wps[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

wps.zip
Size

990KB
MD5

0badbc9178d9bf0780cce05a5a065bd2
SHA1

cf3e670b7b7076d269172427884fb3a1d787e36b
SHA256

d1e6b5d82de1fceda6782380780bfa368dca672a2a94d023f556976ac99baca2
SHA512

3523f00bd91ca15f7746a884fc1248df06f2b31e5f6f3c80a5239f6424fe04e19c7810999d27d4fa68d45eadd767a3882da14dffd66cbf70665c87a5bf61e873
SSDEEP

24576:nWo9E/hvEaui1XuCzWLyRkj1x/HHa+WthnRmKp:lmpWUuCaWRYHEfnRf

Score

1^/10

Malware Config

Signatures

Files

wps.zip
.zip

Password: 123
wps_ioc_file/C__Program Files_Office_OfficeAddin64.dll
.dll regsvr32 windows x64

Password: 123

29bb7a1e526fe002bc90b3a1f8d8b91f

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:20:59:af:2d:46:31:54:43:0d:49:2a:56:aa:45:85
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/02/2022, 00:00

Not After

03/03/2023, 23:59

Subject

SERIALNUMBER=91110108MA01HJP36T,CN=Beijing Yundong Zhixiao Network Technology Co. \, Ltd.,OU=IT,O=Beijing Yundong Zhixiao Network Technology Co. \, Ltd.,ST=北京市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b5b7e6b780e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cb:fc:3e:d1:e9:03:53:18:90:b6:d3:0b:b8:4f:09:93:a0:4e:71:ee:e6:d3:10:eb:42:d0:f2:95:13:f6:6a:ef
Signer

Actual PE Digest

cb:fc:3e:d1:e9:03:53:18:90:b6:d3:0b:b8:4f:09:93:a0:4e:71:ee:e6:d3:10:eb:42:d0:f2:95:13:f6:6a:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
HeapSize
GetProcessHeap
Sleep
GetFileSize
WriteFile
ReadFile
SetEndOfFile
SetFilePointer
CloseHandle
CreateFileW
QueryPerformanceCounter
QueryPerformanceFrequency
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetCurrentProcess
GetExitCodeProcess
WaitForSingleObject
DeviceIoControl
GetTickCount
lstrlenW
GetModuleHandleA
GetEnvironmentVariableA
OutputDebugStringW
GetVolumeInformationA
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LockResource
GetSystemInfo
GlobalHandle
GlobalFree
IsBadWritePtr
GetModuleFileNameA
CreateProcessA
GetTempPathW
MoveFileW
MoveFileExW
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
RtlCaptureStackBackTrace
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
SetConsoleCtrlHandler
SetFilePointerEx
ReadConsoleW
GetConsoleMode
OutputDebugStringA
FlushFileBuffers
GetFileType
GetStdHandle
GetACP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapAlloc
GetDateFormatW
ExitProcess
GetFileAttributesExW
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwindEx
RtlPcToFileHeader
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetCurrentProcessId
GetStartupInfoW
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LocalFree
GetCPInfo
LoadLibraryExW
lstrcmpiW
lstrcmpW
MulDiv
SizeofResource
LoadResource
SetLastError
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
FindNextFileW
FindFirstFileW
DeleteFileW
FindClose
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
RtlUnwind
TryEnterCriticalSection
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
FormatMessageW
HeapReAlloc
HeapDestroy
GetTimeFormatW
FindResourceW
InitializeCriticalSection
TerminateThread
SetThreadLocale
GetThreadLocale
WideCharToMultiByte
MultiByteToWideChar
SetCurrentDirectoryW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcAddress
DecodePointer
GetConsoleCP
EncodePointer

user32

UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
CallWindowProcW
ShowWindow
MoveWindow
SetWindowPos
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
DefWindowProcW
SendMessageW
RegisterWindowMessageW
DestroyWindow
EnableWindow
CreateAcceleratorTableW
DestroyAcceleratorTable
UpdateWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
ClientToScreen
ScreenToClient
GetSysColor
FillRect
IntersectRect
UnionRect
CharNextW
OffsetRect
EqualRect
PtInRect
GetWindowLongW
SetWindowLongW
wsprintfA
MessageBoxA
MapDialogRect
SetWindowContextHelpId
GetActiveWindow
DialogBoxIndirectParamW
GetSystemMetrics
wsprintfW
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
MapWindowPoints
GetWindowRect
EndDialog
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExA
RegGetValueA
AllocateAndInitializeSid
FreeSid
GetUserNameA
CheckTokenMembership
RegQueryValueExW
RegDeleteKeyW

