Compressed1[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Compressed1.rar
Size

8.5MB
MD5

80c1beed9b62e60b5083e17d10d54460
SHA1

1334d14f14470cb5c812f6be8b01f6f0a89847cb
SHA256

f5078862045a95f0167ff1292e8adeca6a9f3cea3b87e25d80e09a0095f65112
SHA512

0ef38d8c0ec6fa87e3e0b725de605244cb70d7c802ab4dea8fc114640884f8c0a46bb627179f17ad06c1caccfc1b333c8766940ecf3b171b87da7df591eb7822
SSDEEP

196608:KwB89REBFB1nfNaVYncJOHl88FCjVMApz3jq/xYg+ven7Ab1:KwBiRiH1YOncJOmzlG/mgie7Ab1

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Compressed1/2024财务补贴.exe
unpack001/Compressed1/dwms.exe
unpack001/Compressed1/geek.exe
unpack001/Compressed1/名单（密码123）.exe
unpack001/Compressed1/注意事项 .exe
unpack001/Compressed1/财务申报指南.exe

Files

Compressed1.rar
.rar
Compressed1/2024财务补贴.exe
.exe windows:6 windows x86 arch:x86

680b001e2c26b86fd4a9d21bee407201

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\tightvnc-2.8.81-gpl\Release\tvnserver.pdb

Imports

user32

ExitWindowsEx
LockWorkStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetMessageW
DefWindowProcW
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
SetThreadDesktop
GetThreadDesktop
CloseDesktop
OpenInputDesktop
GetUserObjectInformationW
FindWindowW
UnregisterClassW
MoveWindow
DestroyWindow
CreateWindowExW
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
EnumChildWindows
SetTimer
KillTimer
MessageBoxA
GetDlgItem
PostMessageW
TrackPopupMenu
GetSubMenu
SetMenuDefaultItem
RemoveMenu
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
LoadIconW
MapWindowPoints
SendMessageW
MessageBoxW
OpenDesktopW
LoadMenuW
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
GetClientRect

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

kernel32

RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
SwitchToThread
CreateThread
ResumeThread
RtlUnwind
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
MoveFileW
DeleteFileW
CreatePipe
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WriteFile
ReadFile
LocalAlloc
DisconnectNamedPipe
MapViewOfFile
CreateFileMappingW
OpenThread
OpenProcess
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
WaitForSingleObject
GetComputerNameW
GetVersionExW
GetModuleFileNameW
GetExitCodeProcess
CreateProcessW
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
GetLastError
FormatMessageW
UnmapViewOfFile
LocalFree
ProcessIdToSessionId
VirtualProtect
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
FreeResource
CreateMutexW
ReleaseMutex
DuplicateHandle
FreeLibrary
GetProcAddress
SetHandleInformation
GetEnvironmentStringsW

advapi32

CreateProcessAsUserW
ReportEventW
ImpersonateLoggedOnUser
DuplicateToken
DeregisterEventSource
RevertToSelf
ImpersonateNamedPipeClient
CopySid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityInfo
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegisterEventSourceW

shell32

ord680
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathW
Shell_NotifyIconW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

accept
bind
closesocket
select
shutdown
listen
getpeername
getsockname
send
htons
inet_ntoa
recv
ioctlsocket
setsockopt
inet_addr
WSACleanup
WSAStartup
WSAGetLastError
htonl
gethostname
ntohs
ntohl
__WSAFDIsSet
gethostbyname
socket
connect

comctl32

InitCommonControlsEx

gdi32

CreateDCW
ExtEscape
GetBitmapBits
GetCurrentObject
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
GetObjectW
GetDIBits

Sections

.text
Size: 775KB - Virtual size: 775KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Compressed1/dwms.exe
.exe windows:6 windows x64 arch:x64

e45a59c002268da2193664eaf2168b32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualProtect
VirtualAlloc
GetModuleFileNameW
WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LocalFree
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ReadFile
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetFileSizeEx
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapReAlloc
RtlUnwind

oleaut32

SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Compressed1/geek.exe
.exe windows:4 windows x64 arch:x64

1a6c012a6d11c9c178e8cb409806c2f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetProcessHeap
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
HeapWalk
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
lstrcmpiW
lstrlenW

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_initterm
_lock
_lseeki64
_onexit
_read
_strnicmp
_unlock
_write
_write
abort
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getwc
isspace
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putwc
rand
realloc
setlocale
setvbuf
signal
sprintf
srand
strcmp
strcoll
strerror
strftime
strlen
strncmp
strtoul
strxfrm
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest

Sections

.text
Size: 873KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 505B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Compressed1/名单（密码123）.exe
.exe windows:5 windows x86 arch:x86

e8530c52079d8af6782841531ff79cfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
FreeLibrary
lstrcmpW
MultiByteToWideChar
DeactivateActCtx
ActivateActCtx
GetLocaleInfoW
GlobalUnlock
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
SetThreadPriority
ResumeThread
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GlobalAddAtomW
GetCurrentProcessId
FreeResource
lstrcpyW
CompareStringW
GetVersionExW
GlobalFindAtomW
ReleaseActCtx
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCurrentDirectoryW
GlobalFlags
DeleteFileW
GetThreadLocale
lstrcmpiW
CreateFileW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
lstrlenA
GlobalGetAtomNameW
FileTimeToSystemTime
CopyFileW
GetFileAttributesExW
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetTempFileNameW
GetTempPathW
GetWindowsDirectoryW
GetNumberFormatW
GetProfileIntW
SearchPathW
VirtualProtect
FindResourceExW
RtlUnwind
RaiseException
ExitThread
DecodePointer
EncodePointer
HeapSetInformation
GetStartupInfoW
ExitProcess
HeapReAlloc
HeapQueryInformation
HeapSize
GetSystemTimeAsFileTime
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
LCMapStringW
GetConsoleCP
GetConsoleMode
WriteConsoleW
SetEnvironmentVariableA
LocalFree
MulDiv
GlobalSize
GlobalAlloc
GlobalLock
OpenProcess
GetExitCodeProcess
WriteProcessMemory
VirtualAlloc
LoadResource
LockResource
SizeofResource
FindResourceW
GetCommandLineA
GetModuleHandleW
CreateMutexW
GetConsoleWindow
CreateThread
GetModuleFileNameW
GetTickCount
TryEnterCriticalSection
SetWaitableTimer
CreateWaitableTimerW
ResetEvent
lstrlenW
WideCharToMultiByte
CancelIo
CreateEventW
InterlockedExchange
SetLastError
GetCurrentThreadId
SwitchToThread
GetLastError
FormatMessageW
SetEvent
WaitForSingleObject
Sleep
CloseHandle
CreateEventA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
LoadLibraryW
GetProcAddress
GetSystemDefaultUILanguage
VirtualFree

user32

SetLayeredWindowAttributes
SetCapture
WindowFromPoint
ReleaseCapture
WaitMessage
DestroyIcon
CharUpperW
CharNextW
OffsetRect
CopyAcceleratorTableW
IsRectEmpty
SetRect
IntersectRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
LoadMenuW
SetWindowRgn
RedrawWindow
NotifyWinEvent
GetAsyncKeyState
IsZoomed
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
CreatePopupMenu
SetMenuDefaultItem
GetMenuDefaultItem
SetParent
DestroyAcceleratorTable
SetClassLongW
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
ToUnicodeEx
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetCursorPos
BringWindowToTop
LockWindowUpdate
TranslateAcceleratorW
InsertMenuItemW
LoadImageW
ReuseDDElParam
UnpackDDElParam
InvertRect
HideCaret
GetIconInfo
CopyImage
RegisterClipboardFormatW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
FrameRect
CopyIcon
CharUpperBuffW
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
DestroyCursor
GetWindowRgn
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
EnumDisplayMonitors
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
GetClassNameW
InvalidateRect
UpdateWindow
DrawStateW
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
UnhookWindowsHookEx
ClientToScreen
PtInRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
RegisterWindowMessageW
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
GetInputState
PostThreadMessageA
ShowWindow
GetSystemMetrics
DrawIcon
AppendMenuW
SendMessageW
GetSystemMenu
IsIconic
GetWindowRect
GetClientRect
ScreenToClient
GetDC
EnableWindow
LoadIconW
SetRectEmpty
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
GetSysColorBrush
LoadCursorW
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
MoveWindow
SetWindowTextW
IsDialogMessageW
ScrollWindow
SetPropW

