ca26434ef89e4a4403e44616ce55d1d1

Sharing

Copy URL Twitter E-mail

Reason

office: invalid record header

Reason

office: invalid record header

Reason

office: invalid record header

Reason

office: error reading record

Reason

office: invalid record header

Reason

office: invalid record header

Reason

office: error reading record

General

Target

ca26434ef89e4a4403e44616ce55d1d1
Size

6.1MB
MD5

ca26434ef89e4a4403e44616ce55d1d1
SHA1

ce7e4651a2e8368a3d4aedc884908ecf76ab1d83
SHA256

949a5f608169aa9449fd5326dde40507b1c96559416cf904301c3a21290fd02e
SHA512

39ffb913894d6fe7d6c1512719295a2cce7248eb7628c128e86966e1557ad007a561bd8b9637dce85ee9894e690509330fa365757679c5f8003ecc9736f2982d
SSDEEP

196608:FWdSwLD69V5u9tpKqmooPlTvyjtpMW4Xk:UdSKyTu9SqqtvyXak

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IT部门管理系统V4.0 免费版/IT部门管理系统/IT部门管理系统.exe
unpack001/IT部门管理系统V4.0 免费版/IT部门管理系统/Interop.Excel.dll
unpack001/IT部门管理系统V4.0 免费版/IT部门管理系统/a.dll
unpack001/IT部门管理系统V4.0 免费版/IT部门管理系统/a64.dll
unpack001/IT部门管理系统V4.0 免费版/IT部门管理系统/bc.dll
unpack001/IT部门管理系统V4.0 免费版/IT部门管理系统/dataBakRec.exe
unpack001/IT部门管理系统V4.0 免费版/IT部门管理系统/run.dll

Files

ca26434ef89e4a4403e44616ce55d1d1
.rar
IT部门管理系统V4.0 免费版/IT部门管理系统软件界面截图.jpg
.jpg
IT部门管理系统V4.0 免费版/IT部门管理系统/IT部门管理系统.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IT部门管理系统V4.0 免费版/IT部门管理系统/IT部门管理系统.exe.config
IT部门管理系统V4.0 免费版/IT部门管理系统/IT部门管理系统.pdb
IT部门管理系统V4.0 免费版/IT部门管理系统/IT部门管理系统.vshost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:52:5b:27:4a:e4:b3:3f:6b:cd:4c:35:4c:f1:36:f8:a2:85:c0:c5
Signer

Actual PE Digest

38:52:5b:27:4a:e4:b3:3f:6b:cd:4c:35:4c:f1:36:f8:a2:85:c0:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\dd\vsproject\vshost\vshostneutral\objr\i386\vshost.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IT部门管理系统V4.0 免费版/IT部门管理系统/IT部门管理系统.vshost.exe.config
IT部门管理系统V4.0 免费版/IT部门管理系统/IT部门管理系统.vshost.exe.manifest
IT部门管理系统V4.0 免费版/IT部门管理系统/Interop.Excel.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IT部门管理系统V4.0 免费版/IT部门管理系统/RuntimeError.log
IT部门管理系统V4.0 免费版/IT部门管理系统/System.Data.SqlServerCe.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1e:a3:68:92:a0:05:20:dd:d0:57:91:a5:81:f7:59:64:bb:0a:0d:43
Signer

Actual PE Digest

1e:a3:68:92:a0:05:20:dd:d0:57:91:a5:81:f7:59:64:bb:0a:0d:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Data.SqlServerCe.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IT部门管理系统V4.0 免费版/IT部门管理系统/Thumbs.db
IT部门管理系统V4.0 免费版/IT部门管理系统/a.dll
.dll windows:4 windows x86 arch:x86

9797f0bc8bd5fa13ea39daaec6ee04fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy
FindFirstFileA

version

VerQueryValueA

psapi

GetModuleInformation

iphlpapi

GetAdaptersInfo

user32

DestroyMenu

gdi32

ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA

advapi32

RegEnumKeyA

comctl32

ord17

shlwapi

PathFindExtensionA

oleaut32

VariantChangeType

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
GetModuleBase
MainDLL
_CorExeMain

Sections

.text
Size: 112KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IT部门管理系统V4.0 免费版/IT部门管理系统/a64.dll
.dll windows:4 windows x64 arch:x64

68f10cbba5fb9bf38383210562853137

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

h:\MyProduct\MaxtoCode\MaxtoCode\SRC\MaxtoCode 3.10\AttickNew64\x64\Release\Attick64.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

EnumProcessModules
GetModuleInformation

iphlpapi

GetAdaptersInfo

kernel32

DeleteCriticalSection
TlsFree
SetErrorMode
WritePrivateProfileStringA
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
FlsSetValue
GetCommandLineA
GetProcessHeap
RaiseException
RtlPcToFileHeader
ExitProcess
LocalReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
FlsGetValue
FlsFree
FlsAlloc
Sleep
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetThreadLocale
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GetSystemTime
ResumeThread
GetCurrentThreadId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenThread
SuspendThread
WriteProcessMemory
VirtualProtectEx
SetFilePointer
ReadFile
GetVersionExA
GetCurrentProcess
SetPriorityClass
CreateFileA
DeviceIoControl
GetCurrentProcessId
OpenProcess
GetModuleFileNameA
CloseHandle
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
TerminateProcess
GetModuleHandleA
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion

user32

DestroyMenu
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
AdjustWindowRectEx
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
GetSystemMetrics
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetTimer
MessageBoxA
CharUpperA
GetWindow

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenEventLogA
ReportEventA
CloseEventLog

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
MainDLL

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IT部门管理系统V4.0 免费版/IT部门管理系统/bc.dll
.dll windows:4 windows x86 arch:x86

9797f0bc8bd5fa13ea39daaec6ee04fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy
FindFirstFileA

version

VerQueryValueA

psapi

GetModuleInformation

iphlpapi

GetAdaptersInfo

user32

DestroyMenu

gdi32

ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA

advapi32

RegEnumKeyA

comctl32

ord17

shlwapi

PathFindExtensionA

oleaut32

VariantChangeType

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
GetModuleBase
MainDLL
_CorExeMain

Sections

.text
Size: 112KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IT部门管理系统V4.0 免费版/IT部门管理系统/d.ini
IT部门管理系统V4.0 免费版/IT部门管理系统/dataBakRec.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IT部门管理系统V4.0 免费版/IT部门管理系统/dataBakRec.pdb
IT部门管理系统V4.0 免费版/IT部门管理系统/dataBakRec.vshost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:52:5b:27:4a:e4:b3:3f:6b:cd:4c:35:4c:f1:36:f8:a2:85:c0:c5
Signer

Actual PE Digest

38:52:5b:27:4a:e4:b3:3f:6b:cd:4c:35:4c:f1:36:f8:a2:85:c0:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\dd\vsproject\vshost\vshostneutral\objr\i386\vshost.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IT部门管理系统V4.0 免费版/IT部门管理系统/dataBakRec.vshost.exe.manifest
IT部门管理系统V4.0 免费版/IT部门管理系统/dataCon.ini
IT部门管理系统V4.0 免费版/IT部门管理系统/gg.ini
IT部门管理系统V4.0 免费版/IT部门管理系统/helpfile.CHM
.chm
IT部门管理系统V4.0 免费版/IT部门管理系统/itSysVer_update.ini
IT部门管理系统V4.0 免费版/IT部门管理系统/path.ini
IT部门管理系统V4.0 免费版/IT部门管理系统/run.dll
.dll windows:4 windows x86 arch:x86

9797f0bc8bd5fa13ea39daaec6ee04fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy
FindFirstFileA

version

VerQueryValueA

psapi

GetModuleInformation

iphlpapi

GetAdaptersInfo

user32

DestroyMenu

gdi32

ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA

advapi32

RegEnumKeyA

comctl32

ord17

shlwapi

PathFindExtensionA

oleaut32

VariantChangeType

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
GetModuleBase
MainDLL
_CorExeMain

Sections

.text
Size: 112KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IT部门管理系统V4.0 免费版/IT部门管理系统/user.ini
IT部门管理系统V4.0 免费版/IT部门管理系统/ver.ini
IT部门管理系统V4.0 免费版/IT部门管理系统/zcm.ini
IT部门管理系统V4.0 免费版/Thumbs.db
IT部门管理系统V4.0 免费版/sql数据库语句1.sql
IT部门管理系统V4.0 免费版/sql数据库语句2.sql
IT部门管理系统V4.0 免费版/天狼软件官方网.url
IT部门管理系统V4.0 免费版/安装使用有问题可联系我 QQ：1667131719.txt
IT部门管理系统V4.0 免费版/安装注意事项.mht
.doc .eml office polyglot
IT部门管理系统V4.0 免费版/导入格式/商家管理.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/固定资产.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/姓名.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/库存.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/座机号码.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/座机管理.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/手机号码.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/手机管理.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/维修资料.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/维护日志.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/设备借用.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/设备采购.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/导入格式/账号管理.xls
.xls windows office2003
IT部门管理系统V4.0 免费版/数据库升级方法.doc
.doc windows office2003
IT部门管理系统V4.0 免费版/新云软件.url
.url
IT部门管理系统V4.0 免费版/本软件适用于企业网管.txt
IT部门管理系统V4.0 免费版/程序升级方法.txt
IT部门管理系统V4.0 免费版/视频演示.url

Sharing

Errors

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 464KB - Virtual size: 464KB

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

38:52:5b:27:4a:e4:b3:3f:6b:cd:4c:35:4c:f1:36:f8:a2:85:c0:c5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

1e:a3:68:92:a0:05:20:dd:d0:57:91:a5:81:f7:59:64:bb:0a:0d:43Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 204KB - Virtual size: 201KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 464KB - Virtual size: 464KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

38:52:5b:27:4a:e4:b3:3f:6b:cd:4c:35:4c:f1:36:f8:a2:85:c0:c5
Signer

.text
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 4KB - Virtual size: 12B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

1e:a3:68:92:a0:05:20:dd:d0:57:91:a5:81:f7:59:64:bb:0a:0d:43
Signer

.text
Size: 204KB - Virtual size: 201KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 112KB - Virtual size: 248KB

.rsrc
Size: 20KB - Virtual size: 17KB

.idata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 648KB

.data
Size: 468KB - Virtual size: 468KB

.data
Size: 4KB - Virtual size: 4KB

.text
Size: 311KB - Virtual size: 310KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 14KB - Virtual size: 47KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 4KB