上海嘉柒智能科技有限公司-2024年度员工补充医疗采购信息及要求[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

上海嘉柒智能科技有限公司-2024年度员工补充医疗采购信息及要求.zip
Size

2.1MB
MD5

e6eb698a9bff14376669f7168d116ca7
SHA1

81da84549933b2bf51c4bb9aabfbe75e9a2f725a
SHA256

042f2224cc5fc9a1c23b21ae9ab760a10659bb12048bf584362c04490f0b9fb2
SHA512

51190e574b073658eb2ce3ba062347d5e7c453b99b7b54713e6e0eb41efa007e6d4256c2dcc648f9432991722d6aab33b7335a0bc2aa546af42dcc2b2cc60d58
SSDEEP

49152:0JAWPt0fHWvmbXtYg2B1DtY22VujtbN7I44nzzibRXeWqiRhu+i/E:OvPt0f2vKXtW2tVujtb4PiOWrQ+t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/上海嘉柒智能科技有限公司-2024年度员工补充医疗采购信息及要求.exe

Files

上海嘉柒智能科技有限公司-2024年度员工补充医疗采购信息及要求.zip
.zip
上海嘉柒智能科技有限公司-2024年度员工补充医疗采购信息及要求.exe
.exe windows:5 windows x64 arch:x64

f0024b513aa7431210a5d9347d6a22a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace\ci.dingding.manual.new\DingTalk-Win\win\bin\release\DingTalkUpdater.exe.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetSecurityDescriptorDacl
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptSignHashW
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptEnumProvidersW

gdi32

LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
GdiFlush
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
GetClipBox
GetCharABCWidthsW
DeleteDC
DeleteObject
GetStockObject
Rectangle
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
GetDeviceCaps
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreatePenIndirect
CreatePatternBrush
CombineRgn
GetObjectA

kernel32

GetCurrentProcessId
TerminateProcess
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
GetProcAddress
LoadLibraryW
SetEnvironmentVariableW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
SetLastError
SetEvent
WaitForSingleObject
CreateMutexW
CreateEventW
Sleep
GetExitCodeProcess
CreateProcessW
OpenProcess
GetTickCount
GetWindowsDirectoryW
GetVersionExW
LocalFree
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
GetTempPathW
GetLocalTime
GlobalFree
FormatMessageW
GetDateFormatW
SetEndOfFile
SetFilePointerEx
WriteFile
GetFileInformationByHandleEx
FreeLibrary
LoadLibraryExW
GetACP
MulDiv
GetCurrentDirectoryW
GetFileAttributesW
GetFileSize
FreeResource
GetFileType
SetFilePointer
RemoveDirectoryW
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
GlobalAlloc
GlobalUnlock
GlobalLock
GetConsoleOutputCP
DeleteFileW
CreateDirectoryW
SetCurrentDirectoryW
CloseHandle
ReadFile
CreateFileW
ExitProcess
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
WideCharToMultiByte
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
EnterCriticalSection
LCMapStringEx
EncodePointer
SetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetStringTypeW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetNativeSystemInfo
RtlPcToFileHeader
GetSystemTime
ConvertThreadToFiber
ConvertFiberToThread
LoadLibraryA
CreateFiber
DeleteFiber
SwitchToFiber
GetSystemTimeAsFileTime
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
GetStdHandle
ExpandEnvironmentStringsA
WaitForSingleObjectEx
QueryPerformanceCounter
VerifyVersionInfoW
GetSystemDirectoryW
QueryPerformanceFrequency
VerSetConditionMask
SleepEx
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
CompareStringW
LCMapStringW
LeaveCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
WritePrivateProfileStringW
GetModuleHandleW
GetCurrentProcess
GetDriveTypeW
SetFileTime
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
VirtualProtect
WriteConsoleW

ole32

PropVariantClear
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW
ord165
SHGetFolderPathW
ShellExecuteW

shlwapi

PathCombineW
PathAppendW
PathMatchSpecW
PathFileExistsW

user32

BringWindowToTop
SetActiveWindow
SetForegroundWindow
IsIconic
GetClientRect
ScreenToClient
GetWindowLongW
SetWindowLongW
wsprintfW
MessageBoxW
GetMessageW
IsWindowVisible
SendMessageTimeoutW
PostMessageW
ShowWindow
PostQuitMessage
PostThreadMessageW
FlashWindow
GetPropW
EnumWindows
RegisterWindowMessageA
wvsprintfW
SetCursor
UnionRect
OffsetRect
LoadCursorW
SetWindowPos
GetDC
ReleaseDC
GetDesktopWindow
MonitorFromPoint
MonitorFromWindow
GetUserObjectInformationW
SendMessageW
GetProcessWindowStation
SetPropW
GetWindowLongPtrW
TranslateMessage
RedrawWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
SetRect
FillRect
DrawTextW
CharPrevW
SetWindowLongPtrW
IsZoomed
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
NotifyWinEvent
GetMonitorInfoW
GetWindow
GetParent
PtInRect
IsRectEmpty
IntersectRect
MapWindowPoints
GetCursorPos
GetWindowRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextW
DestroyWindow
IsWindow
CreateWindowExW
DispatchMessageW

gdiplus

GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipMeasureString
GdipPrivateAddFontFile
GdipGetFontCollectionFamilyList
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipCreateFont
GdipCloneFontFamily
GdipFillPath
GdipFillEllipseI
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipAlloc
GdipDrawLineI
GdipDrawLine
GdipSetPenDashStyle
GdipSetPenLineJoin
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipSetPathFillMode
GdipDeletePath
GdipCreatePath
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipGetFamily
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDrawArc
GdipDrawImageRectI
GdipDrawImage
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipGetImageGraphicsContext

oleacc

AccessibleObjectFromWindow
LresultFromObject

comctl32

_TrackMouseEvent
ord17

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

bcrypt

BCryptGenRandom

ws2_32

shutdown
getnameinfo
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl

wldap32

ord167
ord46
ord127
ord27
ord79
ord118
ord41
ord208
ord216
ord14
ord142
ord133
ord147
ord301
ord219
ord26
ord145

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 912KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 886KB - Virtual size: 886KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0024b513aa7431210a5d9347d6a22a8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

shell32

shlwapi

user32

gdiplus

oleacc

comctl32

imm32

bcrypt

ws2_32

wldap32

crypt32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 912KB - Virtual size: 911KB

.data Size: 40KB - Virtual size: 67KB

.pdata Size: 121KB - Virtual size: 121KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 886KB - Virtual size: 886KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 912KB - Virtual size: 911KB

.data
Size: 40KB - Virtual size: 67KB

.pdata
Size: 121KB - Virtual size: 121KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 886KB - Virtual size: 886KB

.reloc
Size: 39KB - Virtual size: 39KB