General

Malware Config

Signatures

Files

• 794c7af6a850461230d5df6e2de755c9ce8489b9d46a4723eb313a56e2aadebd

  .zip
• ƽ&ַʥ100Ԫĵ/˵/.res/ProcComm.dll

  .dll windows:6 windows x86 arch:x86

  e906d7d766f1e607d74dd068f226dd0a

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  CloseHandle

  CreateFileW

  CreateToolhelp32Snapshot

  DecodePointer

  DeleteCriticalSection

  EncodePointer

  EnterCriticalSection

  ExitProcess

  FindClose

  FindFirstFileExW

  FindNextFileW

  FlushFileBuffers

  FreeEnvironmentStringsW

  FreeLibrary

  GetACP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetConsoleMode

  GetConsoleOutputCP

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetEnvironmentStringsW

  GetFileType

  GetLastError

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleA

  GetModuleHandleExW

  GetModuleHandleW

  GetOEMCP

  GetProcAddress

  GetProcessHeap

  GetStartupInfoW

  GetStdHandle

  GetStringTypeW

  GetSystemTimeAsFileTime

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  InitializeCriticalSectionAndSpinCount

  InitializeSListHead

  InterlockedFlushSList

  IsDebuggerPresent

  IsProcessorFeaturePresent

  IsValidCodePage

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryExW

  MultiByteToWideChar

  Process32First

  Process32Next

  QueryPerformanceCounter

  RaiseException

  RtlUnwind

  SetFilePointerEx

  SetLastError

  SetStdHandle

  SetUnhandledExceptionFilter

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  user32

  MessageBoxA

  shell32

  ShellExecuteA

  shlwapi

  PathStripPathA

  Exports

  Exports

  CreateProcCommInterFace

  Sections

  .text

  Size: 736KB - Virtual size: 736KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 23KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .00cfg

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .voltbl

  Size: 512B - Virtual size: 36B

  .ndata

  Size: 333KB - Virtual size: 332KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 42KB - Virtual size: 42KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• ƽ&ַʥ100Ԫĵ/˵/.res/wps.scr

  .exe windows:5 windows x86 arch:x86

  bc0c30c2b2cf2f019e81cd506bbecbd3

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  61:19:93:e4:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  22-02-2011 19:25

  Not After

  22-02-2021 19:35

  Subject

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  41:00:26:b7:ae:29:96:3b:60:8d:61:91:1b:77:1e:16

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  11-05-2012 00:00

  Not After

  10-08-2015 23:59

  Subject

  CN=Beijing Rising Information Technology Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  79:12:12:38:28:1b:14:15:0e:ef:2a:44:39:9d:53:3b:fc:b9:f8:80

  Signer

  Actual PE Digest

  79:12:12:38:28:1b:14:15:0e:ef:2a:44:39:9d:53:3b:fc:b9:f8:80

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  FindNextFileA

  DeleteFileA

  FindFirstFileA

  WaitForSingleObject

  SetEvent

  FreeLibrary

  lstrcpynA

  GetProcAddress

  LoadLibraryA

  lstrcatA

  lstrlenA

  GetExitCodeThread

  GetSystemTime

  CloseHandle

  ReadFile

  GetFileSize

  CreateFileA

  GetTempPathA

  WideCharToMultiByte

  FindResourceA

  SizeofResource

  LockResource

  LoadResource

  FindResourceExA

  MapViewOfFile

  CreateFileMappingA

  UnmapViewOfFile

  GetTickCount

  FileTimeToSystemTime

  SystemTimeToFileTime

  InitializeCriticalSection

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  MultiByteToWideChar

  OutputDebugStringA

  CreateDirectoryA

  WaitForMultipleObjects

  GetCurrentThreadId

  GetCurrentThread

  TerminateThread

  SetFilePointer

  GetFileInformationByHandle

  WriteFile

  GetLocalTime

  GetModuleFileNameA

  FindClose

  GetCurrentProcess

  GetCurrentProcessId

  SuspendThread

  GetModuleHandleA

  RaiseException

  DeviceIoControl

  GetVersionExA

  GetPrivateProfileIntA

  MoveFileA

  SetFileAttributesA

  InterlockedCompareExchange

  AreFileApisANSI

  SetEndOfFile

  FlushFileBuffers

  UnlockFile

  LockFile

  LockFileEx

  CreateFileW

  GetTempPathW

  GetFileAttributesW

  DeleteFileW

  GetFullPathNameA

  GetFullPathNameW

  GetDiskFreeSpaceA

  GetDiskFreeSpaceW

  LoadLibraryW

  FormatMessageA

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  HeapFree

  HeapAlloc

  GetProcessHeap

  lstrlenW

  InterlockedIncrement

  InterlockedDecrement

  CreateEventA

  ResetEvent

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  SetStdHandle

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  GetCommandLineW

  Sleep

  GetFileAttributesA

  GetPrivateProfileStringA

  GetLastError

  CreateMutexA

  SetUnhandledExceptionFilter

  GetLocaleInfoW

  InitializeCriticalSectionAndSpinCount

  IsValidLocale

  EnumSystemLocalesA

  GetUserDefaultLCID

  GetStringTypeW

  GetStringTypeA

  GetLocaleInfoA

  GetConsoleMode

  GetConsoleCP

  GetFileType

  SetHandleCount

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  GetTimeZoneInformation

  HeapCreate

  VirtualAlloc

  VirtualFree

  GetStdHandle

  IsValidCodePage

  GetOEMCP

  GetACP

  ExitProcess

  SetLastError

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  GetModuleHandleW

  GetCPInfo

  LCMapStringW

  LCMapStringA

  GetStartupInfoA

  GetCommandLineA

  CreateThread

  HeapDestroy

  HeapReAlloc

  HeapSize

  RtlUnwind

  TerminateProcess

  UnhandledExceptionFilter

  IsDebuggerPresent

  ExitThread

  user32

  CharUpperA

  FindWindowA

  SendMessageA

  GetDesktopWindow

  wsprintfA

  IsWindow

  advapi32

  RegCreateKeyA

  RegOpenKeyA

  RegSetValueExA

  RegOpenKeyExA

  RegQueryValueExA

  RegCloseKey

  shell32

  CommandLineToArgvW

  ole32

  CoInitialize

  CoCreateInstance

  CoInitializeSecurity

  CoUninitialize

  oleaut32

  SysAllocStringLen

  SysFreeString

  SafeArrayDestroy

  SafeArrayGetElement

  SafeArrayGetUBound

  SafeArrayGetLBound

  SysAllocString

  SysStringLen

  VarBstrCat

  VariantInit

  VariantClear

  VariantChangeType

  shlwapi

  PathRemoveExtensionA

  wininet

  HttpSendRequestExA

  InternetWriteFile

  InternetReadFile

  FtpOpenFileA

  InternetSetStatusCallback

  HttpEndRequestA

  HttpOpenRequestA

  HttpAddRequestHeadersA

  InternetSetCookieA

  HttpSendRequestA

  InternetOpenA

  InternetSetOptionA

  InternetCloseHandle

  InternetAttemptConnect

  HttpQueryInfoA

  InternetConnectA

  rpcrt4

  UuidCreate

  Sections

  .text

  Size: 678KB - Virtual size: 677KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 63KB - Virtual size: 62KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 28KB - Virtual size: 40KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• ƽ&ַʥ100Ԫĵ/˵/ƽ&ַʥ100Ԫĵ.docx

  .docx office2007
• ƽ&ַʥ100Ԫĵ/ƽ&ַʥ100Ԫĵ.docx.lnk

  .lnk