Phishing[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Phishing.rar
Size

3.3MB
MD5

077f20940768ecec7950ad73a633510e
SHA1

230d90fda77506d05b432fcd6247cda3e9fe9a7a
SHA256

73486e4c6bf83fa95090d952b7d63de98f94de6afbcbe84d49af4df0fa413728
SHA512

6505c9671c7fcca8f987ba75f8c472c979df26ff44a2e428703d92946d4e14142d5dfed2abd5a3979b6d3a967fad0625f204abc081bb2d5628c800d46f423947
SSDEEP

98304:pUWBZqQmw1fNKtVfpLfNKtLggx/UWBZqQSXTdr3px7gGL7R:p73qU1fN6VftfN6Lh/73qPRVxDR

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/word4.exe.vir
unpack001/word5.exe.vir
unpack001/财务补贴.exe.vir

Files

Phishing.rar
.rar
word.exe.vir
.exe windows:6 windows x86 arch:x86

d3caef1a9a5734e3fb42edeaef3bf7dc

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:d1:ff:7f:90:74:f8:05:11:fe:0f:df:e0:07:7f:3f:49:f7:f6:7e:28:6e:c8:6b:86:bb:a9:e2:8d:5b:52:b6
Signer

Actual PE Digest

3c:d1:ff:7f:90:74:f8:05:11:fe:0f:df:e0:07:7f:3f:49:f7:f6:7e:28:6e:c8:6b:86:bb:a9:e2:8d:5b:52:b6

Digest Algorithm

sha256

PE Digest Matches

false

3c:d1:ff:7f:90:74:f8:05:11:fe:0f:df:e0:07:7f:3f:49:f7:f6:7e:28:6e:c8:6b:86:bb:a9:e2:8d:5b:52:b6
Signer

Actual PE Digest

3c:d1:ff:7f:90:74:f8:05:11:fe:0f:df:e0:07:7f:3f:49:f7:f6:7e:28:6e:c8:6b:86:bb:a9:e2:8d:5b:52:b6

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WriteFile
ReadFile
LocalAlloc
DisconnectNamedPipe
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
DuplicateHandle
CreatePipe
SetHandleInformation
ReleaseMutex
CreateMutexW
SwitchToThread
CreateThread
ResumeThread
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
MoveFileW
DeleteFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
LoadLibraryW
OpenThread
OpenProcess
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
WaitForSingleObject
GetComputerNameW
GetVersionExW
GetModuleFileNameW
GetExitCodeProcess
CreateProcessW
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
GetLastError
GetModuleFileNameA
FormatMessageW
LocalFree
ProcessIdToSessionId
VirtualProtect
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
FreeResource
InitializeSListHead
GetUserDefaultUILanguage
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
GetEnvironmentStringsW

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

user32

SetForegroundWindow
RegisterWindowMessageW
RemoveMenu
SetMenuDefaultItem
GetSubMenu
TrackPopupMenu
PostMessageW
GetDlgItem
KillTimer
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
SetThreadDesktop
GetThreadDesktop
CloseDesktop
LoadIconW
GetCursorPos
OpenDesktopW
GetUserObjectInformationW
LoadMenuW
CloseClipboard
UnregisterClassW
SendMessageW
MapWindowPoints
MoveWindow
FindWindowW
ExitWindowsEx
LockWorkStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
EnumChildWindows
MessageBoxA
SetTimer
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
GetClientRect
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
OpenInputDesktop

advapi32

CreateProcessAsUserW
RegisterServiceCtrlHandlerW
ImpersonateLoggedOnUser
DuplicateToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RevertToSelf
ImpersonateNamedPipeClient
CopySid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityInfo
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
SetServiceStatus
StartServiceCtrlDispatcherW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
ord680
Shell_NotifyIconW
CommandLineToArgvW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostname
htonl
htons
__WSAFDIsSet
accept
bind
closesocket
select
shutdown
listen
ntohl
getsockname
inet_ntoa
socket
connect
recv
ioctlsocket
setsockopt
inet_addr
WSACleanup
WSAStartup
ntohs
gethostbyname
getpeername
WSAGetLastError
send

comctl32

InitCommonControlsEx

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
GetBitmapBits
ExtEscape
CreateDCW
GetCurrentObject
GetDIBits