gdi32

GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreateRoundRectRgn
CreateDIBSection
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
CopyMetaFileW
CreateDCW
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
CreateRectRgnIndirect
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SelectObject
CreateCompatibleBitmap
CreateDIBitmap
GetTextExtentPoint32W
CreateFontIndirectW
CreateHatchBrush
CreateSolidBrush
SetTextAlign
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetObjectW
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetTextColor
GetDeviceCaps
SetPixelV
GetTextFaceW
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
SetPaletteEntries
ExtFloodFill
EnumFontFamiliesExW
Rectangle
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
SetWindowOrgEx

advapi32

RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyW

msimg32

AlphaBlend
TransparentBlt

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ws2_32

WSASetLastError
WSAEnumNetworkEvents
WSACloseEvent
shutdown
WSAResetEvent
WSACreateEvent
WSAWaitForMultipleEvents
WSAGetLastError
WSAStartup
WSACleanup
closesocket
setsockopt
WSAIoctl
connect
htons
gethostbyname
socket
recv
select
send
WSAEventSelect

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

winmm

PlaySoundW
timeGetTime

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comdlg32

GetFileTitleW

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
DragFinish
DragQueryFileW
SHAppBarMessage
SHGetSpecialFolderLocation

ole32

OleTranslateAccelerator
IsAccelerator
OleLockRunning
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CLSIDFromProgID
OleDestroyMenuDescriptor
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
OleCreateMenuDescriptor
CoTaskMemFree
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoInitializeEx
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CoCreateInstance
CoUninitialize
CLSIDFromString

oleaut32

VariantClear
VariantChangeType
VariantInit
SysStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocStringLen
SysAllocString
VariantCopy
VarBstrFromDate
SysFreeString

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Compressed1/注意事项 .exe
.exe windows:6 windows x64 arch:x64

6b79a3d949467376b0931413a9a20f07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateSemaphoreA
CreateThread
CreateWaitableTimerA
CreateWaitableTimerExW
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FormatMessageA
FreeEnvironmentStringsW
GetAtomNameA
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetHandleInformation
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetLastError
SetProcessAffinityMask
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_setjmp
_strdup
_ultoa
_unlock
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen

ole32

CoCreateInstance
CoInitializeEx

Exports

Exports

_cgo_dummy_export

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 409KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Compressed1/财务申报指南.exe
.exe windows:6 windows x86 arch:x86

680b001e2c26b86fd4a9d21bee407201

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TvnServer.pdb

Imports

user32

ExitWindowsEx
LockWorkStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetMessageW
DefWindowProcW
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
SetThreadDesktop
GetThreadDesktop
CloseDesktop
OpenInputDesktop
GetUserObjectInformationW
FindWindowW
UnregisterClassW
MoveWindow
DestroyWindow
CreateWindowExW
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
EnumChildWindows
SetTimer
KillTimer
MessageBoxA
GetDlgItem
PostMessageW
TrackPopupMenu
GetSubMenu
SetMenuDefaultItem
RemoveMenu
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
LoadIconW
MapWindowPoints
SendMessageW
MessageBoxW
OpenDesktopW
LoadMenuW
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
GetClientRect