ole32

StgCreateDocfile
CoCreateGuid
StringFromCLSID
CreateStreamOnHGlobal
OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CoGetClassObject
StringFromGUID2
CoCreateInstance
OleCreate
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CLSIDFromProgID
OleLockRunning

shell32

ShellExecuteExW
ShellExecuteW

oleaut32

VariantChangeType
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
SysAllocString
OleCreatePictureIndirect
GetActiveObject
VarBstrCat
OleCreateFontIndirect
OleCreatePropertyFrame
LoadRegTypeLi
VarUI4FromStr
VariantClear
VariantInit
SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString

shlwapi

ord176
wnsprintfA
wnsprintfW
PathAddBackslashW

gdi32

GetObjectW
SetWindowOrgEx
LPtoDP
TextOutW
SetTextAlign
SetMapMode
SelectObject
SaveDC
RestoreDC
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateDCW
CreateCompatibleDC
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpSetOption
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpQueryHeaders

snmpapi

SnmpUtilOidCpy
SnmpUtilOidNCmp
SnmpUtilVarBindFree

gdiplus

GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
StartInstall

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 515KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wps_ioc_file/C__Users_周良_AppData_Local_Temp_installer64_1.1.0.3_OfficeAid.Installer.dll
.dll windows x64

Password: 123

ffef15f353deb79504a749686f741c89

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:16:53:d4:37:e4:aa:c7:f8:a9:2e:c1:3d:45:92:bc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/03/2023, 00:00

Not After

17/03/2024, 23:59

Subject

SERIALNUMBER=91110108MA01HJP36T,CN=Beijing Yundong Zhixiao Network Technology Co. \, Ltd.,OU=IT,O=Beijing Yundong Zhixiao Network Technology Co. \, Ltd.,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b5b7e6b780e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:14:64:d1:cf:b1:03:9b:74:66:b7:62:7b:43:10:10:ec:c1:b8:43:ee:6a:14:81:32:af:b6:0a:f8:a9:9d:67
Signer

Actual PE Digest

e3:14:64:d1:cf:b1:03:9b:74:66:b7:62:7b:43:10:10:ec:c1:b8:43:ee:6a:14:81:32:af:b6:0a:f8:a9:9d:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcurl

curl_easy_perform
curl_easy_getinfo
curl_easy_init
curl_version_info
curl_slist_append
curl_formfree
curl_easy_setopt
curl_easy_cleanup
curl_slist_free_all

kernel32

CreateMutexW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenMutexW
QueryPerformanceCounter
GetTempPathW
TerminateProcess
GetCurrentThreadId
WaitForSingleObjectEx
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
CloseHandle
GetFileAttributesW
CreateEventW
IsDebuggerPresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetPathFromIDListW
ShellExecuteExA
SHGetSpecialFolderLocation

ole32

StringFromCLSID
CoCreateGuid
CoTaskMemFree

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

iphlpapi

GetAdaptersInfo

vcruntime140

_CxxThrowException
memcmp
memcpy
memmove
_purecall
memset
__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy
__C_specific_handler
wcsrchr
__std_terminate
__CxxFrameHandler3
strchr
memchr

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
__stdio_common_vsnprintf_s
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

tolower
_wcsicmp
isalnum

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_wmkdir
_waccess

api-ms-win-crt-math-l1-1-0

modf
_dtest

api-ms-win-crt-locale-l1-1-0

localeconv

Exports

Exports

StartInstall

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wps_ioc_file/C__Users_周良_AppData_Local_Temp_installer64_1.1.0.3_installer32_UpdateOffice.exe
.exe windows x86

Password: 123

34e7268d03602bb2dfba0ea1b053c8a9

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:16:53:d4:37:e4:aa:c7:f8:a9:2e:c1:3d:45:92:bc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/03/2023, 00:00

Not After

17/03/2024, 23:59

Subject

SERIALNUMBER=91110108MA01HJP36T,CN=Beijing Yundong Zhixiao Network Technology Co. \, Ltd.,OU=IT,O=Beijing Yundong Zhixiao Network Technology Co. \, Ltd.,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b5b7e6b780e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:3d:92:61:a1:74:48:88:73:cd:72:6f:e2:69:12:fc:69:34:60:f5:e9:07:4b:7d:e9:f1:cb:35:72:db:ca:6b
Signer

