infected2024030801[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

infected2024030801.rar
Size

2.8MB
MD5

468cb612990461a9389e21c5c52c1add
SHA1

d047aff9b980609383a0699df8b661a107b08efc
SHA256

e94f90902e900bdf40f10c68811f6d7bd67cc54f7727af3a9a49488d61824a62
SHA512

1763ef462c5b5f4d6905b6338f55bc706e153c440f1c807ba649d2c25c3829be90e9202ca59eb0c370f36b9dea4be2c3b758b4375cafd5c1d15b1682a7d4c170
SSDEEP

49152:ZHanQTRX/VNmr/8PajhystfAedH+GpptMFLnt6Qn8QuBTCfu/dTt4fnmOAfuUjmO:ZQQJTKUqfHpptgZ6Q3QCfu/dTCmhJVjL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/查询企业票6001-45b5bb.exe.vir	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/OutlookUpdate.exe.vir
unpack001/morrowind-2efdb9.exe.vir
unpack001/morrowind-a5fa52.exe.vir
unpack001/查询企业票6001-45b5bb.exe.vir
unpack002/out.upx
unpack001/查询通用版9205.exe.vir

Files

infected2024030801.rar
.rar
OutlookUpdate.exe.vir
.exe windows:6 windows x64 arch:x64

537405cf96d60fab5ebca124a8ae4115

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
LoadLibraryExW
VirtualAlloc
VirtualProtect
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
FormatMessageA
LoadLibraryA
GetThreadLocale
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
CloseHandle
CreateFileW

Sections

.text
Size: 774KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.slkaa
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
morrowind-2efdb9.exe.vir
.exe windows:6 windows x64 arch:x64

428e567357e25da5b43195d6cb366687

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
OpenProcess
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQueryEx
GetModuleFileNameW
GetModuleHandleW
DeviceIoControl
GetLastError
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualQuery
VirtualProtectEx
SetLastError
IsProcessorFeaturePresent
CheckRemoteDebuggerPresent
GetProcAddress
CreateFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess

advapi32

RegOpenKeyExW
RegQueryInfoKeyW

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__current_exception
__C_specific_handler
strstr
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
memcpy
memmove
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_c_exit
_register_thread_local_exe_atexit_callback
__p___argv
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initterm
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_initterm_e
_invalid_parameter_noinfo_noreturn
_set_app_type
_exit
exit
_seh_filter_exe
__p___argc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

strcmp
strlen

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
morrowind-a5fa52.exe.vir
.exe windows:6 windows x86 arch:x86

4b4421c972c4590f6eff27363f29a972

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateThread
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
DeviceIoControl
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
GetLastError
VirtualAlloc
CreateFileW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess

advapi32

RegOpenKeyExW
RegQueryInfoKeyW

msvcp140

?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

winhttp

WinHttpOpenRequest
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryDataAvailable

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
__current_exception
__current_exception_context
_except_handler4_common
__CxxFrameHandler3
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
__p___argv
_initialize_narrow_environment
_configure_narrow_argv
exit
__p___argc
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_initterm
_set_app_type
_seh_filter_exe
_exit
_errno
_initialize_onexit_table
_initterm_e
_invalid_parameter_noinfo_noreturn
_c_exit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
__p__commode
_set_fmode

api-ms-win-crt-string-l1-1-0

strlen
strtok

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
查询企业票6001-45b5bb.exe.vir
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
查询企业票6001-b0e80a.exe.vir
.exe windows:5 windows x64 arch:x64

dbd448cf522238495b189a49f0ef3415

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:f0:0b:c2:aa:1f:0d:2d:57:ae:3f:1f:6f:84:e9:32
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/06/2021, 00:00

Not After

12/06/2024, 23:59

Subject

SERIALNUMBER=91510100MA6BN8NCXA,CN=成都超游猫科技有限公司,O=成都超游猫科技有限公司,L=成都市,ST=四川省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c21e68890e983bde9ab98e696b0e68a80e69cafe4baa7e4b89ae5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:c3:53:e9:7b:10:d7:e9:ec:e9:ee:35:3e:e8:2f:3a:c9:bd:16:cb:7d:2e:31:2f:af:63:44:66:60:d3:e1:66
Signer

