定时关机助手[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

定时关机助手.exe
Size

1013KB
MD5

8d66d22b2066f46ff8d3ba9301c78896
SHA1

3173f994c43a5d281678546768ceb3754cc9718b
SHA256

aa69d7ae8051d2978e32cffe160b822c70885061823bd4a6bf7ee23cefa82dda
SHA512

69b75673698b25c91a8cf8866d917b62f650238bbbd540f0f82ffe6ed6d096cd211a24423805ebd3fd5ded22930a06e83121ec37f144c1363377a17eb4b84414
SSDEEP

24576:GcnDRRffqlN/KNzTPZyNLHtw5wenprTMybT6n:p9ZbwenxTMy3q

Score

1^/10

Malware Config

Signatures

Files

定时关机助手.exe
.exe windows x86

c9ed232bbab2ecdac58923cc35053508

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:55:24:27:b6:e2:d0:56:04:1d:7d:24:26:1f:73:5d:8d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/05/2012, 07:19

Not After

23/05/2013, 07:19

Subject

CN=温州市人家信息科技有限公司,O=温州市人家信息科技有限公司,L=Wenzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f2:c3:d6:a2:eb:f1:26:78:e9:f7:cb:ab:c0:62:68:bc:31:b2:4c:3a
Signer

Actual PE Digest

f2:c3:d6:a2:eb:f1:26:78:e9:f7:cb:ab:c0:62:68:bc:31:b2:4c:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpSendRequestW
InternetReadFileExA
HttpQueryInfoW
InternetCloseHandle
InternetCrackUrlW
InternetOpenW
InternetSetStatusCallbackW
InternetConnectW
HttpOpenRequestW

kernel32

GetModuleHandleW
WaitForSingleObject
SystemTimeToFileTime
FileTimeToSystemTime
GetUserDefaultLangID
GetModuleFileNameW
SetUnhandledExceptionFilter
CloseHandle
MoveFileW
CopyFileW
GetFileAttributesW
CreateFileW
CreateDirectoryW
GetTempPathW
GetCurrentDirectoryW
GetTempFileNameW
DeleteFileW
lstrlenW
SetLastError
ReadFile
WriteFile
InterlockedCompareExchange
GetNativeSystemInfo
InterlockedExchangeAdd
GetCurrentProcessId
GetTickCount
ReleaseMutex
CreateProcessW
CreateMutexW
SetFilePointer
OutputDebugStringA
GetModuleHandleA
GetSystemDirectoryW
GetWindowsDirectoryW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
RaiseException
CreateThread
GetCurrentThreadId
Sleep
IsDebuggerPresent
InterlockedExchange
GetQueuedCompletionStatus
SetProcessShutdownParameters
CreateIoCompletionPort
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
GetStdHandle
GetCurrentProcess
GetModuleHandleExA
GetSystemInfo
TerminateProcess
SetEndOfFile
FlushFileBuffers
GetCommandLineW
InterlockedIncrement
GetPrivateProfileStringW
LCMapStringW
LCMapStringA
RtlUnwind
VirtualQuery
VirtualAlloc
GetFileType
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStartupInfoW
ExitProcess
UnhandledExceptionFilter
SetHandleCount
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedDecrement
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualProtect
lstrcmpiW
GetFullPathNameW
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetModuleFileNameA
LoadLibraryA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessShutdownParameters
LocalFree
FormatMessageW
GetLocalTime
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetCPInfo
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryW
lstrcmpiA
GetVersionExW
CompareStringA
CompareStringW
GetStringTypeW
HeapCreate
VirtualFree
PostQueuedCompletionStatus
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA

user32

SetWindowRgn
CopyRect
SetFocus
GetFocus
SetRect
EnableWindow
MonitorFromWindow
ScreenToClient
GetDC
CallWindowProcW
InvalidateRect
SetWindowLongW
SetWindowPos
EqualRect
GetWindowRect
SetCapture
ReleaseCapture
GetClientRect
SetCursor
ClientToScreen
GetSysColor
ReleaseDC
BeginPaint
EndPaint
UpdateWindow
CreateCaret
ShowCaret
HideCaret
SetCaretPos
PtInRect
DestroyWindow
UnregisterClassW
CallMsgFilterW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
GetQueueStatus
PeekMessageW
WaitMessage
PostMessageW
GetSubMenu
LoadMenuW
PostQuitMessage
ExitWindowsEx
RegisterWindowMessageW
MoveWindow
LoadIconW
SendMessageW
FindWindowW
CreateWindowExW
RegisterClassExW
LoadCursorW
DefWindowProcW
CheckMenuItem
TrackPopupMenu
KillTimer
SetTimer
MessageBoxW
MonitorFromPoint
GetMonitorInfoW
GetCursorPos
ShowWindow
SetForegroundWindow
IsWindowVisible
IsWindow
GetMenuState

gdi32

CreateRectRgnIndirect
CreateCompatibleBitmap
GetDeviceCaps
GetStockObject
GetObjectW
SetDIBColorTable
SelectObject
GetDIBColorTable
StretchBlt
CreateDIBSection
CreateCompatibleDC
DeleteDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
GetClipBox
DeleteObject
BitBlt
SelectClipRgn

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetFolderPathW
ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW

ole32

CreateStreamOnHGlobal

oleaut32

SysFreeString

riched20

ord4

shlwapi

StrCpyW
PathRemoveFileSpecW
StrStrIW
SHSetValueW
SHDeleteValueW
StrCmpW

msimg32

AlphaBlend
TransparentBlt

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

gdiplus

GdipFillRegion
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipSetStringFormatTrimming
GdipDrawString
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipDrawImageI
GdipSetClipRectI
GdipCreateRegionHrgn
GdipDeleteRegion
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetStringFormatLineAlign

Sections

.text
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9ed232bbab2ecdac58923cc35053508

Code Sign

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

11:21:55:24:27:b6:e2:d0:56:04:1d:7d:24:26:1f:73:5d:8dCertificate

Extended Key Usages

Key Usages

f2:c3:d6:a2:eb:f1:26:78:e9:f7:cb:ab:c0:62:68:bc:31:b2:4c:3aSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

riched20

shlwapi

msimg32

winmm

gdiplus

Sections

.text Size: 590KB - Virtual size: 589KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 8KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 284KB - Virtual size: 284KB

.reloc Size: 43KB - Virtual size: 43KB

04:00:00:00:00:01:20:19:c1:90:66
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

11:21:55:24:27:b6:e2:d0:56:04:1d:7d:24:26:1f:73:5d:8d
Certificate

f2:c3:d6:a2:eb:f1:26:78:e9:f7:cb:ab:c0:62:68:bc:31:b2:4c:3a
Signer

.text
Size: 590KB - Virtual size: 589KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 8KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 284KB - Virtual size: 284KB

.reloc
Size: 43KB - Virtual size: 43KB