Actual PE Digest

cb:3d:92:61:a1:74:48:88:73:cd:72:6f:e2:69:12:fc:69:34:60:f5:e9:07:4b:7d:e9:f1:cb:35:72:db:ca:6b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcurl

curl_easy_perform
curl_easy_getinfo
curl_easy_init
curl_version_info
curl_slist_append
curl_formfree
curl_easy_setopt
curl_easy_cleanup
curl_slist_free_all

kernel32

CloseHandle
OpenMutexW
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
Process32NextW
Process32FirstW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryA
FreeLibrary
ReadFile
SetFilePointer
CreateMutexW
LocalFileTimeToFileTime
GetCurrentProcessId
SystemTimeToFileTime
GetCommandLineW
lstrlenW
lstrcpynW
GetTempPathW
TerminateProcess
GetCurrentThreadId
CreateEventW
DeleteCriticalSection
SetEvent
ResetEvent
GetFileAttributesW
IsDebuggerPresent
QueryPerformanceCounter
GetModuleFileNameW
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
GetCurrentDirectoryW
UnhandledExceptionFilter
WaitForSingleObjectEx

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
CoCreateGuid
StringFromCLSID

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z

iphlpapi

GetAdaptersInfo

vcruntime140

__std_exception_copy
wcsstr
_purecall
strchr
_CxxThrowException
memcpy
memmove
memset
_except_handler4_common
__std_terminate
__std_exception_destroy
__CxxFrameHandler3
wcsrchr
_local_unwind4
memchr

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
calloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

exit
_initterm_e
_initterm
_get_initial_narrow_environment
_controlfp_s
__p___argv
_errno
_seh_filter_exe
_exit
_cexit
_invalid_parameter_noinfo
_c_exit
_crt_atexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_set_app_type
terminate
__p___argc
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

isalnum
tolower
_wcsicmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s
__stdio_common_vsnprintf_s
__stdio_common_vswscanf
_set_fmode
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__p__commode
__stdio_common_vswprintf
__stdio_common_vsscanf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wmkdir

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr
modf
_dtest

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

29bb7a1e526fe002bc90b3a1f8d8b91f

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:20:59:af:2d:46:31:54:43:0d:49:2a:56:aa:45:85Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

cb:fc:3e:d1:e9:03:53:18:90:b6:d3:0b:b8:4f:09:93:a0:4e:71:ee:e6:d3:10:eb:42:d0:f2:95:13:f6:6a:efSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

iphlpapi

winhttp

snmpapi

gdiplus

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 515KB - Virtual size: 514KB

.data Size: 34KB - Virtual size: 47KB

.pdata Size: 78KB - Virtual size: 77KB

.idata Size: 16KB - Virtual size: 16KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 17KB - Virtual size: 16KB

Password: 123

ffef15f353deb79504a749686f741c89

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:16:53:d4:37:e4:aa:c7:f8:a9:2e:c1:3d:45:92:bcCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e3:14:64:d1:cf:b1:03:9b:74:66:b7:62:7b:43:10:10:ec:c1:b8:43:ee:6a:14:81:32:af:b6:0a:f8:a9:9d:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

kernel32

advapi32

shell32

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:20:59:af:2d:46:31:54:43:0d:49:2a:56:aa:45:85
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

cb:fc:3e:d1:e9:03:53:18:90:b6:d3:0b:b8:4f:09:93:a0:4e:71:ee:e6:d3:10:eb:42:d0:f2:95:13:f6:6a:ef
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 515KB - Virtual size: 514KB

.data
Size: 34KB - Virtual size: 47KB

.pdata
Size: 78KB - Virtual size: 77KB

.idata
Size: 16KB - Virtual size: 16KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 17KB - Virtual size: 16KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:16:53:d4:37:e4:aa:c7:f8:a9:2e:c1:3d:45:92:bc
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e3:14:64:d1:cf:b1:03:9b:74:66:b7:62:7b:43:10:10:ec:c1:b8:43:ee:6a:14:81:32:af:b6:0a:f8:a9:9d:67
Signer

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 348B

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:16:53:d4:37:e4:aa:c7:f8:a9:2e:c1:3d:45:92:bc
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cb:3d:92:61:a1:74:48:88:73:cd:72:6f:e2:69:12:fc:69:34:60:f5:e9:07:4b:7d:e9:f1:cb:35:72:db:ca:6b
Signer

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB