电脑飞机[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

电脑飞机.zip
Size

31.1MB
MD5

cbfaa5d6e7c6567a24b349725d14a76a
SHA1

9d4343d940afe8d615d1575252887c069a6ae50e
SHA256

8af39ef047e147fb8805c579157ce1453eaec399f2853d598b426fe6f03211ae
SHA512

92881382dc35975b470c0744a786735f62e4a0a3a622b9f10f13df9796438f4022c141fffe52349e21e52d337c732a8f18774e5cb8f5dc61af56767dd32ecf56
SSDEEP

786432:jYht5DPjU1NZsDGRwUY+jD7WtlxxCVJQz9Go9fgrXsR:jY35DcA6i+jfiXkJUr2zsR

Score

1^/10

Malware Config

Signatures

Files

电脑飞机.zip
.zip
电脑飞机&m.exe
.exe windows:5 windows x64 arch:x64

c66f81622efc1e39baf9e7028aae0d46

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/08/2021, 00:00

Not After

01/08/2024, 23:59

Subject

CN=DingTalk Technology Co.\,Ltd.,O=DingTalk Technology Co.\,Ltd.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:ad:ab:12:7e:d6:40:c6:bb:9e:78:a4:60:9c:fe:1b:09:5f:47:86:14:34:ec:4e:e6:15:07:57:32:09:12:cc
Signer

Actual PE Digest

c0:ad:ab:12:7e:d6:40:c6:bb:9e:78:a4:60:9c:fe:1b:09:5f:47:86:14:34:ec:4e:e6:15:07:57:32:09:12:cc

Digest Algorithm

sha256

PE Digest Matches

false

d4:6a:f4:86:70:33:3f:fb:d5:5d:91:df:f6:b7:42:3c:fe:69:35:bc
Signer

Actual PE Digest

d4:6a:f4:86:70:33:3f:fb:d5:5d:91:df:f6:b7:42:3c:fe:69:35:bc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Users\Admin\Documents\Visual Studio 2008\Projects\UAC\x64\Debug\UAC.pdb

Imports

kernel32

GetProcAddress
LoadLibraryW
GetModuleFileNameW
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
LoadLibraryA
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsSetValue
GetCurrentThreadId
FlsAlloc
FlsFree
SetLastError
GetLastError
GetCurrentThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
HeapSize
HeapValidate
IsBadReadPtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
HeapDestroy
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
HeapReAlloc
HeapQueryInformation
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetTimeZoneInformation
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CloseHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
InitializeCriticalSection

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey

Sections

.text
Size: 462KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30.9MB - Virtual size: 30.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c66f81622efc1e39baf9e7028aae0d46

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c0:ad:ab:12:7e:d6:40:c6:bb:9e:78:a4:60:9c:fe:1b:09:5f:47:86:14:34:ec:4e:e6:15:07:57:32:09:12:ccSigner

d4:6a:f4:86:70:33:3f:fb:d5:5d:91:df:f6:b7:42:3c:fe:69:35:bcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 462KB - Virtual size: 462KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 16KB - Virtual size: 15KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 30.9MB - Virtual size: 30.9MB

.reloc Size: 3KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:af:69:d7:a3:81:e9:2b:82:9f:9d:6e:3d:ad:92:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c0:ad:ab:12:7e:d6:40:c6:bb:9e:78:a4:60:9c:fe:1b:09:5f:47:86:14:34:ec:4e:e6:15:07:57:32:09:12:cc
Signer

d4:6a:f4:86:70:33:3f:fb:d5:5d:91:df:f6:b7:42:3c:fe:69:35:bc
Signer

.text
Size: 462KB - Virtual size: 462KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 16KB - Virtual size: 15KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 30.9MB - Virtual size: 30.9MB

.reloc
Size: 3KB - Virtual size: 2KB