D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Overview
overview
10Static
static
3H2345看�...17.exe
windows7-x64
10H2345看�...17.exe
windows10-2004-x64
10setup--客...��.exe
windows7-x64
7setup--客...��.exe
windows10-2004-x64
7setup查询版.exe
windows7-x64
1setup查询版.exe
windows10-2004-x64
1市场部_...00.exe
windows7-x64
7市场部_...00.exe
windows10-2004-x64
7截屏Sq2Q...-n.exe
windows7-x64
1截屏Sq2Q...-n.exe
windows10-2004-x64
1政企部_...00.exe
windows7-x64
7政企部_...00.exe
windows10-2004-x64
7碧水天�...��.exe
windows7-x64
1碧水天�...��.exe
windows10-2004-x64
1违规名单.exe
windows7-x64
3违规名单.exe
windows10-2004-x64
3
windows7-x64
9 signatures
150 seconds
windows10-2004-x64
13 signatures
150 seconds
Behavioral task
behavioral3
Sample
setup--客户端专业版.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
setup--客户端专业版.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
setup查询版.exe
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral6
Sample
setup查询版.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
市场部_导出_OA系统未办文件判断大于100_202405150935210000.exe
Resource
win7-20240221-en
windows7-x64
9 signatures
150 seconds
Behavioral task
behavioral8
Sample
市场部_导出_OA系统未办文件判断大于100_202405150935210000.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
9 signatures
150 seconds
Behavioral task
behavioral9
Sample
截屏Sq2Q1M1QNM566FJMMJ-n.exe
Resource
win7-20240215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral10
Sample
截屏Sq2Q1M1QNM566FJMMJ-n.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral11
Sample
政企部_导出_OA系统未办文件判断大于100_202405150930550000.exe
Resource
win7-20231129-en
windows7-x64
9 signatures
150 seconds
Behavioral task
behavioral12
Sample
政企部_导出_OA系统未办文件判断大于100_202405150930550000.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
9 signatures
150 seconds
Behavioral task
behavioral13
Sample
碧水天源_营业执照_扫描件水印版副本_202405171637(1).exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
碧水天源_营业执照_扫描件水印版副本_202405171637(1).exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
违规名单.exe
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral16
Sample
违规名单.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
22x.rar
-
Size
33.2MB
-
MD5
2417520903a9101b5b5c00e1dc5cb789
-
SHA1
bdb6d9ec6ffca5cddfa9885a5015fdc79c2ad943
-
SHA256
7183ca1b9a6bdcdfe3c09210f7aab154fde3fc6416f147791b0161ebf8a05f09
-
SHA512
b8e238f55f8924ac496cc925a20f59619e4793de358f7896301c844931143bcabfe5f1693863010afa61c0751f98e876c3b447347a5c04bd655a6476015244f0
-
SSDEEP
786432:+BRuZEERr+n/0xCJ0PKM4O3eVh7Gh28Fa8OUYujNKfRczHUtA1KnF:+BGEEd+n/sPqO3eVhiloVRP
Score
3/10
Malware Config
Signatures
-
Detects Pyinstaller 1 IoCs
resource yara_rule static1/unpack001/setup--客户端专业版.exe.vir pyinstaller -
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource unpack001/H2345看图王[email protected] unpack001/setup--客户端专业版.exe.vir unpack001/setup查询版.exe.vir unpack001/市场部_导出_OA系统未办文件判断大于100_202405150935210000.exe.vir unpack001/政企部_导出_OA系统未办文件判断大于100_202405150930550000.exe.vir unpack001/碧水天源_营业执照_扫描件水印版副本_202405171637(1).exe.vir unpack001/违规名单.exe.vir -
NSIS installer 1 IoCs
resource yara_rule static1/unpack001/违规名单.exe.vir nsis_installer_2
Files
-
22x.rar.rar
-
H2345看图王[email protected].exe windows:5 windows x64 arch:x64
b9bcccccf37e080bc28c98518f5cfe69
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
FindFirstFileExA
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
SetFilePointerEx
GetStdHandle
ExitProcess
GetFileType
QueryPerformanceFrequency
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
FindNextFileA
GetEnvironmentStringsW
IsValidCodePage
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateFileW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
Sleep
SearchPathA
GetProfileIntA
GetTickCount
GetTempFileNameA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
GetACP
GetVolumeInformationA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
CreateFileA
GetCPInfo
GetOEMCP
VirtualProtect
DeleteFileA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryA
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
ResumeThread
SetThreadPriority
WaitForSingleObject
SetEvent
CloseHandle
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
LoadLibraryW
lstrcmpW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FreeResource
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
CompareStringA
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetVersionExA
GetCurrentThreadId
GetCurrentThread
GetModuleFileNameA
GetCurrentProcessId
SetLastError
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetProcAddress
LoadLibraryA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
SetStdHandle
WriteConsoleW
user32
WindowFromPoint
UnionRect
CharUpperA
MapDialogRect
GetAsyncKeyState
GetMenuItemInfoA
KillTimer
SetTimer
CopyImage
RealChildWindowFromPoint
GetSysColorBrush
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
SystemParametersInfoA
SetParent
IsRectEmpty
DeleteMenu
GetSystemMenu
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
SetDlgItemInt
MoveWindow
MapVirtualKeyA
GetKeyNameTextA
ReuseDDElParam
UnpackDDElParam
LoadImageA
DestroyIcon
GetDesktopWindow
OffsetRect
SetRectEmpty
InsertMenuItemA
DestroyMenu
CreatePopupMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
ReleaseCapture
BringWindowToTop
ShowWindow
SetCursor
ShowOwnedPopups
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetCursorPos
GetActiveWindow
TranslateMessage
GetMessageA
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
SetRect
SetWindowsHookExA
GetWindow
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthA
GetWindowTextA
RemovePropA
OpenClipboard
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
CloseClipboard
SetClipboardData
EmptyClipboard
DefWindowProcA
LoadCursorA
LoadIconW
GetSystemMetrics
SendMessageA
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
SetCapture
GetDCEx
LockWindowUpdate
TrackMouseEvent
LoadImageW
GetMenuDefaultItem
GetNextDlgGroupItem
DrawFocusRect
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
CallWindowProcA
GetMessageTime
GetMessagePos
InvertRect
LoadCursorW
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongPtrA
CallNextHookEx
SetWindowRgn
GetSysColor
InvalidateRect
GetClientRect
EnableWindow
UnregisterClassA
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
IsWindowEnabled
MessageBoxA
GetWindowLongA
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetDC
ReleaseDC
CopyRect
InflateRect
IntersectRect
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
FillRect
PostMessageA
PostQuitMessage
UnhookWindowsHookEx
RegisterWindowMessageA
DispatchMessageA
PeekMessageA
DrawStateA
DrawEdge
DrawFrameControl
IsZoomed
LoadMenuW
SetCursorPos
CopyIcon
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
RegisterClipboardFormatA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
CopyAcceleratorTableA
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
WaitMessage
PostThreadMessageA
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
DrawIcon
GetPropA
FrameRect
gdi32
DPtoLP
CreateHatchBrush
CreatePen
CreateSolidBrush
DeleteDC
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectA
MoveToEx
TextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
ExtTextOutA
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontA
GetCharWidthA
StretchDIBits
GetTextExtentPoint32A
GetBkColor
GetTextMetricsA
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
SetRectRgn
SetBkColor
PatBlt
DeleteObject
CreateRectRgnIndirect
CreateRectRgn
CreatePatternBrush
CreateFontIndirectA
CreateBitmap
CombineRgn
GetDeviceCaps
CreateDCA
CopyMetaFileA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
OffsetViewportOrgEx
SetPixel
Ellipse
msimg32
TransparentBlt
AlphaBlend
winspool.drv
DocumentPropertiesA
OpenPrinterA
ClosePrinter
advapi32
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
shell32
SHBrowseForFolderA
DragFinish
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHAppBarMessage
DragQueryFileA
ShellExecuteA
SHGetDesktopFolder
comctl32
ImageList_SetBkColor
ImageList_ReplaceIcon
shlwapi
PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
PathFindExtensionA
StrFormatKBSizeA
uxtheme
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed
ole32
CoInitializeEx
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
oleaut32
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
VarBstrFromDate
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
SysAllocStringLen
VariantInit
SysAllocStringByteLen
SysFreeString
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
gdiplus
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
imm32
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
winmm
PlaySoundA
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 617KB - Virtual size: 616KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 86KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 104KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.giats Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 299KB - Virtual size: 298KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
setup--客户端专业版.exe.vir.exe windows:5 windows x64 arch:x64
0b5552dccd9d0a834cea55c0c8fc05be
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
user32
CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW
comctl32
ord380
kernel32
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
advapi32
OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
gdi32
SelectObject
DeleteObject
CreateFontIndirectW
Sections
.text Size: 162KB - Virtual size: 162KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 75KB - Virtual size: 74KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 7.6MB - Virtual size: 7.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
main.pyc
-
setup查询版.exe.vir.exe windows:5 windows x64 arch:x64
e78e63e8c82eb1f49bc31bb862ef9511
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
RaiseException
RtlPcToFileHeader
HeapReAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
Sleep
ExitProcess
HeapQueryInformation
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetTimeZoneInformation
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsA
RtlUnwindEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
RtlLookupFunctionEntry
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
WritePrivateProfileStringA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetModuleHandleW
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GlobalFlags
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
FormatMessageA
LocalFree
MulDiv
GetCurrentProcessId
GetModuleFileNameA
lstrlenA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
GetLastError
SetLastError
MultiByteToWideChar
lstrcmpW
GetModuleHandleA
GetVersionExA
LoadLibraryA
VirtualAlloc
GetProcAddress
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
GetTickCount
GetSystemTime
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
GetEnvironmentStrings
FindResourceA
user32
RegisterClipboardFormatA
PostThreadMessageA
SetCapture
GetSysColorBrush
DestroyMenu
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetActiveWindow
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharUpperA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
IsWindowEnabled
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetMenuCheckMarkDimensions
ReleaseCapture
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetCursor
GetMessageA
SetTimer
IsIconic
KillTimer
LoadIconA
DrawIcon
TranslateMessage
TranslateAcceleratorA
DispatchMessageA
GetSystemMetrics
LoadCursorA
FillRect
GetParent
PostMessageA
MessageBoxA
IsWindow
ScreenToClient
GetWindowRect
LoadBitmapA
GetClientRect
SendMessageA
GetDC
SetRect
InvalidateRect
ReleaseDC
GetSysColor
UpdateWindow
EnableWindow
GetPropA
gdi32
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
GetDeviceCaps
SetWindowExtEx
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
CreateRectRgnIndirect
CreateSolidBrush
MoveToEx
LineTo
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteObject
BitBlt
DeleteDC
CreateDIBSection
CreateFontIndirectA
SetPixel
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
Ellipse
CreatePen
GetPixel
GetObjectA
GetViewportExtEx
comdlg32
GetFileTitleA
winspool.drv
ClosePrinter
OpenPrinterA
DocumentPropertiesA
advapi32
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
shlwapi
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
oledlg
ord8
ole32
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
CoRevokeClassObject
CLSIDFromProgID
OleIsCurrentClipboard
CLSIDFromString
oleaut32
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
wininet
InternetOpenUrlA
InternetReadFile
HttpQueryInfoA
Sections
.text Size: 321KB - Virtual size: 320KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 117KB - Virtual size: 117KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 30KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
市场部_导出_OA系统未办文件判断大于100_202405150935210000.exe.vir.exe windows:5 windows x86 arch:x86
fcf1390e9ce472c7270447fc5c61a0c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer
gdiplus
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
Sections
.text Size: 196KB - Virtual size: 195KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 141KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didat Size: 512B - Virtual size: 392B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 172KB - Virtual size: 171KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
截屏Sq2Q1M1QNM566FJMMJ-n.exe.vir.exe windows:4 windows x64 arch:x64
3e7322487e32d78d57fc63d0437440a2
Code Sign
42:73:08:b6:d6:98:45:89:43:77:42:eb:4a:16:5e:86Certificate
IssuerCN=andyNot Before13/05/2023, 18:18Not After31/12/2039, 23:59SubjectCN=andy01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate
IssuerCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BENot Before02/11/2023, 10:30Not After04/12/2034, 10:30SubjectCN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before20/06/2018, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before10/12/2014, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
10:b4:5d:dd:78:8e:a2:2e:72:33:b4:af:30:a7:e8:a1:ab:b6:5f:55:78:3b:1e:00:a8:ac:31:27:1a:08:e1:ffSigner
Actual PE Digest10:b4:5d:dd:78:8e:a2:2e:72:33:b4:af:30:a7:e8:a1:ab:b6:5f:55:78:3b:1e:00:a8:ac:31:27:1a:08:e1:ffDigest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetACP
RtlVirtualUnwind
Sleep
GetTimeZoneInformation
GetStdHandle
HeapSetInformation
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
ExitProcess
SetHandleCount
GetFileType
QueryPerformanceCounter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetStartupInfoA
GetProcessHeap
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
HeapFree
HeapAlloc
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
RtlPcToFileHeader
RaiseException
VirtualAlloc
RtlUnwindEx
RtlLookupFunctionEntry
GetTickCount
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
CreateFileA
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
lstrcpyA
lstrcpyW
GlobalReAlloc
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcessId
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
lstrcmpA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
GetModuleHandleA
GetVersionExA
FreeResource
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetStringTypeExA
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
LoadLibraryA
GetProcAddress
GetEnvironmentStringsW
user32
GetTabbedTextExtentA
PostThreadMessageA
CreateMenu
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
DestroyIcon
GetMenuItemInfoA
InflateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetSysColorBrush
SetParent
GetSystemMenu
DeleteMenu
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetDC
ReleaseDC
DestroyCursor
SetRect
ReleaseCapture
LoadCursorA
SetCapture
KillTimer
ClientToScreen
SetWindowRgn
DrawIcon
FillRect
IsRectEmpty
FindWindowA
InvalidateRect
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
ShowOwnedPopups
WindowFromPoint
GetCursorPos
ValidateRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetFocus
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
IsWindowVisible
GetClientRect
GetDCEx
LockWindowUpdate
UnregisterClassA
RegisterClipboardFormatA
SetCursor
GetMenu
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
CopyRect
GetScrollInfo
SetScrollInfo
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindowTextLengthA
GetScrollPos
SetScrollPos
GetWindow
SetFocus
GetWindowTextA
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
SendMessageA
EndDialog
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
GetMenuItemID
GetMenuItemCount
GetSubMenu
RemoveMenu
CharUpperA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
EnableWindow
IsDialogMessageA
gdi32
CreateSolidBrush
CreateFontIndirectA
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetWindowOrgEx
SetRectRgn
CombineRgn
GetMapMode
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
CreatePatternBrush
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
GetTextFaceA
GetObjectA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
StretchDIBits
CreateFontA
GetCharWidthA
DeleteObject
GetTextExtentPoint32A
GetTextMetricsA
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
PatBlt
Rectangle
GetViewportOrgEx
CreatePen
DeleteDC
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocA
Ellipse
LPtoDP
DPtoLP
CreateEllipticRgn
CreateBitmap
GetDeviceCaps
CreateDCA
GetClipBox
SetTextColor
SetBkColor
SetWindowExtEx
comdlg32
GetFileTitleA
winspool.drv
ClosePrinter
DocumentPropertiesA
OpenPrinterA
GetJobA
advapi32
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueA
RegCloseKey
RegCreateKeyA
shell32
SHGetFileInfoA
DragFinish
DragQueryFileA
ExtractIconA
ShellExecuteA
shlwapi
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA
oledlg
ord8
ole32
OleInitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
oleaut32
SysStringLen
SysAllocString
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
odbc32
ord8
ord72
ord4
ord17
ord41
ord10
ord2
ord1
ord15
ord9
ord14
ord3
ord16
ord20
ord5
ord48
ord49
ord11
ord19
ord12
ord46
ord18
ord13
ord59
ord68
ord44
ord45
ord50
ord51
wininet
HttpQueryInfoA
InternetOpenUrlA
InternetReadFile
Sections
.text Size: 508KB - Virtual size: 507KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 191KB - Virtual size: 190KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 286KB - Virtual size: 286KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
政企部_导出_OA系统未办文件判断大于100_202405150930550000.exe.vir.exe windows:5 windows x86 arch:x86
fcf1390e9ce472c7270447fc5c61a0c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Imports
kernel32
GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer
gdiplus
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
Sections
.text Size: 196KB - Virtual size: 195KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 141KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didat Size: 512B - Virtual size: 392B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 172KB - Virtual size: 171KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
碧水天源_营业执照_扫描件水印版副本_202405171637(1).exe.vir.exe windows:6 windows x64 arch:x64
95a3be9f650dff92daa4d806043aa63c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetCurrentProcessId
SetEnvironmentVariableA
GetModuleFileNameA
FileTimeToSystemTime
GetLastError
WriteConsoleW
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FormatMessageA
LoadLibraryA
GetThreadLocale
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
CreateFileW
RtlUnwind
Sections
.text Size: 230KB - Virtual size: 229KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 111KB - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.trace Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gxfg Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gehcont Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 450KB - Virtual size: 452KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
违规名单.exe.vir.exe windows:4 windows x86 arch:x86
59a4a44a250c4cf4f2d9de2b3fe5d95f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
CloseHandle
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary
user32
CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA
gdi32
SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
advapi32
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
comctl32
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17
ole32
CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 149KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 32KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