General

Malware Config

Signatures

Files

• 2068743198cbe3e6405df3a70e5e639adc124cb27abd8012f362f8b905cf1cdf

  .zip
• ˳20234²Ա/20234²ԱԱ.doc.lnk

  .lnk
• ˳20234²Ա/嵥б/Ա嵥.xlsx

  .doc .xlsx windows office2003
• 顺丰2023年4月裁员名单/清单列表/.__MACOSX__/闕ｳ�ｭ隴�/._MACOS_/NisSrv.exe

  .exe windows x64

  b1ac41ecc25022618f74a6d0828a4712

  
  

  Code Sign

  33:00:00:02:9e:05:ca:b1:2e:ac:93:cf:b6:00:00:00:00:02:9e

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  24-09-2020 19:16

  Not After

  23-09-2021 19:16

  Subject

  CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  f2:54:f4:58:62:1f:c8:30:88:c1:b1:f8:d6:21:ad:38:58:34:cc:d7:d1:51:fd:20:69:78:21:a4:c8:a8:9f:5d

  Signer

  Actual PE Digest

  f2:54:f4:58:62:1f:c8:30:88:c1:b1:f8:d6:21:ad:38:58:34:cc:d7:d1:51:fd:20:69:78:21:a4:c8:a8:9f:5d

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  api-ms-win-crt-runtime-l1-1-0

  __p___argc

  __p___wargv

  _cexit

  _initterm

  abort

  _c_exit

  _register_thread_local_exe_atexit_callback

  _exit

  exit

  _initterm_e

  _beginthreadex

  _get_initial_wide_environment

  _initialize_wide_environment

  _configure_wide_argv

  _initialize_onexit_table

  _register_onexit_function

  _crt_atexit

  _invalid_parameter_noinfo

  terminate

  _invalid_parameter_noinfo_noreturn

  _errno

  _seh_filter_exe

  _set_app_type

  api-ms-win-crt-stdio-l1-1-0

  feof

  fgetws

  fclose

  __stdio_common_vsnprintf_s

  __stdio_common_vswprintf

  __stdio_common_vsprintf

  __stdio_common_vsprintf_s

  __stdio_common_vsnwprintf_s

  fputc

  __stdio_common_vswprintf_s

  _wfopen

  _fsopen

  __p__commode

  _set_fmode

  fseek

  _wfsopen

  _get_stream_buffer_pointers

  _fseeki64

  fread

  fsetpos

  ungetc

  setvbuf

  fgetpos

  fwrite

  fgetc

  fflush

  api-ms-win-crt-heap-l1-1-0

  calloc

  malloc

  _set_new_mode

  _calloc_base

  free

  _malloc_base

  _free_base

  _callnewh

  _recalloc

  realloc

  api-ms-win-crt-convert-l1-1-0

  _i64toa_s

  _ui64toa_s

  _ui64tow_s

  wcstoull

  _wcstod_l

  wcstoll

  wcstod

  _i64tow_s

  strtof

  strtoll

  strtod

  wcstol

  _itow_s

  strtol

  api-ms-win-crt-string-l1-1-0

  isalpha

  iswalpha

  isdigit

  iswdigit

  iswxdigit

  islower

  iswlower

  wcsncpy_s

  strcspn

  iswspace

  towlower

  towupper

  iswupper

  strncmp

  strnlen

  _wcsdup

  isupper

  __strncnt

  wcsnlen

  isspace

  tolower

  wcscmp

  strcpy_s

  _wcsicmp

  api-ms-win-crt-locale-l1-1-0

  _lock_locales

  _configthreadlocale

  localeconv

  setlocale

  ___lc_codepage_func

  __pctype_func

  _create_locale

  ___lc_collate_cp_func

  ___lc_locale_name_func

  _unlock_locales

  ___mb_cur_max_func

  _free_locale

  api-ms-win-crt-math-l1-1-0

  ldexp

  ceilf

  ceil

  log2

  pow

  powf

  frexp

  advapi32

  OpenServiceW

  OpenSCManagerW

  CloseServiceHandle

  StartServiceW

  RegQueryValueExW

  EventWriteTransfer

  EventUnregister

  EventRegister

  SetServiceStatus

  RegisterServiceCtrlHandlerExW

  StartServiceCtrlDispatcherW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegOpenKeyExW

  RegEnumKeyExW

  RegSetKeyValueW

  RegOpenCurrentUser

  RegGetValueW

  RegQueryInfoKeyW

  RegCloseKey

  UnregisterTraceGuids

  RegisterTraceGuidsW

  GetTraceEnableFlags

  GetTraceEnableLevel

  GetTraceLoggerHandle

  TraceMessage

  ImpersonateLoggedOnUser

  RevertToSelf

  crypt32

  CertGetCertificateChain

  CertVerifyCertificateChainPolicy

  CryptUnprotectMemory

  CryptBinaryToStringW

  CertFreeCertificateChain

  CertFreeCertificateContext

  kernel32

  GetSystemInfo

  UnmapViewOfFile

  GetSystemPreferredUILanguages

  GetThreadPreferredUILanguages

  GetVersionExW

  GetModuleHandleA

  QueryProcessCycleTime

  GetLongPathNameW

  GetProcessId

  DuplicateHandle

  CreateMutexW

  LoadLibraryExA

  DelayLoadFailureHook

  OpenProcess

  QueryFullProcessImageNameW

  QueryUnbiasedInterruptTime

  GlobalFree

  VerifyVersionInfoW

  GetUserPreferredUILanguages

  GetModuleFileNameA

  CreateSemaphoreExW

  HeapFree

  SetLastError

  ReleaseSemaphore

  GetModuleHandleExW

  WaitForSingleObject

  GetCurrentThreadId

  ReleaseMutex

  FormatMessageW

  GetLastError

  OutputDebugStringW

  WaitForSingleObjectEx

  OpenSemaphoreW

  CloseHandle

  HeapAlloc

  GetProcAddress

  CreateMutexExW

  GetCurrentProcessId

  GetProcessHeap

  GetModuleHandleW

  DebugBreak

  IsDebuggerPresent

  SetThreadpoolTimer

  WaitForThreadpoolTimerCallbacks

  CloseThreadpoolTimer

  CreateThreadpoolTimer

  MultiByteToWideChar

  CloseThreadpool

  WaitForThreadpoolWorkCallbacks

  CloseThreadpoolWork

  CreateThreadpool

  SetThreadpoolThreadMaximum

  CreateThreadpoolWork

  SubmitThreadpoolWork

  StartThreadpoolIo

  SystemTimeToFileTime

  RaiseException

  FreeLibrary

  LoadLibraryExW

  lstrcmpiW

  LeaveCriticalSection

  EnterCriticalSection

  SizeofResource

  LoadResource

  FindResourceExW

  GetModuleFileNameW

  InitializeCriticalSection

  DeleteCriticalSection

  HeapSetInformation

  CreateEventW

  SetEvent

  TerminateProcess

  GetCurrentProcess

  SwitchToFiber

  ConvertFiberToThread

  IsThreadAFiber

  ConvertThreadToFiber

  CreateFiberEx

  DeleteFiber

  WideCharToMultiByte

  GetSystemTimeAsFileTime

  CreateFileW

  SetErrorMode

  QueryPerformanceFrequency

  QueryPerformanceCounter

  FormatMessageA

  Sleep

  SwitchToThread

  InitializeSRWLock

  TryAcquireSRWLockExclusive

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  WakeAllConditionVariable

  WakeConditionVariable

  InitializeConditionVariable

  SleepConditionVariableSRW

  RtlPcToFileHeader

  GetStringTypeW

  ReleaseSRWLockShared

  AcquireSRWLockShared

  LocalFree

  InitOnceComplete

  CreateDirectoryW

  GetFileInformationByHandleEx

  FindFirstFileExW

  FindNextFileW

  DeviceIoControl

  FindClose

  GetFileAttributesW

  GetFileAttributesExW

  SetFileInformationByHandle

  MoveFileExW

  CopyFileW

  InitOnceBeginInitialize

  EncodePointer

  DecodePointer

  LCMapStringEx

  GetLocaleInfoEx

  CompareStringEx

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsProcessorFeaturePresent

  InitializeCriticalSectionAndSpinCount

  ResetEvent

  InitializeSListHead

  RtlUnwindEx

  FlsAlloc

  FlsGetValue

  FlsSetValue

  FlsFree

  GetProcessTimes

  CreateThreadpoolIo

  WaitForThreadpoolIoCallbacks

  CancelThreadpoolIo

  CancelIoEx

  CloseThreadpoolIo

  GetSystemDirectoryW

  GetSystemTime

  InitializeCriticalSectionEx

  CreateFileMappingW

  MapViewOfFile

  GetFileSizeEx

  ExpandEnvironmentStringsW

  ole32

  CoUninitialize

  CoCreateInstance

  StringFromGUID2

  CoCreateGuid

  CoTaskMemAlloc

  CoTaskMemRealloc

  CoTaskMemFree

  CoInitializeEx

  oleaut32

  VarUI4FromStr

  user32

  UnregisterClassA

  CharNextW

  bcrypt

  BCryptCloseAlgorithmProvider

  BCryptCreateHash

  BCryptDestroyHash

  BCryptFinishHash

  BCryptHashData

  BCryptGetProperty

  BCryptOpenAlgorithmProvider

  normaliz

  IdnToAscii

  ws2_32

  htonl

  ntohs

  htons

  inet_ntop

  ntdll

  RtlIpv4StringToAddressExW

  RtlIpv6StringToAddressExW

  VerSetConditionMask

  winhttp

  WinHttpSetCredentials

  WinHttpGetIEProxyConfigForCurrentUser

  WinHttpQueryAuthSchemes

  WinHttpWriteData

  WinHttpReceiveResponse

  WinHttpOpen

  WinHttpCloseHandle

  WinHttpQueryHeaders

  WinHttpQueryOption

  WinHttpGetDefaultProxyConfiguration

  WinHttpGetProxyForUrl

  WinHttpSetStatusCallback

  WinHttpSetTimeouts

  WinHttpSetOption

  WinHttpReadData

  WinHttpQueryDataAvailable

  WinHttpSendRequest

  WinHttpAddRequestHeaders

  WinHttpOpenRequest

  WinHttpConnect

  mpclient

  MpConfigGetValueAlloc

  MpHandleClose

  MpConfigClose

  MpNotificationRegister

  MpManagerOpen

  MpFreeMemory

  MpConfigUninitialize

  MpUtilsExportFunctions

  MpConfigInitialize

  MpClientUtilExportFunctions

  MpConfigOpen

  api-ms-win-crt-filesystem-l1-1-0

  _lock_file

  _unlock_file

  api-ms-win-crt-utility-l1-1-0

  rand_s

  shell32

  SHGetKnownFolderPath

  iphlpapi

  GetAdaptersAddresses

  netapi32

  NetApiBufferFree

  NetGetJoinInformation

  Sections

  .text

  Size: 2.0MB - Virtual size: 2.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 296KB - Virtual size: 292KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 40KB - Virtual size: 100KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 80KB - Virtual size: 79KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 4KB - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 顺丰2023年4月裁员名单/清单列表/.__MACOSX__/闕ｳ�ｭ隴�/._MACOS_/apt.vbs

  .vbs
• 顺丰2023年4月裁员名单/清单列表/.__MACOSX__/闕ｳ�ｭ隴�/._MACOS_/mpclient.dll

  .dll windows x64

  88bfafb2b2f59c630d577b26e4a881c4

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  IMAGE_FILE_DLL

  Imports

  kernel32

  AddVectoredExceptionHandler

  CloseHandle

  CreateEventA

  CreateFileA

  CreateIoCompletionPort

  CreateThread

  CreateWaitableTimerA

  CreateWaitableTimerExW

  DeleteCriticalSection

  DuplicateHandle

  EnterCriticalSection

  ExitProcess

  FreeEnvironmentStringsW

  GetConsoleMode

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetEnvironmentStringsW

  GetLastError

  GetProcAddress

  GetProcessAffinityMask

  GetQueuedCompletionStatusEx

  GetStdHandle

  GetSystemDirectoryA

  GetSystemInfo

  GetSystemTimeAsFileTime

  GetThreadContext

  GetTickCount

  InitializeCriticalSection

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryW

  PostQueuedCompletionStatus

  QueryPerformanceCounter

  ResumeThread

  RtlAddFunctionTable

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  SetConsoleCtrlHandler

  SetErrorMode

  SetEvent

  SetProcessPriorityBoost

  SetThreadContext

  SetThreadPriority

  SetUnhandledExceptionFilter

  SetWaitableTimer

  Sleep

  SuspendThread

  SwitchToThread

  TerminateProcess

  TlsGetValue

  UnhandledExceptionFilter

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForMultipleObjects

  WaitForSingleObject

  WriteConsoleW

  WriteFile

  msvcrt

  __iob_func

  _amsg_exit

  _beginthread

  _errno

  _initterm

  _lock

  _unlock

  abort

  calloc

  fprintf

  free

  fwrite

  malloc

  realloc

  signal

  strlen

  strncmp

  vfprintf

  Exports

  Exports

  MpClientUtilExportFunctions

  MpConfigClose

  MpConfigGetValueAlloc

  MpConfigInitialize

  MpConfigOpen

  MpConfigUninitialize

  MpFreeMemory

  MpHandleClose

  MpManagerOpen

  MpNotificationRegister

  MpUtilsExportFunctions

  OnProcessAttach

  Test

  _cgo_dummy_export

  Sections

  .text

  Size: 3.4MB - Virtual size: 3.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 331KB - Virtual size: 330KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 3.9MB - Virtual size: 3.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 1024B - Virtual size: 876B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 1024B - Virtual size: 652B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 395KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 512B - Virtual size: 438B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 88B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