Sections

.text
Size: 761KB - Virtual size: 760KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
word0.exe.vir
.exe windows:6 windows x86 arch:x86

e10efedd2e2f6f830308843be187be7f

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:c0:54:94:72:a6:ff:eb:18:83:fc:f8:9b:22:6f:a9:39:c8:8a:6f:cd:03:4d:2d:b9:c3:f7:cc:e0:97:35:ad
Signer

Actual PE Digest

7b:c0:54:94:72:a6:ff:eb:18:83:fc:f8:9b:22:6f:a9:39:c8:8a:6f:cd:03:4d:2d:b9:c3:f7:cc:e0:97:35:ad

Digest Algorithm

sha256

PE Digest Matches

false

7b:c0:54:94:72:a6:ff:eb:18:83:fc:f8:9b:22:6f:a9:39:c8:8a:6f:cd:03:4d:2d:b9:c3:f7:cc:e0:97:35:ad
Signer

Actual PE Digest

7b:c0:54:94:72:a6:ff:eb:18:83:fc:f8:9b:22:6f:a9:39:c8:8a:6f:cd:03:4d:2d:b9:c3:f7:cc:e0:97:35:ad

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

kernel32

RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
CreatePipe
SetHandleInformation
ReleaseMutex
CreateMutexW
SwitchToThread
ResumeThread
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
MoveFileW
DeleteFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WriteFile
ReadFile
LocalAlloc
GetProcAddress
LoadLibraryW
OpenThread
OpenProcess
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
WaitForSingleObject
GetComputerNameW
GetVersionExW
GetModuleFileNameW
GetExitCodeProcess
CreateProcessW
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
DisconnectNamedPipe
GetLastError
FormatMessageW
LocalFree
ProcessIdToSessionId
LoadLibraryA
VirtualProtect
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
DuplicateHandle
CreateThread
FreeLibrary
FreeResource

user32

GetUserObjectInformationW
CloseDesktop
OpenInputDesktop
OpenDesktopW
UnregisterClassW
GetThreadDesktop
MapWindowPoints
MoveWindow
FindWindowW
ExitWindowsEx
LockWorkStation
CloseWindowStation
SetProcessWindowStation
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
SendMessageW
OpenWindowStationW
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
EnumChildWindows
MessageBoxA
SetTimer
KillTimer
GetDlgItem
LoadMenuW
PostMessageW
TrackPopupMenu
GetSubMenu
SetMenuDefaultItem
RemoveMenu
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
SetThreadDesktop
LoadIconW
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
GetClientRect

advapi32

CreateProcessAsUserW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
ImpersonateNamedPipeClient
CopySid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityInfo
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW

shell32

SHGetSpecialFolderPathW
ord680
ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostbyname
ntohl
ntohs
gethostname
htonl
htons
__WSAFDIsSet
accept
bind
closesocket
select
shutdown
listen
inet_ntoa
getsockname
send
socket
connect
recv
ioctlsocket
setsockopt
inet_addr
WSACleanup
WSAStartup
WSAGetLastError
getpeername

comctl32

InitCommonControlsEx

gdi32

CreateDCW
ExtEscape
GetBitmapBits
GetCurrentObject
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
GetObjectW
GetDIBits

Sections

.text
Size: 757KB - Virtual size: 757KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
word1.exe.vir
.exe windows:6 windows x86 arch:x86

e10efedd2e2f6f830308843be187be7f

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:2f:85:9e:34:95:d7:79:93:70:82:a5:ae:04:6a:bb:39:47:b3:e5:32:fb:05:5b:b5:2e:8d:a7:51:78:36:9f
Signer

Actual PE Digest

a0:2f:85:9e:34:95:d7:79:93:70:82:a5:ae:04:6a:bb:39:47:b3:e5:32:fb:05:5b:b5:2e:8d:a7:51:78:36:9f