Actual PE Digest

a9:c3:53:e9:7b:10:d7:e9:ec:e9:ee:35:3e:e8:2f:3a:c9:bd:16:cb:7d:2e:31:2f:af:63:44:66:60:d3:e1:66

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
VirtualProtect
GetModuleHandleA
GetProcAddress
GetCurrentThread
LoadLibraryW
FreeLibrary
QueueUserAPC
GetCommandLineW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
RtlUnwindEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetLastError
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
RaiseException
RtlPcToFileHeader
HeapFree
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
GetLocaleInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
WideCharToMultiByte
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
查询企业票6001.exe.vir
.exe windows:5 windows x64 arch:x64

dbd448cf522238495b189a49f0ef3415

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:f0:0b:c2:aa:1f:0d:2d:57:ae:3f:1f:6f:84:e9:32
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/06/2021, 00:00

Not After

12/06/2024, 23:59

Subject

SERIALNUMBER=91510100MA6BN8NCXA,CN=成都超游猫科技有限公司,O=成都超游猫科技有限公司,L=成都市,ST=四川省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c21e68890e983bde9ab98e696b0e68a80e69cafe4baa7e4b89ae5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:c3:53:e9:7b:10:d7:e9:ec:e9:ee:35:3e:e8:2f:3a:c9:bd:16:cb:7d:2e:31:2f:af:63:44:66:60:d3:e1:66
Signer

Actual PE Digest

a9:c3:53:e9:7b:10:d7:e9:ec:e9:ee:35:3e:e8:2f:3a:c9:bd:16:cb:7d:2e:31:2f:af:63:44:66:60:d3:e1:66

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
VirtualProtect
GetModuleHandleA
GetProcAddress
GetCurrentThread
LoadLibraryW
FreeLibrary
QueueUserAPC
GetCommandLineW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
RtlUnwindEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetLastError
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
RaiseException
RtlPcToFileHeader
HeapFree
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
GetLocaleInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
WideCharToMultiByte
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
查询通用版9205.exe.vir
.exe windows:6 windows x64 arch:x64

7eb65afcd30fd9b210055bc633bffbd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Rust\loader\target\release\deps\loader.pdb

Imports

kernel32

SetHandleInformation
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
GetCurrentThreadId
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentProcess
GetEnvironmentVariableW
GetFinalPathNameByHandleW
SetFileCompletionNotificationModes
PostQueuedCompletionStatus
SetLastError
CreateThread
TryAcquireSRWLockExclusive
QueryPerformanceCounter
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
WakeConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
GetQueuedCompletionStatusEx
InitializeSListHead
IsDebuggerPresent
WakeAllConditionVariable
HeapCreate
GetLastError
CreateIoCompletionPort
SetThreadStackGuarantee
AddVectoredExceptionHandler
SwitchToThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
HeapReAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapFree
CloseHandle
HeapAlloc
GetProcessHeap

bcrypt

BCryptGenRandom

ws2_32

freeaddrinfo
getsockopt
connect
bind
WSAIoctl
ioctlsocket
WSASocketW
setsockopt
WSACleanup
shutdown
closesocket
recv
send
WSASend
getpeername
getaddrinfo
getsockname
WSAGetLastError
WSAStartup

ntdll

RtlNtStatusToDosError
NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile
NtWriteFile

crypt32

CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertOpenStore
CertGetCertificateChain

secur32

ApplyControlToken
EncryptMessage
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
DecryptMessage
InitializeSecurityContextW
AcceptSecurityContext
QueryContextAttributesW
FreeContextBuffer

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
SystemFunction036

vcruntime140

__C_specific_handler
memcmp
memset
__current_exception_context
__current_exception
memcpy
memmove
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_cexit
_exit
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
exit
_initterm_e
_initialize_narrow_environment
_set_app_type
_initialize_onexit_table
_register_onexit_function
_initterm
_c_exit
_seh_filter_exe
_crt_atexit
_configure_narrow_argv
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
测试@ssdp8.exe.vir
.exe windows:6 windows x86 arch:x86

86e8c1a0acd30d8743d8359ae9599f43

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:58:88:72:0b:64:ad:92:c6:a5:44:8a:8f:74:2e:aa
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/06/2023, 00:00

Not After

06/08/2025, 23:59

Subject

SERIALNUMBER=91420111MA49BN013B,CN=雷神（武汉）网络技术有限公司,O=雷神（武汉）网络技术有限公司,L=武汉市,ST=湖北省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c1ee6ada6e6b189e4b89ce6b996e696b0e68a80e69cafe5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b996e58c97e79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:58:88:72:0b:64:ad:92:c6:a5:44:8a:8f:74:2e:aa
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/06/2023, 00:00

Not After

06/08/2025, 23:59

Subject

SERIALNUMBER=91420111MA49BN013B,CN=雷神（武汉）网络技术有限公司,O=雷神（武汉）网络技术有限公司,L=武汉市,ST=湖北省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c1ee6ada6e6b189e4b89ce6b996e696b0e68a80e69cafe5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b996e58c97e79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:ac:54:fb:16:75:a1:7b:97:17:24:f4:d8:d5:bc:2d:67:fd:e4:a2:86:78:e1:29:46:48:d8:3f:50:6a:b9:62
Signer

Actual PE Digest

33:ac:54:fb:16:75:a1:7b:97:17:24:f4:d8:d5:bc:2d:67:fd:e4:a2:86:78:e1:29:46:48:d8:3f:50:6a:b9:62

Digest Algorithm

sha256

PE Digest Matches

false

2c:f1:ea:83:23:88:41:ae:0b:74:0d:48:85:3e:6d:68:31:4a:b2:ce
Signer

Actual PE Digest

2c:f1:ea:83:23:88:41:ae:0b:74:0d:48:85:3e:6d:68:31:4a:b2:ce

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
ExitProcess
GetFileType
SetStdHandle
HeapQueryInformation
GetCommandLineW
GetCommandLineA
QueryPerformanceFrequency
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
VirtualQuery
VirtualAlloc
GetSystemInfo
RtlUnwind
GetStringTypeW
LCMapStringEx
RaiseException
OutputDebugStringW
CompareStringW
LCMapStringW
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
IsValidLocale
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetWindowsDirectoryA
FindResourceExW
SystemTimeToTzSpecificLocalTime
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetACP
GetTempPathA
GetStringTypeExA
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
DuplicateHandle
GetVolumeInformationA
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
Sleep
SearchPathA
GetProfileIntA
GetCPInfo
GetOEMCP
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetUserDefaultLCID
ReplaceFileA
GetTempFileNameA
SetFileTime
GetFullPathNameA
GetFileTime
GetDiskFreeSpaceA
GetTickCount64
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetVersionExA
GetCurrentThread
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
lstrcmpA
VerifyVersionInfoA
VerSetConditionMask
CopyFileA
FormatMessageA
LocalFree
MulDiv
GetCurrentDirectoryA
ResumeThread
SetThreadPriority
WaitForSingleObject
GlobalFree
GlobalSize
GlobalReAlloc
GlobalAlloc
GetFileSize
GetFileAttributesA
lstrcpyA
CompareStringA
GlobalFindAtomA
FindResourceA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
MultiByteToWideChar
GlobalGetAtomNameA
GlobalAddAtomA
GlobalLock
GlobalUnlock
LoadLibraryW
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetCurrentProcessId
SetLastError
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
OpenProcess
VirtualProtect
GetCurrentProcess
VirtualAllocExNuma
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
WriteFile
CreateFileA
GetProcessHeap
DeleteCriticalSection
DecodePointer
WideCharToMultiByte
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
FindResourceW
LoadResource
LockResource
SizeofResource
CreateThread