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

kernel32

RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
SwitchToThread
CreateThread
ResumeThread
RtlUnwind
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
MoveFileW
DeleteFileW
CreatePipe
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WriteFile
ReadFile
LocalAlloc
DisconnectNamedPipe
MapViewOfFile
CreateFileMappingW
OpenThread
OpenProcess
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
WaitForSingleObject
GetComputerNameW
GetVersionExW
GetModuleFileNameW
GetExitCodeProcess
CreateProcessW
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
GetLastError
FormatMessageW
UnmapViewOfFile
LocalFree
ProcessIdToSessionId
VirtualProtect
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
FreeResource
CreateMutexW
ReleaseMutex
DuplicateHandle
FreeLibrary
GetProcAddress
SetHandleInformation
GetEnvironmentStringsW

advapi32

CreateProcessAsUserW
ReportEventW
ImpersonateLoggedOnUser
DuplicateToken
DeregisterEventSource
RevertToSelf
ImpersonateNamedPipeClient
CopySid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityInfo
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegisterEventSourceW

shell32

ord680
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathW
Shell_NotifyIconW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

accept
bind
closesocket
select
shutdown
listen
getpeername
getsockname
send
htons
inet_ntoa
recv
ioctlsocket
setsockopt
inet_addr
WSACleanup
WSAStartup
WSAGetLastError
htonl
gethostname
ntohs
ntohl
__WSAFDIsSet
gethostbyname
socket
connect

comctl32

InitCommonControlsEx

gdi32

CreateDCW
ExtEscape
GetBitmapBits
GetCurrentObject
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
GetObjectW
GetDIBits

Sections

.text
Size: 775KB - Virtual size: 775KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Compressed1/阿里巴巴集团招聘平台部分JD信息2024_Talent.Alibaba-inc.exe
.exe windows:4 windows x64 arch:x64

8f6ad62a33a89fad40981d224725251e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:a8:1d:3b:96:27:0d:9a:1d:eb:07:cd:88:67:d0:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-10-2021 00:00

Not After

16-10-2024 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=珠海市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:a8:1d:3b:96:27:0d:9a:1d:eb:07:cd:88:67:d0:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-10-2021 00:00

Not After

16-10-2024 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=珠海市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:4e:06:17:56:70:6f:73:94:61:e7:c5:e5:34:ad:75:34:2c:d7:f4:94:72:38:b1:ad:96:c6:41:b0:b0:a2:5c
Signer

Actual PE Digest

c0:4e:06:17:56:70:6f:73:94:61:e7:c5:e5:34:ad:75:34:2c:d7:f4:94:72:38:b1:ad:96:c6:41:b0:b0:a2:5c

Digest Algorithm

sha256

PE Digest Matches

false

72:5c:88:ca:fe:4e:25:65:dd:fd:40:c0:f0:fd:04:90:56:8b:b3:bb
Signer

Actual PE Digest

72:5c:88:ca:fe:4e:25:65:dd:fd:40:c0:f0:fd:04:90:56:8b:b3:bb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

AddFontResourceExA
BitBlt
CombineRgn
CreateBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectA
CreateRectRgn
CreateRectRgnIndirect
DeleteDC
DeleteObject
EnumFontFamiliesExA
ExcludeClipRect
GetDeviceCaps
GetGlyphIndicesA
GetGlyphOutlineA
GetKerningPairsA
GetObjectA
GetOutlineTextMetricsA
GetRegionData
GetTextMetricsA
RemoveFontResourceExA
RestoreDC
SaveDC
SelectObject
SetBrushOrgEx
SetMapMode
SetMapperFlags
SetStretchBltMode
StretchBlt
StretchDIBits

kernel32

CloseHandle
CreateProcessW
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
EnumSystemFirmwareTables
ExitThread
FormatMessageA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetTimeZoneInformation
InitializeConditionVariable
InitializeCriticalSection
LeaveCriticalSection
LocalFree
MultiByteToWideChar
RaiseException
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte

api-ms-win-crt-convert-l1-1-0

mbrtowc
strtoul
wcrtomb

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___mb_cur_max_func
localeconv
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-private-l1-1-0

__C_specific_handler
memchr
memcmp
memcpy
memmove
strchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
_fileno
_fseeki64
_ftelli64
_lseeki64
_read
_wfopen
_write
fclose
fflush
fopen
fputc
fputs
fread
fwrite
getc
getwc
putc
putwc
setvbuf
ungetc
ungetwc

api-ms-win-crt-string-l1-1-0

iswctype
memset
strcmp
strcoll
strlen
strncmp
strxfrm
towlower
towupper
wcscoll
wcslen
wcsxfrm

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset
strftime
wcsftime

api-ms-win-crt-utility-l1-1-0

rand_s

user32

CallNextHookEx
CreateIconIndirect
DestroyCursor
DestroyIcon
DrawIcon
EnumChildWindows
EnumDisplayMonitors
GetAncestor
GetDesktopWindow
GetIconInfo
GetMonitorInfoA
GetParent
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetWindowInfo
GetWindowLongA
LoadCursorA
LoadIconA
MapWindowPoints
MessageBoxW
MonitorFromWindow
SetCaretPos
SetWindowLongA
SetWindowsHookExA
ShowCaret
ShowWindow
SystemParametersInfoA
UnhookWindowsHookEx
WindowFromPoint

Sections

.text
Size: 784KB - Virtual size: 784KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 495B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

680b001e2c26b86fd4a9d21bee407201

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

winmm

psapi

kernel32

advapi32

shell32

version

ws2_32

comctl32

gdi32

Sections

.text Size: 775KB - Virtual size: 775KB

.rdata Size: 580KB - Virtual size: 579KB

.data Size: 17KB - Virtual size: 19KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 48KB - Virtual size: 48KB

e45a59c002268da2193664eaf2168b32

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 3KB - Virtual size: 3KB

1a6c012a6d11c9c178e8cb409806c2f3

Headers

File Characteristics

Imports

kernel32

msvcrt

winhttp

Sections

.text Size: 873KB - Virtual size: 872KB

.data Size: 12KB - Virtual size: 11KB

.rdata Size: 57KB - Virtual size: 57KB

.pdata Size: 43KB - Virtual size: 43KB

.xdata Size: 51KB - Virtual size: 50KB

.bss Size: - Virtual size: 5KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

/4 Size: 512B - Virtual size: 176B

/19 Size: 63KB - Virtual size: 62KB

/31 Size: 3KB - Virtual size: 2KB

/45 Size: 6KB - Virtual size: 5KB

/57 Size: 2KB - Virtual size: 1KB

/70 Size: 512B - Virtual size: 505B

/81 Size: 11KB - Virtual size: 10KB

/92 Size: 2KB - Virtual size: 2KB

.rsrc Size: 4.1MB - Virtual size: 4.1MB

e8530c52079d8af6782841531ff79cfa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msimg32

comctl32

shlwapi

oledlg

.text
Size: 775KB - Virtual size: 775KB

.rdata
Size: 580KB - Virtual size: 579KB

.data
Size: 17KB - Virtual size: 19KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 48KB - Virtual size: 48KB

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 873KB - Virtual size: 872KB

.data
Size: 12KB - Virtual size: 11KB

.rdata
Size: 57KB - Virtual size: 57KB

.pdata
Size: 43KB - Virtual size: 43KB

.xdata
Size: 51KB - Virtual size: 50KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 512B - Virtual size: 176B

/19
Size: 63KB - Virtual size: 62KB

/31
Size: 3KB - Virtual size: 2KB

/45
Size: 6KB - Virtual size: 5KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 512B - Virtual size: 505B

/81
Size: 11KB - Virtual size: 10KB

/92
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 280KB - Virtual size: 279KB

.data
Size: 27KB - Virtual size: 64KB

.rsrc
Size: 125KB - Virtual size: 125KB

.reloc
Size: 165KB - Virtual size: 165KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 326KB - Virtual size: 326KB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.pdata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 409KB

.edata
Size: 512B - Virtual size: 78B

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 74KB - Virtual size: 73KB

.text
Size: 775KB - Virtual size: 775KB

.rdata
Size: 580KB - Virtual size: 579KB

.data
Size: 17KB - Virtual size: 19KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 48KB - Virtual size: 48KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate