问题录屏[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

问题录屏.zip
Size

721KB
MD5

0d4c7c22105cd31c0e2f0628d523ba23
SHA1

03c5617f9a5461167ade93a92e40534f1697ab7e
SHA256

bccf7f227709ecd96a11c0b71dd713097069da7bb014b9d32c6376216d71f721
SHA512

c35157046575dbc7169a2a72d84df60d6a3b32e64979f9968fe81f863f3fe743ee9fd519df21b01747193e5ae64c2bb8d8c8b556f86265bcdd578fe78070e9a5
SSDEEP

12288:Ys09IFsV8fEVSIhIGzRaAYsRDKtaJxvIAXY1B6RW2tVcadb+7Ju+HUeBO7V3y:Ys09O9sV1hGj8K8zIA+OStHUeyy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ark.x64.dll

Files

问题录屏.zip
.zip
20230922录屏.exe
.exe windows:6 windows x64

bf3f50a6cdc88a8cd5b1875ca35d592f

Code Sign

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2020, 00:00

Not After

26/03/2023, 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2020, 00:00

Not After

26/03/2023, 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:02:ef:79:00:56:a6:37:3d:ca:2f:6a:3b:a0:f7:5e:ff:c4:6c:4e:46:ef:f5:1c:70:d4:36:55:6d:7c:4b:eb
Signer

Actual PE Digest

7e:02:ef:79:00:56:a6:37:3d:ca:2f:6a:3b:a0:f7:5e:ff:c4:6c:4e:46:ef:f5:1c:70:d4:36:55:6d:7c:4b:eb

Digest Algorithm

sha256

PE Digest Matches

true

d6:6c:df:37:6e:d8:c8:2f:fc:c6:ce:a5:6d:5f:33:dd:f2:e0:a1:8d
Signer

Actual PE Digest

d6:6c:df:37:6e:d8:c8:2f:fc:c6:ce:a5:6d:5f:33:dd:f2:e0:a1:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileW
lstrlenW
GetFileAttributesW
FindFirstFileW
FindClose
GetFileSizeEx
LocalFree
GetFullPathNameW
FindNextFileW
RemoveDirectoryW
SetFileAttributesW
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
WaitForSingleObject
GetCurrentProcessId
OpenProcess
TerminateProcess
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
FormatMessageW
SetFilePointerEx
WriteFile
lstrlenA
RtlCaptureContext
GlobalMemoryStatusEx
CreateThread
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
Sleep
GetFileInformationByHandle
GetFileInformationByHandleEx
GetTempFileNameW
GetStdHandle
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
MoveFileW
SetConsoleCtrlHandler
FlushFileBuffers
InitializeCriticalSectionEx
DeleteCriticalSection
GetPrivateProfileIntW
ReadConsoleW
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineW
GetCommandLineA
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
RtlUnwind
TlsFree
WriteConsoleW
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
GetTempPathW
GetCurrentDirectoryW
GetModuleFileNameW
GetCurrentThread
FreeLibrary
GetCurrentProcess
GetProcAddress
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileTime
ReadFile
CreateFileW
GetTickCount64
OutputDebugStringW
CloseHandle
GetLastError
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
IsDebuggerPresent

user32

SendMessageW
FindWindowW
wsprintfW
MessageBoxW
RegisterWindowMessageW
CharNextExA

advapi32

IsTextUnicode
GetTokenInformation
OpenProcessToken

shlwapi

PathCanonicalizeW
PathIsDirectoryW
PathFileExistsW
PathMatchSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

HttpOpenRequestA
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpSendRequestW
InternetErrorDlg
InternetQueryDataAvailable
HttpAddRequestHeadersW
InternetConnectA
InternetSetOptionW
InternetOpenW
InternetCrackUrlA
InternetCloseHandle
InternetQueryOptionW
InternetReadFile
HttpQueryInfoW

Sections

.text
Size: 377KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ark.x64.dll
.dll windows:6 windows x64

09b56f9f1815d568bc56eac042a7da57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FindResourceW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

FindWindowW
ShowWindow

crypt32

CryptStringToBinaryA

rpcrt4

UuidFromStringA

Exports

Exports

CreateArk
CreateArkCompressor
DllMain

Sections

.text
Size: 454KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf3f50a6cdc88a8cd5b1875ca35d592f

Code Sign

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4aCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4aCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

7e:02:ef:79:00:56:a6:37:3d:ca:2f:6a:3b:a0:f7:5e:ff:c4:6c:4e:46:ef:f5:1c:70:d4:36:55:6d:7c:4b:ebSigner

d6:6c:df:37:6e:d8:c8:2f:fc:c6:ce:a5:6d:5f:33:dd:f2:e0:a1:8dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

version

wininet

Sections

.text Size: 377KB - Virtual size: 376KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 15KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

09b56f9f1815d568bc56eac042a7da57

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

crypt32

rpcrt4

Exports

Exports

Sections

.text Size: 454KB - Virtual size: 454KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 6KB - Virtual size: 6KB

.00cfg Size: 512B - Virtual size: 56B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 584KB - Virtual size: 584KB

.reloc Size: 2KB - Virtual size: 1KB

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

7e:02:ef:79:00:56:a6:37:3d:ca:2f:6a:3b:a0:f7:5e:ff:c4:6c:4e:46:ef:f5:1c:70:d4:36:55:6d:7c:4b:eb
Signer

d6:6c:df:37:6e:d8:c8:2f:fc:c6:ce:a5:6d:5f:33:dd:f2:e0:a1:8d
Signer

.text
Size: 377KB - Virtual size: 376KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 15KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 454KB - Virtual size: 454KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 6KB - Virtual size: 6KB

.00cfg
Size: 512B - Virtual size: 56B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 584KB - Virtual size: 584KB

.reloc
Size: 2KB - Virtual size: 1KB