user32

SetRect
LockWindowUpdate
GetUpdateRect
CopyImage
LoadImageW
FillRect
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
DrawIconEx
SetMenuDefaultItem
GetMenuDefaultItem
AppendMenuA
GetMenuState
NotifyWinEvent
LoadCursorW
LoadCursorA
WindowFromPoint
GetCursorPos
MessageBeep
DeleteMenu
GetSystemMenu
KillTimer
SetTimer
SetCapture
GetAsyncKeyState
CharUpperA
TrackMouseEvent
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
SetDlgItemTextA
MoveWindow
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoA
MonitorFromWindow
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
PtInRect
MapWindowPoints
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
UnionRect
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
TrackPopupMenu
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
RemoveMenu
IsMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
DispatchMessageA
ReuseDDElParam
UnpackDDElParam
WinHelpA
DrawEdge
DrawFrameControl
DrawFocusRect
SetLayeredWindowAttributes
EnumDisplayMonitors
GetParent
SetRectEmpty
LoadMenuW
DestroyIcon
LoadIconW
GetLastActivePopup
GetWindowThreadProcessId
GetClassNameA
GetDesktopWindow
SetWindowLongA
GetWindowLongA
EqualRect
IntersectRect
SetCursor
SetActiveWindow
InsertMenuItemA
GetMenuItemCount
GetMenuItemID
DestroyMenu
CreatePopupMenu
SetMenu
GetMenu
LoadMenuA
TranslateAcceleratorA
GetKeyNameTextA
MapVirtualKeyA
GetDC
ReleaseDC
GetMenuStringA
GetMenuItemInfoA
SystemParametersInfoA
RegisterClipboardFormatA
GetSysColorBrush
SetClassLongA
GetMessageA
TranslateMessage
DestroyAcceleratorTable
UpdateLayeredWindow
LoadAcceleratorsA
IsWindowEnabled
ReleaseCapture
EnableScrollBar
MonitorFromPoint
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetWindowDC
GetWindowTextA
GetSubMenu
SendMessageA
ScreenToClient
GetClientRect
InvalidateRect
UpdateWindow
GetWindowRect
InflateRect
GetSysColor
LoadBitmapW
EnableWindow
IsChild
GetFocus
LoadImageA
GetSystemMetrics
RedrawWindow
IsIconic
ClientToScreen
RegisterWindowMessageA
PostMessageA
IsWindow
DestroyWindow
IsWindowVisible
IsZoomed
GetCapture
SetForegroundWindow
SetWindowRgn
CopyRect
OffsetRect
IsRectEmpty
GetClassLongA
SetParent
GetTopWindow
GetWindow
PeekMessageA
GetClassInfoA
ShowWindow
SetWindowPos
BringWindowToTop
GetDlgItem
GetDlgCtrlID
SetFocus
GetActiveWindow
GetKeyState
GetIconInfo
ModifyMenuA
CharUpperBuffA
FrameRect
InsertMenuA
HideCaret
InvertRect
PostQuitMessage
SetWindowContextHelpId
MapDialogRect
LoadAcceleratorsW
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
PostThreadMessageA
WaitMessage
ShowOwnedPopups
GetTabbedTextExtentW
GetWindowRgn
MapVirtualKeyExA
IsCharLowerA
CreateMenu
DrawIcon
InvalidateRgn
CharNextA
GetNextDlgGroupItem
GetComboBoxInfo
EnumChildWindows
GetDoubleClickTime
IsClipboardFormatAvailable
SubtractRect
CopyIcon
CopyAcceleratorTableA
CreateAcceleratorTableA
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
RealChildWindowFromPoint
DestroyCursor
SetCursorPos
GetWindowPlacement

gdi32

SelectPalette
SetPixel
StretchBlt
SetDIBColorTable
ExtTextOutA
GetTextMetricsA
CreateHatchBrush
CreatePatternBrush
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetCurrentPositionEx
GetDeviceCaps
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
StartDocA
MoveToEx
TextOutA
SetViewportExtEx
SetViewportOrgEx
RealizePalette
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
SetRectRgn
DPtoLP
CopyMetaFileA
CreateDCA
CreateEllipticRgn
Ellipse
GetBkColor
CreatePolygonRgn
Polygon
Polyline
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
Rectangle
RoundRect
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetCharWidthA
GetRgnBox
OffsetRgn
CreatePalette
GetPaletteEntries
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
EnumFontFamiliesExA
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetNearestPaletteIndex
GetSystemPaletteEntries
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextExtentPointA
GetTextExtentPoint32W
GetTextFaceA
SetPixelV
PatBlt
GetPixel
GetDIBits
CreateRectRgn
CombineRgn
BitBlt
GetTextColor
CreateRectRgnIndirect
CreateRoundRectRgn
CreatePen
SetTextColor
SetBkColor
CreateCompatibleBitmap
CreateDIBSection
SelectObject
CreateCompatibleDC
CreateFontIndirectA
DeleteObject
GetStockObject
DeleteDC
GetTextExtentPoint32A
SetWindowExtEx
CreateBitmap
GetObjectA

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
ClosePrinter
GetJobA
OpenPrinterA

advapi32

RegDeleteValueA
AdjustTokenPrivileges
OpenProcessToken
RegEnumValueA
RegOpenKeyExW
RegEnumKeyExA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
LookupPrivilegeValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueA
RegCloseKey
GetLengthSid
SetTokenInformation

shell32

DragFinish
SHAppBarMessage
ShellExecuteA
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ExtractIconA
SHAddToRecentDocs
SHGetDesktopFolder
DragQueryFileA

comctl32

InitCommonControlsEx
ImageList_AddMasked

shlwapi

PathFindExtensionA
PathStripToRootA
PathRemoveFileSpecW
StrFormatKBSizeA
PathIsUNCA
PathFindFileNameA

uxtheme

OpenThemeData
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
DrawThemeText
IsAppThemed
GetWindowTheme
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeParentBackground
GetThemeSysColor

ole32

OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
OleLockRunning
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
StgCreateDocfileOnILockBytes
CoFreeUnusedLibraries
CoDisconnectObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CLSIDFromProgID
OleUninitialize
OleInitialize
RevokeDragDrop
CoInitialize
CoCreateGuid
CoUninitialize
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoLockObjectExternal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RegisterDragDrop

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysAllocStringByteLen
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantChangeType
SysAllocStringLen
SysAllocString
VariantInit
SysFreeString
VariantClear

oledlg

ord8

gdiplus

GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA

imagehlp

ImageGetDigestStream

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

537405cf96d60fab5ebca124a8ae4115

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 774KB - Virtual size: 773KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 5KB - Virtual size: 12KB

.pdata Size: 6KB - Virtual size: 5KB

.slkaa Size: 402KB - Virtual size: 402KB

_RDATA Size: 4KB - Virtual size: 4KB

.gxfg Size: 6KB - Virtual size: 5KB

.gehcont Size: 512B - Virtual size: 16B

.rsrc Size: 264KB - Virtual size: 264KB

.reloc Size: 3KB - Virtual size: 2KB

428e567357e25da5b43195d6cb366687

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 3KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.reloc Size: 1KB - Virtual size: 1KB

4b4421c972c4590f6eff27363f29a972

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140

winhttp

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 856B

.rsrc Size: 165KB - Virtual size: 168KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 104KB

UPX1 Size: 47KB - Virtual size: 48KB

.rsrc Size: 16KB - Virtual size: 20KB

Headers

DLL Characteristics

File Characteristics

Sections

.text
Size: 774KB - Virtual size: 773KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 6KB - Virtual size: 5KB

.slkaa
Size: 402KB - Virtual size: 402KB

_RDATA
Size: 4KB - Virtual size: 4KB

.gxfg
Size: 6KB - Virtual size: 5KB

.gehcont
Size: 512B - Virtual size: 16B

.rsrc
Size: 264KB - Virtual size: 264KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 856B

.rsrc
Size: 165KB - Virtual size: 168KB

UPX0
Size: - Virtual size: 104KB

UPX1
Size: 47KB - Virtual size: 48KB

.rsrc
Size: 16KB - Virtual size: 20KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

0a:f0:0b:c2:aa:1f:0d:2d:57:ae:3f:1f:6f:84:e9:32
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a9:c3:53:e9:7b:10:d7:e9:ec:e9:ee:35:3e:e8:2f:3a:c9:bd:16:cb:7d:2e:31:2f:af:63:44:66:60:d3:e1:66
Signer

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

0a:f0:0b:c2:aa:1f:0d:2d:57:ae:3f:1f:6f:84:e9:32
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a9:c3:53:e9:7b:10:d7:e9:ec:e9:ee:35:3e:e8:2f:3a:c9:bd:16:cb:7d:2e:31:2f:af:63:44:66:60:d3:e1:66
Signer

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB