtual size: 992B

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 36B

.idata
Size: 1024B - Virtual size: 652B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 88B