Digest Algorithm

sha256

PE Digest Matches

false

a0:2f:85:9e:34:95:d7:79:93:70:82:a5:ae:04:6a:bb:39:47:b3:e5:32:fb:05:5b:b5:2e:8d:a7:51:78:36:9f
Signer

Actual PE Digest

a0:2f:85:9e:34:95:d7:79:93:70:82:a5:ae:04:6a:bb:39:47:b3:e5:32:fb:05:5b:b5:2e:8d:a7:51:78:36:9f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

kernel32

RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
CreatePipe
SetHandleInformation
ReleaseMutex
CreateMutexW
SwitchToThread
ResumeThread
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
MoveFileW
DeleteFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WriteFile
ReadFile
LocalAlloc
GetProcAddress
LoadLibraryW
OpenThread
OpenProcess
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
WaitForSingleObject
GetComputerNameW
GetVersionExW
GetModuleFileNameW
GetExitCodeProcess
CreateProcessW
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
DisconnectNamedPipe
GetLastError
FormatMessageW
LocalFree
ProcessIdToSessionId
LoadLibraryA
VirtualProtect
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
DuplicateHandle
CreateThread
FreeLibrary
FreeResource

user32

GetUserObjectInformationW
CloseDesktop
OpenInputDesktop
OpenDesktopW
UnregisterClassW
GetThreadDesktop
MapWindowPoints
MoveWindow
FindWindowW
ExitWindowsEx
LockWorkStation
CloseWindowStation
SetProcessWindowStation
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
SendMessageW
OpenWindowStationW
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
EnumChildWindows
MessageBoxA
SetTimer
KillTimer
GetDlgItem
LoadMenuW
PostMessageW
TrackPopupMenu
GetSubMenu
SetMenuDefaultItem
RemoveMenu
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
SetThreadDesktop
LoadIconW
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
GetClientRect

advapi32

CreateProcessAsUserW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
ImpersonateNamedPipeClient
CopySid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityInfo
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW

shell32

SHGetSpecialFolderPathW
ord680
ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostbyname
ntohl
ntohs
gethostname
htonl
htons
__WSAFDIsSet
accept
bind
closesocket
select
shutdown
listen
inet_ntoa
getsockname
send
socket
connect
recv
ioctlsocket
setsockopt
inet_addr
WSACleanup
WSAStartup
WSAGetLastError
getpeername

comctl32

InitCommonControlsEx

gdi32

CreateDCW
ExtEscape
GetBitmapBits
GetCurrentObject
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
GetObjectW
GetDIBits

Sections

.text
Size: 757KB - Virtual size: 757KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
word2.exe.vir
.exe windows:6 windows x86 arch:x86

e10efedd2e2f6f830308843be187be7f

Code Sign

ff:f7:ca:8b:5e:ea:fd:32:e4:de:3b:6c:44:f5:11:93
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/07/2020, 00:00

Not After

10/07/2023, 23:59

Subject

CN=GLAVSOFT\, OOO,O=GLAVSOFT\, OOO,POSTALCODE=634021,STREET=d. 132 kv. 82\, ul. Altaiskaya,L=Tomsk,ST=Tomskaya oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a5:6c:50:29:f2:fc:12:71:82:ca:97:c2:aa:00:c4:48:58:9a:7a:be
Signer

Actual PE Digest

a5:6c:50:29:f2:fc:12:71:82:ca:97:c2:aa:00:c4:48:58:9a:7a:be

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

kernel32

RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
CreatePipe
SetHandleInformation
ReleaseMutex
CreateMutexW
SwitchToThread
ResumeThread
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
MoveFileW
DeleteFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WriteFile
ReadFile
LocalAlloc
GetProcAddress
LoadLibraryW
OpenThread
OpenProcess
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
WaitForSingleObject
GetComputerNameW
GetVersionExW
GetModuleFileNameW
GetExitCodeProcess
CreateProcessW
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
DisconnectNamedPipe
GetLastError
FormatMessageW
LocalFree
ProcessIdToSessionId
LoadLibraryA
VirtualProtect
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
DuplicateHandle
CreateThread
FreeLibrary
FreeResource

user32

GetUserObjectInformationW
CloseDesktop
OpenInputDesktop
OpenDesktopW
UnregisterClassW
GetThreadDesktop
MapWindowPoints
MoveWindow
FindWindowW
ExitWindowsEx
LockWorkStation
CloseWindowStation
SetProcessWindowStation
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
SendMessageW
OpenWindowStationW
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
EnumChildWindows
MessageBoxA
SetTimer
KillTimer
GetDlgItem
LoadMenuW
PostMessageW
TrackPopupMenu
GetSubMenu
SetMenuDefaultItem
RemoveMenu
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
SetThreadDesktop
LoadIconW
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
GetClientRect

advapi32

CreateProcessAsUserW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
ImpersonateNamedPipeClient
CopySid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityInfo
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW

shell32

SHGetSpecialFolderPathW
ord680
ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostbyname
ntohl
ntohs
gethostname
htonl
htons
__WSAFDIsSet
accept
bind
closesocket
select
shutdown
listen
inet_ntoa
getsockname
send
socket
connect
recv
ioctlsocket
setsockopt
inet_addr
WSACleanup
WSAStartup
WSAGetLastError
getpeername

comctl32

InitCommonControlsEx

gdi32

CreateDCW
ExtEscape
GetBitmapBits
GetCurrentObject
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
GetObjectW
GetDIBits

Sections

.text
Size: 757KB - Virtual size: 757KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
word3.exe.vir
.exe windows:6 windows x86 arch:x86

d3caef1a9a5734e3fb42edeaef3bf7dc

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:5d:fb:7e:19:ed:4b:3f:5c:34:ff:1b:d6:18:cb:7c:5e:08:eb:50:38:f9:94:22:a3:6c:f6:03:0c:93:b1:b4
Signer

Actual PE Digest

47:5d:fb:7e:19:ed:4b:3f:5c:34:ff:1b:d6:18:cb:7c:5e:08:eb:50:38:f9:94:22:a3:6c:f6:03:0c:93:b1:b4

Digest Algorithm

sha256

PE Digest Matches

false

47:5d:fb:7e:19:ed:4b:3f:5c:34:ff:1b:d6:18:cb:7c:5e:08:eb:50:38:f9:94:22:a3:6c:f6:03:0c:93:b1:b4
Signer

Actual PE Digest

47:5d:fb:7e:19:ed:4b:3f:5c:34:ff:1b:d6:18:cb:7c:5e:08:eb:50:38:f9:94:22:a3:6c:f6:03:0c:93:b1:b4

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WriteFile
ReadFile
LocalAlloc
DisconnectNamedPipe
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
DuplicateHandle
CreatePipe
SetHandleInformation
ReleaseMutex
CreateMutexW
SwitchToThread
CreateThread
ResumeThread
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
MoveFileW
DeleteFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
LoadLibraryW
OpenThread
OpenProcess
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
WaitForSingleObject
GetComputerNameW
GetVersionExW
GetModuleFileNameW
GetExitCodeProcess
CreateProcessW
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
GetLastError
GetModuleFileNameA
FormatMessageW
LocalFree
ProcessIdToSessionId
VirtualProtect
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
FreeResource
InitializeSListHead
GetUserDefaultUILanguage
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
GetEnvironmentStringsW

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

user32

SetForegroundWindow
RegisterWindowMessageW
RemoveMenu
SetMenuDefaultItem
GetSubMenu
TrackPopupMenu
PostMessageW
GetDlgItem
KillTimer
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
SetThreadDesktop
GetThreadDesktop
CloseDesktop
LoadIconW
GetCursorPos
OpenDesktopW
GetUserObjectInformationW
LoadMenuW
CloseClipboard
UnregisterClassW
SendMessageW
MapWindowPoints
MoveWindow
FindWindowW
ExitWindowsEx
LockWorkStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
EnumChildWindows
MessageBoxA
SetTimer
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
GetClientRect
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
OpenInputDesktop

advapi32

CreateProcessAsUserW
RegisterServiceCtrlHandlerW
ImpersonateLoggedOnUser
DuplicateToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RevertToSelf
ImpersonateNamedPipeClient
CopySid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityInfo
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
SetServiceStatus
StartServiceCtrlDispatcherW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
ord680
Shell_NotifyIconW
CommandLineToArgvW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostname
htonl
htons
__WSAFDIsSet
accept
bind
closesocket
select
shutdown
listen
ntohl
getsockname
inet_ntoa
socket
connect
recv
ioctlsocket
setsockopt
inet_addr
WSACleanup
WSAStartup
ntohs
gethostbyname
getpeername
WSAGetLastError
send

comctl32

InitCommonControlsEx

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
GetBitmapBits
ExtEscape
CreateDCW
GetCurrentObject
GetDIBits

Sections

.text
Size: 761KB - Virtual size: 760KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
word4.exe.vir
.exe windows:6 windows x86 arch:x86

0683bdeac23ac17b6c0ed7a885c27968

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WriteFile
ReadFile
LocalAlloc
DisconnectNamedPipe
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
DuplicateHandle
CreatePipe
SetHandleInformation
ReleaseMutex
CreateMutexW
SwitchToThread
CreateThread
ResumeThread
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
MoveFileW
DeleteFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
LoadLibraryW
OpenThread
OpenProcess
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
WaitForSingleObject
GetComputerNameW
GetVersionExW
GetModuleFileNameW
GetExitCodeProcess
CreateProcessW
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
GetLastError
GetUserDefaultUILanguage
FormatMessageW
LocalFree
ProcessIdToSessionId
VirtualProtect
GetModuleFileNameA
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
FreeResource
InitializeSListHead
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
GetEnvironmentStringsW

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

user32

SetForegroundWindow
RegisterWindowMessageW
RemoveMenu
SetMenuDefaultItem
GetSubMenu
TrackPopupMenu
PostMessageW
GetDlgItem
KillTimer
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
SetThreadDesktop
GetThreadDesktop
CloseDesktop
LoadIconW
GetCursorPos
OpenDesktopW
GetUserObjectInformationW
LoadMenuW
CloseClipboard
UnregisterClassW
SendMessageW
MapWindowPoints
MoveWindow
FindWindowW
ExitWindowsEx
LockWorkStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
EnumChildWindows
MessageBoxA
SetTimer
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
GetClientRect
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
OpenInputDesktop

advapi32

CreateProcessAsUserW
ImpersonateLoggedOnUser
DuplicateToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegisterServiceCtrlHandlerW
RevertToSelf
ImpersonateNamedPipeClient
CopySid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityInfo
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
SetServiceStatus
StartServiceCtrlDispatcherW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
ord680
Shell_NotifyIconW
CommandLineToArgvW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostname
htonl
htons
__WSAFDIsSet
accept
bind
closesocket
select
shutdown
listen
ntohl
getsockname
inet_ntoa
socket
connect
recv
ioctlsocket
setsockopt
inet_addr
WSACleanup
WSAStartup
ntohs
gethostbyname
getpeername
WSAGetLastError
send

comctl32

InitCommonControlsEx

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
GetBitmapBits
ExtEscape
CreateDCW
GetCurrentObject
GetDIBits

Sections

.text
Size: 758KB - Virtual size: 758KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
word5.exe.vir
.exe windows:6 windows x86 arch:x86

615196dbf46737aef74a5adb93671c7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
DuplicateHandle
WriteFile
ReadFile
LocalAlloc
RtlUnwind
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CreatePipe
SetHandleInformation
ReleaseMutex
CreateMutexW
SwitchToThread
CreateThread
ResumeThread
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
MoveFileW
DeleteFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
GetProcAddress
LoadLibraryW
OpenThread
OpenProcess
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
WaitForSingleObject
GetComputerNameW
GetVersionExW
GetModuleFileNameW
GetExitCodeProcess
CreateProcessW
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
GetUserDefaultUILanguage
GetLastError
FormatMessageW
LocalFree
ProcessIdToSessionId
VirtualProtect
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
FreeResource
DisconnectNamedPipe
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeSListHead
GetEnvironmentStringsW

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

user32

SetForegroundWindow
RegisterWindowMessageW
RemoveMenu
SetMenuDefaultItem
GetSubMenu
TrackPopupMenu
PostMessageW
GetDlgItem
MessageBoxA
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
SetThreadDesktop
GetThreadDesktop
CloseDesktop
LoadIconW
GetCursorPos
OpenDesktopW
GetUserObjectInformationW
LoadMenuW
CloseClipboard
UnregisterClassW
SendMessageW
MapWindowPoints
MoveWindow
FindWindowW
ExitWindowsEx
LockWorkStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
EnumChildWindows
SetTimer
KillTimer
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
GetClientRect
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
OpenInputDesktop

advapi32

CreateProcessAsUserW
ImpersonateLoggedOnUser
DuplicateToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegisterServiceCtrlHandlerW
RevertToSelf
ImpersonateNamedPipeClient
CopySid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityInfo
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
SetServiceStatus
StartServiceCtrlDispatcherW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
ord680
Shell_NotifyIconW
CommandLineToArgvW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostname
htonl
htons
__WSAFDIsSet
accept
bind
closesocket
select
shutdown
listen
ntohl
getsockname
inet_ntoa
socket
connect
recv
ioctlsocket
setsockopt
inet_addr
WSACleanup
WSAStartup
ntohs
gethostbyname
getpeername
WSAGetLastError
send

comctl32

InitCommonControlsEx

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
ExtEscape
CreateDCW
GetCurrentObject
GetDIBits
GetBitmapBits

Sections

.text
Size: 758KB - Virtual size: 758KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
财务补贴.exe.vir
.exe windows:6 windows x86 arch:x86

615196dbf46737aef74a5adb93671c7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
DuplicateHandle
WriteFile
ReadFile
LocalAlloc
RtlUnwind
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CreatePipe
SetHandleInformation
ReleaseMutex
CreateMutexW
SwitchToThread
CreateThread
ResumeThread
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
MoveFileW
DeleteFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
GetProcAddress
LoadLibraryW
OpenThread
OpenProcess
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
WaitForSingleObject
GetComputerNameW
GetVersionExW
GetModuleFileNameW
GetExitCodeProcess
CreateProcessW
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
GetUserDefaultUILanguage
GetLastError
FormatMessageW
LocalFree
ProcessIdToSessionId
VirtualProtect
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
FreeResource
DisconnectNamedPipe
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeSListHead
GetEnvironmentStringsW

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

user32

SetForegroundWindow
RegisterWindowMessageW
RemoveMenu
SetMenuDefaultItem
GetSubMenu
TrackPopupMenu
PostMessageW
GetDlgItem
MessageBoxA
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
SetThreadDesktop
GetThreadDesktop
CloseDesktop
LoadIconW
GetCursorPos
OpenDesktopW
GetUserObjectInformationW
LoadMenuW
CloseClipboard
UnregisterClassW
SendMessageW
MapWindowPoints
MoveWindow
FindWindowW
ExitWindowsEx
LockWorkStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
EnumChildWindows
SetTimer
KillTimer
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
GetClientRect
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
OpenInputDesktop

advapi32

CreateProcessAsUserW
ImpersonateLoggedOnUser
DuplicateToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegisterServiceCtrlHandlerW
RevertToSelf
ImpersonateNamedPipeClient
CopySid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityInfo
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
SetServiceStatus
StartServiceCtrlDispatcherW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
ord680
Shell_NotifyIconW
CommandLineToArgvW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostname
htonl
htons
__WSAFDIsSet
accept
bind
closesocket
select
shutdown
listen
ntohl
getsockname
inet_ntoa
socket
connect
recv
ioctlsocket
setsockopt
inet_addr
WSACleanup
WSAStartup
ntohs
gethostbyname
getpeername
WSAGetLastError
send

comctl32

InitCommonControlsEx

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
ExtEscape
CreateDCW
GetCurrentObject
GetDIBits
GetBitmapBits

Sections

.text
Size: 758KB - Virtual size: 758KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3caef1a9a5734e3fb42edeaef3bf7dc

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

3c:d1:ff:7f:90:74:f8:05:11:fe:0f:df:e0:07:7f:3f:49:f7:f6:7e:28:6e:c8:6b:86:bb:a9:e2:8d:5b:52:b6Signer

3c:d1:ff:7f:90:74:f8:05:11:fe:0f:df:e0:07:7f:3f:49:f7:f6:7e:28:6e:c8:6b:86:bb:a9:e2:8d:5b:52:b6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

psapi

user32

advapi32

shell32

version

ws2_32

comctl32

gdi32

Sections

.text Size: 761KB - Virtual size: 760KB

.rdata Size: 234KB - Virtual size: 233KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 204KB - Virtual size: 204KB

.reloc Size: 48KB - Virtual size: 47KB

e10efedd2e2f6f830308843be187be7f

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

7b:c0:54:94:72:a6:ff:eb:18:83:fc:f8:9b:22:6f:a9:39:c8:8a:6f:cd:03:4d:2d:b9:c3:f7:cc:e0:97:35:adSigner

7b:c0:54:94:72:a6:ff:eb:18:83:fc:f8:9b:22:6f:a9:39:c8:8a:6f:cd:03:4d:2d:b9:c3:f7:cc:e0:97:35:adSigner

Headers

DLL Characteristics

File Characteristics

Imports

winmm

psapi

kernel32

user32

advapi32

shell32

version

ws2_32

comctl32

gdi32

Sections

.text Size: 757KB - Virtual size: 757KB

.rdata Size: 233KB - Virtual size: 233KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 204KB - Virtual size: 204KB

.reloc Size: 47KB - Virtual size: 47KB

e10efedd2e2f6f830308843be187be7f

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

a0:2f:85:9e:34:95:d7:79:93:70:82:a5:ae:04:6a:bb:39:47:b3:e5:32:fb:05:5b:b5:2e:8d:a7:51:78:36:9fSigner

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

3c:d1:ff:7f:90:74:f8:05:11:fe:0f:df:e0:07:7f:3f:49:f7:f6:7e:28:6e:c8:6b:86:bb:a9:e2:8d:5b:52:b6
Signer

3c:d1:ff:7f:90:74:f8:05:11:fe:0f:df:e0:07:7f:3f:49:f7:f6:7e:28:6e:c8:6b:86:bb:a9:e2:8d:5b:52:b6
Signer

.text
Size: 761KB - Virtual size: 760KB

.rdata
Size: 234KB - Virtual size: 233KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 204KB - Virtual size: 204KB

.reloc
Size: 48KB - Virtual size: 47KB

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

7b:c0:54:94:72:a6:ff:eb:18:83:fc:f8:9b:22:6f:a9:39:c8:8a:6f:cd:03:4d:2d:b9:c3:f7:cc:e0:97:35:ad
Signer

7b:c0:54:94:72:a6:ff:eb:18:83:fc:f8:9b:22:6f:a9:39:c8:8a:6f:cd:03:4d:2d:b9:c3:f7:cc:e0:97:35:ad
Signer

.text
Size: 757KB - Virtual size: 757KB

.rdata
Size: 233KB - Virtual size: 233KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 204KB - Virtual size: 204KB

.reloc
Size: 47KB - Virtual size: 47KB

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a0:2f:85:9e:34:95:d7:79:93:70:82:a5:ae:04:6a:bb:39:47:b3:e5:32:fb:05:5b:b5:2e:8d:a7:51:78:36:9f
Signer

a0:2f:85:9e:34:95:d7:79:93:70:82:a5:ae:04:6a:bb:39:47:b3:e5:32:fb:05:5b:b5:2e:8d:a7:51:78:36:9f
Signer

.text
Size: 757KB - Virtual size: 757KB

.rdata
Size: 233KB - Virtual size: 233KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 204KB - Virtual size: 204KB

.reloc
Size: 47KB - Virtual size: 47KB

ff:f7:ca:8b:5e:ea:fd:32:e4:de:3b:6c:44:f5:11:93
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

a5:6c:50:29:f2:fc:12:71:82:ca:97:c2:aa:00:c4:48:58:9a:7a:be
Signer

.text
Size: 757KB - Virtual size: 757KB

.rdata
Size: 233KB - Virtual size: 233KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 47KB - Virtual size: 47KB

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate