27x[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27x.rar
Size

28.9MB
MD5

2ec9e3dfc6617c5a608cb5df85cd470c
SHA1

1d62817edc2a3699db49f5e147ff22e0412c5acd
SHA256

33184189a2147d668d0ce93a88684e87144e54f32c50ff38018e840fe00298a8
SHA512

5a863b114622a367c71db8459790f30915b891e07ab43ce965490133f4adbe5b0259d3f666aae0aa620dd2a6d1ae49a9028eafa7dcd79ddf2f1b083cc441d36f
SSDEEP

786432:Pv40z9KspwLZaeCiGlDzg9nT2ayPc5rVpTWUxU:n4g93pwLZGblE55rVtWT

Score

7^/10

vmprotect upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/cjkent_setup_表格6044.exe.vir	upx
static1/unpack001/windows.exe.vir	upx

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/cjkent_setup_表格6044.exe.vir	vmprotect
static1/unpack001/setup_6007.exe.vir	vmprotect

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/calc64.exe.vir
unpack001/miansha.exe.vir
unpack001/perl530.dll.vir
unpack003/out.upx
unpack001/團隊最新月績財務報表詳細 &a.exe.vir
unpack001/绝密⚝启用前.docx.exe.vir

Files

27x.rar
.rar
calc64.exe.vir
.exe windows:6 windows x64 arch:x64

17ba36e1101145bc1dde5120c18cd6d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\rustproject\sec1\target\debug\deps\calc64.pdb

Imports

ntdll

RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
NtWriteFile
NtQueryInformationProcess
RtlGetVersion
NtQuerySystemInformation

kernel32

GetSystemTimes
OpenProcess
K32GetPerformanceInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
ReadProcessMemory
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
HeapFree
WaitForSingleObject
FormatMessageW
LoadLibraryExA
GetProcAddress
FreeLibrary
VirtualQueryEx
GetProcessHeap
GetProcessIoCounters
GetCurrentProcessId
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
Sleep
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
GlobalMemoryStatusEx
GetSystemInfo
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
GetLastError
HeapAlloc
HeapCreate
GetTickCount
GetStdHandle
CreateFileW
WriteFileEx
SleepEx
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
WaitForSingleObjectEx
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
GetModuleHandleA
GetConsoleMode
LoadLibraryA
CreateMutexA
GetProcessTimes
GetModuleHandleW
GetModuleFileNameW
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
IsProcessorFeaturePresent
MultiByteToWideChar
WriteConsoleW

oleaut32

GetErrorInfo
SysFreeString
SysStringLen

pdh

PdhCollectQueryData
PdhRemoveCounter
PdhOpenQueryA
PdhAddEnglishCounterW
PdhCloseQuery
PdhGetFormattedCounterValue

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

powrprof

CallNtPowerInformation

advapi32

SystemFunction036
IsValidSid
GetLengthSid
GetTokenInformation
CopySid
OpenProcessToken

shell32

CommandLineToArgvW

bcrypt

BCryptGenRandom

vcruntime140

memmove
__current_exception_context
memcmp
_CxxThrowException
__C_specific_handler
memset
memcpy
__CxxFrameHandler3
__current_exception

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-string-l1-1-0

wcslen

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
__p___argv
__p___argc
_exit
_initialize_narrow_environment
_configure_narrow_argv
exit
_seh_filter_exe
_get_initial_narrow_environment
_cexit
_initterm_e
terminate
_initterm
_set_app_type
_crt_atexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cjkent_setup_表格6044.exe.vir
.exe windows:5 windows x64 arch:x64

1aacb940e1e344a531c545d7fc2daf6f

Code Sign

0c:70:e5:1d:6e:4c:85:38:5c:46:23:cf:87:6a:fa:7d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/11/2019, 00:00

Not After

10/12/2020, 12:00

Subject

CN=YY Inc.,OU=IT,O=YY Inc.,L=GuangZhou,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:70:e5:1d:6e:4c:85:38:5c:46:23:cf:87:6a:fa:7d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/11/2019, 00:00

Not After

10/12/2020, 12:00

Subject

CN=YY Inc.,OU=IT,O=YY Inc.,L=GuangZhou,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:0f:8b:11:e2:46:be:7c:14:24:13:16:36:ab:0b:06:d7:e2:28:af:3e:f4:98:d8:39:7b:35:bc:47:d6:43:03
Signer

Actual PE Digest

cc:0f:8b:11:e2:46:be:7c:14:24:13:16:36:ab:0b:06:d7:e2:28:af:3e:f4:98:d8:39:7b:35:bc:47:d6:43:03

Digest Algorithm

sha256

PE Digest Matches

false

da:27:9a:a7:6d:e1:3f:4e:c2:90:df:66:21:3f:a5:08:b1:f6:a6:b7
Signer

Actual PE Digest

da:27:9a:a7:6d:e1:3f:4e:c2:90:df:66:21:3f:a5:08:b1:f6:a6:b7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

��(`%<��m�߈��\��Y�n9�L��$>�Mߕ�oJ`U/�_C�E�"��~��h.�w�rCkdjeK{U"l ��ned)�U&9}r��^$S�{Zr#P!�+��O#܋��6��裏�&Z�Q��|�j��*��2B0ԶFZ�(l<�.�O�tO(��P�G�FѪ��~��I��r��)��IgO��`L5�8�_��+3n-�DR�nź,��s}npi� [0��y��1b�C��bI�M��LZ�b�!�U��=�M�2��b�(Z8K>��*{�P��iʮv,�C�Mi}��~�,!��aQLw-�7۷��~�5��._�gR!i��C�ܢ�o�bc tu�=��G��!��9��0��4�ju��)}�A?�f$�� ş��2�}�t�9:��r��E�{*��~u��TcpXx�0 d5o�X�e��V8��iD<�rWƀ��k7b�(a֤�Q0mY0�Wqfm��(�"D�:(��U�/ KS!��L�V�b�mQ9gγ�.v��K�fEx��@��l��w�r�� D�n�BS�[��}Bƀ�-a��/jDh ZA��̳p�j��ZqM� �X4�� ޗ`)��s�W5UE?�8c*�sv8A��1��D��?#�F�3d�A��3�zhӼ�s��)�B��k�l��K�.�3�l�@��UwW<��:��%�(�H��[��= ��8�TL�T��ؑ�8��|5ϔp�i.1TG�e A��$�y��u:V�I|)�Z9X -��J�Da�eEǂ��1��K4[�_�T`�cz޶2� �_&��q�oH٬p�&��<Fvq�hF���h��N_I��<��{o�xH��_�xĵl�%�ؗ� &�`!�]��׈ S]vA�!g2{ϼ3��@��]��cÓMK��9��,��T�&��ֽ��R�&R� `[d�o�S�L�ln�Uh��C�K׽2�I�z-��o3��񶪂Y�7�[�� 5s�A�L��>\��B�¡�*��_�Ƒ�/�[[�f�͜]��- ��?�+��M>f?�'O��A��b��W��j��V9�NYd�ti�ג��-�`�b��s44 �M�۳`�U?�1��]T��8�L/ݬfQ��s*�]Pv��ᱽ�.P� ��|��P`;b�b��eS] �L��#��/{�y�� G[��E��"��m�ȭ�5�Upυ��ak�8��=��0 4��M�j�p5�g�ʨ�h�9��z�Vش^��%�k�]z��:�n�Y��k�m ��B��:}��Ɵ'�J� ��f��LI��a��_0��c"-D��K��M��>�N��j��Pd̫w��4 �#OAhs�ڂň��~�-�vf�à$��B-�9b@�B�=]Qֆ�#y��3��?B�M��IX<BP��S�|9� �b�>�(�~��M��m��JQ˜b�M��܈��}��|��t��hO2�J֍)90�t&5�� K.�U/��2>}�� Ƞ�!cg��}] �`Ѫ�SF�YS'`��Cp�Mr�g��5ٴ/� [Fk&��k�ň��I�|Y��@S��P�(��.j��A��&'�)ߤU��{1w��g��j�Y0Lz��Q*��A��ГJ�5M��;Dky4�8C��VhT��!�EʿwY��`-��W�7s�*�Z�V@��]��CS�rQ��筫{��K�n�当��~ڍX;��z��-�7�O�ذ߇2@?�B*N�VE��D�4�M`�m��S�{O��Z��^]�S�?.�ܬ��=6��+�'(Е�uҖ��>��=*K��5z!]j�C%1�8��3�Ԏ��K�?9�0�:4��t� W��7]V(8��S�qG�yj�C�>n��A�x�H��-��8�h��=�e-\n&�7��TQ�&�嫙��k��d%#� ��w�$�<Q��`�c2��N�O��af(�mS��,>NE�\)�m��M��o:�p ��<{f�$�`��ĺ��7t��#É&E b�l��H�E~�\bs{lp{�p=��,��Yo��t℞��ڿ��6n�l�+�(��Q��W��;S�ס��Nh�r�K��{,�Є�d��qJ�ޏ�L��]��}�7ˡ�7��v>�p'IU�o��=ybNd5��T ]�Ӄ��{��5~��[��\Уz��;{��p&腈g\E��"K@Y��go#yg�$ h��:�)��j�S-"��uژy��t.r<�F�`j �픠e}��9��55{��O�y��U� ��7C�/;� ��qBo�t��E[x�<� H�+� �x��e�ǁ�'�:b;�-s�%{�d�S;�|U;HEQk�<�>X#u��9s��rÔ��-��L��H�D{��ȑb=5��Z# �ԋ�[iG�*�s-9�YR�a@�A�AX��eNs i=x��r*��O�ч9��zE�7��c5�ධJ:8�&��滊ÿ��%'WTlM2��$��)l��㰾T�\�(�NU�iY��ߒ�&��:w9��S^��u��9<*�_Sm��T3��'��ɶ��Ǭ�o�{��g��T��l2�8D�F0Ƕ+�xe��r��D�Yb�c_K7,��G��l��c��w�X7@v��y~=��^��D�lu^U��W��+-��^�2��kt��@^��B��6�,~��xQd4 �9ȷ��p4t��p �K.�i8�?�� G��Od�c�\��WP��}9��˯[��-Pʖ�:\Nr`��\��(GtՕ�O

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
miansha.exe.vir
.exe windows:4 windows x86 arch:x86

97a52a67ed0dc3b06e1115942701fd4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
FreeLibrary
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-private-l1-1-0

memcmp
memcpy

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_exit
_initialize_narrow_environment
_set_app_type
_initialize_wide_environment
_initterm
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

strlen
strncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

api-ms-win-crt-utility-l1-1-0

rand

rpcrt4

UuidFromStringA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
perl530.dll.vir
.dll windows:6 windows x64 arch:x64

c7a11c27e1845516cc3e8e4317e7625d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

advapi32

CryptDestroyHash

Exports

Exports

RunPerl

Sections

.text
Size: - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.#rH
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.)6P
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.V^n
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 985B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup_6007.exe.vir
.exe windows:5 windows x64 arch:x64

65d3610f402ed34bdc8939437c0ed809

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/10/2021, 00:00

Not After

23/10/2024, 23:59

Subject

SERIALNUMBER=91330000788831167A,CN=NetEase (Hangzhou) Network Co.\, Ltd,O=NetEase (Hangzhou) Network Co.\, Ltd,L=杭州市,ST=浙江省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:7f:a8:59:43:47:1c:94:f0:e1:70:22:aa:26:a2:d3:b4:01:15:94:1f:02:59:a2:5b:4a:04:4f:21:2d:d5:3e
Signer

Actual PE Digest

47:7f:a8:59:43:47:1c:94:f0:e1:70:22:aa:26:a2:d3:b4:01:15:94:1f:02:59:a2:5b:4a:04:4f:21:2d:d5:3e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersion
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Exports

Exports

q��+ ]}��ñX.mE��zyŢM�p`�-��L �d ��d��HJd�ɱK��_A�uwJ��\<a��{q��=q@�fS�ܑ�Q��ݳ��P��%�rʙ��>��cil�I��0�B��ś��@��zW�n;��`q��.��-d3�`֢�9Mu��+��g��{T��K$�N�/>��y?��^?0��8X��F�A��VqK,t��k$�� d:�;�6��7C��^��V ��3a\��M�L�T�7��X��,�ͦ��H>Kn�f�u��} �}2JTK��g23x;�Pe˄2?��vF��]��X�c�[�k�r#2(�h�-'��^}{�%�>t��(E�󽨶ȑ�w�6��ׅ�d(��]�i�C�5<O��+�B��.h@y$N��Ý�j^(R:D�� u��R��:B��5%E�R_��\�?0 R� ~�W�;#8g|-�ya�D��.\��{�;�L i2�Y�=��eE�@U81�R�?��Td8<�|�;5�E��4�`kvC�\2gH��R��"�WV^x�m��"R#�!�B.�w0b�aր�Nj�A��l��2�ǌ�l�X7��8�x(��Lb[v{��9@��ħ�t��I��&d9.�b �5��徟��?TM[P\��]f��Gq�e��V��ek"�;��a�y�i�@��f��>C�#��O)�10��9��p��}<��>�� T�+�� (#5��S�:��E�2�<�se�|� �K�f�o��MԆ󍓰�Зھ�L��?`�Ӌ��,� ��D��]�X��!Ѩ�N��1�G�,��(q(2�:��\k��`��O�G��f�P��Z��U��:��#v��Hhѽj��KcaS��g�!U�n��li�#Uihj�.�'f�y��4{V4�2Sn�a;�9��_N��k�iA�� A%+õ �F��M��d��A֫��B#��&�C9��G�<y'w�f�JW��N��Z��P�1u��c�:5VȆ��E�F��3�&�_J��/,�e#P�f:�#(3�S+l��T��x&�f��2�� 27��[[ ��,l��mp��e]O�@?��R*�N��g#�>�ȯ��׌��U��A3Z��$X�s(��o��E��0r��Q��B�9=�X����݃�3>�#��;8-'��-ˮ$�QeW��]a|�!��:8vQ��Um�a�C��'��a��i��q$��4w^�` ˔��XS��$x�~P�Ka��M%��w _P�2�x�*׹Nw��鉒�U�܏]��9H��:/�"�G��Ӷxp?��\�� j�/r�k��/�m5��.�;I-j:�&OJ��jǧ��2�Em��W�r��w�$��@~b�M��y�� u��w�fX�XNCs�^�u�yW�H�s��=5��ȁ�j��s��f7�O/vi�J��f�&-� X��{΁��I��m̶L�]��s�ʟG��D�率��}�ݮ$�cPe��p]`�w��݃��t7��@�� :�o��1" ��WuZHƞp�X��,�&YN*>�U��۠�a��M��g^*�|�@�z�q.�չD#qUR|��>��z�\��v%3��)�>u�#�V��M�.��Y�f�X��W��0��=ښ��y�`��_�<��w�� Q^h�t��F9DK�'�s��A��m�b,p��<#:��V�e�ShA¤�U.�YI�h�Z�Ea�~�f�+�DV��h�K�$W��`}4��nI)z̞d�j�<��S��$��8�ӠVl��gV[l�n�;BI0j�n!�栲V�\Y��戢� �x+�pdj��8+kF!��Ë��S��GY�I�}��r��xgLc��A��7IP�p��W��;]��AN�ɣ\�8H��jr� %��y�!/U��bI@B� y��z��?K��uG. �%6$TTO��zQxMv�j�·��hT��2|��!>�Ė��VA��g�'�� c�Ʊdf�#��^��9��`��R]-�˳ދ�@�1|�Ls�f�:� ��<Mq`�)��|�V��u��V ��DNڒ�oi��+��w`x^�+�2!XmT�<��>��edH��7ή�2��?+ԍ+`�9�MA�v��YP}��t*��Ք��]�II�D6 ,�5D��)�:Q�ss�@Uѷ��t�_} �>��I�4��o�,,��H�:��;�QK ��C� ��>�D�]=&�ySx�2��i�O7ѵ��a4�@)�rM-�YU'�.w �pr��K�Ъ&u��U��@��0`<�9��z��QY�C��g�x��m�T��Q��'��xpDo�K�$�FB�NWa}�4�[�q~z-K�tgT��|X �q�u��e��`S��?��#CJ�]qeU�FG4�3�K�3P��_�56I��4X9��HL�;aB`5��Q��D�e9� ��/S��'�ۥ��^Y��|��L�I�4��r�-J}��]Lg��WgR��&��m�;��W� Ӓ��$M��3 4-Ƣ�R�:��z��cB��|�8_��te��V��M��St͍��!��ˑ�ޥ�9��d?��MǱh�NY>�a��n�q��$n(Ȉ�/��b4�+8��^�z ��՚O�P��k��f��켬f�տ��_C�~�]�Iaa��J�ϺM��q��S��YDJ7�&�Xh�cY� :��iV�:��N�"J��چ� R��Lo�p��p�)AY~ ��;hZ�Y�"�$6.�ZF��/�Hx1v�m �>6Q�FS΢�s�ひ"�

Sections

.text
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 887KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
windows.exe.vir
.exe windows:6 windows x64 arch:x64

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:fc:11:f6:ca:05:14:48:9f:17:8a:8d:7b:d5:5e:86:02:06:c0:4d:d0:06:7d:31:35:7a:8e:a5:fc:2d:42:3c
Signer

Actual PE Digest

a3:fc:11:f6:ca:05:14:48:9f:17:8a:8d:7b:d5:5e:86:02:06:c0:4d:d0:06:7d:31:35:7a:8e:a5:fc:2d:42:3c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 696KB - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
关于本校暑期放假规划和安排 .exe.vir
.exe windows:6 windows x64 arch:x64

a272e88ab3a290d1b2cb16bc19592847

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:a8:1d:3b:96:27:0d:9a:1d:eb:07:cd:88:67:d0:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/10/2021, 00:00

Not After

16/10/2024, 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=珠海市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:a8:1d:3b:96:27:0d:9a:1d:eb:07:cd:88:67:d0:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/10/2021, 00:00

Not After

16/10/2024, 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=珠海市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:b0:67:60:6d:1b:ad:f6:bf:68:7d:e5:74:bd:bd:05:a1:bf:21:14:c4:46:c9:7f:72:94:34:4c:57:e6:f1:90
Signer

Actual PE Digest

7f:b0:67:60:6d:1b:ad:f6:bf:68:7d:e5:74:bd:bd:05:a1:bf:21:14:c4:46:c9:7f:72:94:34:4c:57:e6:f1:90

Digest Algorithm

sha256

PE Digest Matches

false

c0:4e:84:ac:4c:0e:c7:b8:7b:a1:fc:36:0f:93:f3:58:82:8d:4a:ec
Signer

Actual PE Digest

c0:4e:84:ac:4c:0e:c7:b8:7b:a1:fc:36:0f:93:f3:58:82:8d:4a:ec

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
AddVectoredExceptionHandler
WaitForSingleObject
Sleep
GetCurrentProcess
ExitProcess
CreateThread
VirtualProtect
VirtualQuery
VirtualQueryEx
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
GetFileAttributesExW
CreateFileW
GetCurrentDirectoryW
FormatMessageA
LocalFree
TerminateProcess

msvcp140

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Random_device@std@@YAIXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

vcruntime140

memchr
memcpy
memmove
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__current_exception_context
memset
__current_exception
memcmp
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

terminate
exit
_configure_narrow_argv
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_get_initial_narrow_environment
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_initterm_e
_exit
_seh_filter_exe
_initterm

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fsetpos
__p__commode
_set_fmode
ungetc
setvbuf
fwrite
_fseeki64
fgetc
fread
fputc
fgetpos
fflush
fclose

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
團隊最新月績財務報表詳細 &a.exe.vir
.exe windows:4 windows x64 arch:x64

f51bff7931912dbc8f83cb9f8c8365be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\admin\documents\visual studio 2005\projects\tets\x64\debug\TETS.pdb

Imports

kernel32

GetProcAddress
LoadLibraryW
GetModuleFileNameW
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapSize
HeapValidate
IsBadReadPtr
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
LoadLibraryA
GetModuleHandleA
FlsGetValue
TlsAlloc
FlsSetValue
GetCurrentThreadId
FlsAlloc
TlsFree
FlsFree
SetLastError
GetLastError
TlsSetValue
GetCurrentThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
ExitProcess
GetACP
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
VirtualQuery
FreeLibrary
InitializeCriticalSection
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CloseHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
Sleep

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey

Sections

.text
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 915B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
绝密⚝启用前.docx.exe.vir
.exe windows:5 windows x64 arch:x64

b330d810ce52a718c58fc0a72cbb426c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\F1_proj_trunk\f1\src\features\qbroker\Release\qbroker64.pdb

Imports

kernel32

GetLastError
HeapSize
EnterCriticalSection
CreateEventW
DecodePointer
WaitForMultipleObjects
CreateWaitableTimerW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
CreateThread
RaiseException
Sleep
GetCurrentProcess
GetModuleHandleW
OpenProcess
LoadLibraryW
GetProcAddress
OpenThread
GetModuleHandleA
LocalFree
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
GetProcessHeap
SetEvent
WaitForSingleObject
HeapFree
SetWaitableTimer
HeapAlloc
SetErrorMode
GetModuleFileNameW
HeapReAlloc
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetTimeZoneInformation
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
LoadLibraryExW
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
IsDebuggerPresent
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExW
CreateFileW
CopyFileW
DeleteFileW
GetFileSize
ReadFile
WriteFile
FindFirstFileW
FindClose
ExpandEnvironmentStringsW
GetSystemDirectoryW
FreeLibrary
DeviceIoControl
EncodePointer
GetCommandLineW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateDirectoryW
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetStringTypeW
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW

user32

PostThreadMessageW
PostQuitMessage
GetMessageW
DispatchMessageW

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA

shell32

CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoUninitialize
StringFromGUID2
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
CoInitialize
CoCreateGuid
CoRegisterMessageFilter

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit
SysAllocStringLen
VariantChangeType

shlwapi

PathAppendW
PathFileExistsW
PathFindFileNameW

version

GetFileVersionInfoW
VerQueryValueW

ws2_32

htonl
htons

wininet

HttpSendRequestA
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenA
InternetCloseHandle

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
财会人员薪资补贴调所需材料z.exe.vir
.exe windows:5 windows x64 arch:x64

43de60bd12e62fb974fc45fdbad4494b

Code Sign

33:27:1a:ad:96:62:5f:9b:40:ef:f5:3f:8d:96:45:6d
Certificate

Issuer

CN=Microsoft Corporation,ST=BeiJing,C=China

Not Before

18/05/2024, 08:42

Not After

30/12/2027, 16:00

Subject

CN=Microsoft Corporation,ST=BeiJing,C=China

33:27:1a:ad:96:62:5f:9b:40:ef:f5:3f:8d:96:45:6d
Certificate

Issuer

CN=Microsoft Corporation,ST=BeiJing,C=China

Not Before

18/05/2024, 08:42

Not After

30/12/2027, 16:00

Subject

CN=Microsoft Corporation,ST=BeiJing,C=China

d5:cd:db:c6:c0:a6:19:c6:81:b6:0a:44:0e:96:9a:14:54:96:92:c3:dd:e1:0a:76:c1:09:51:63:76:62:41:ff
Signer

Actual PE Digest

d5:cd:db:c6:c0:a6:19:c6:81:b6:0a:44:0e:96:9a:14:54:96:92:c3:dd:e1:0a:76:c1:09:51:63:76:62:41:ff

Digest Algorithm

sha256

PE Digest Matches

true

23:00:59:e7:f8:50:85:2b:95:8e:f3:9c:91:49:24:9b:05:bb:1c:a7
Signer

Actual PE Digest

23:00:59:e7:f8:50:85:2b:95:8e:f3:9c:91:49:24:9b:05:bb:1c:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleCP
GetConsoleMode
CreateFileW
SetEnvironmentVariableA
IsValidCodePage
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FlsAlloc
FlsFree
GetProcAddress
FlsSetValue
FlsGetValue
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
ExitProcess
HeapQueryInformation
HeapSize
CreateThread
ExitThread
CompareStringW
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetStartupInfoW
GetCommandLineA
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
RaiseException
FindResourceExW
VirtualProtect
SearchPathA
Sleep
GetProfileIntA
GetTickCount
InitializeCriticalSectionAndSpinCount
GetTempPathA
GetTempFileNameA
GetNumberFormatA
GetWindowsDirectoryA
lstrcpyA
GetCurrentDirectoryA
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetTimeZoneInformation
LCMapStringW
HeapReAlloc
GetStringTypeW
FileTimeToLocalFileTime
GetFileAttributesExA
GetACP
GetOEMCP
GetCPInfo
GetUserDefaultUILanguage
GetLocaleInfoA
GlobalFlags
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcmpiA
FindResourceA
FreeResource
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
LoadLibraryW
lstrcmpW
FileTimeToSystemTime
lstrcmpA
GlobalGetAtomNameA
GetModuleHandleW
CompareStringA
GetModuleHandleA
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
CloseHandle
CopyFileA
GlobalSize
FormatMessageA
lstrlenW
MultiByteToWideChar
MulDiv
lstrlenA
GetCurrentProcessId
GetModuleFileNameA
FreeLibrary
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GetLastError
SetLastError
LoadLibraryA
WriteConsoleW

user32

TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
WaitMessage
PostThreadMessageA
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetKeyNameTextA
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
DrawFrameControl
DrawEdge
DrawStateA
GetSystemMenu
LoadMenuW
SetClassLongPtrA
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
WindowFromPoint
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
CreateDialogIndirectParamA
EndDialog
DrawIconEx
GetNextDlgGroupItem
LoadImageA
CopyImage
GetIconInfo
OffsetRect
GetNextDlgTabItem
MessageBeep
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
ReleaseCapture
GetAsyncKeyState
SetCapture
MapVirtualKeyA
IsRectEmpty
GetMenuDefaultItem
RedrawWindow
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
KillTimer
SetTimer
DeleteMenu
ShowOwnedPopups
SetCursor
IntersectRect
InvalidateRect
SetRectEmpty
IsIconic
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringA
CreateMenu
DrawTextA
TabbedTextOutA
FillRect
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
CharUpperA
DestroyIcon
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
LoadIconW
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetMenuDefaultItem
IsClipboardFormatAvailable
GetWindowRgn
DestroyCursor
DrawIcon
MapDialogRect
SubtractRect
GetDoubleClickTime
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
GetWindow
SetMenuItemBitmaps
CharUpperBuffA
CopyIcon
RegisterClipboardFormatA
GetUpdateRect
FrameRect
DrawTextExA
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextLengthA
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowThreadProcessId
SendMessageA
GetWindowLongA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
UnhookWindowsHookEx
UpdateWindow
CreatePopupMenu

gdi32

CreateHatchBrush
CreateCompatibleBitmap
CreateRectRgnIndirect
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
CreateSolidBrush
CreatePen
GetRgnBox
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceA
TextOutA
RectVisible
PtVisible
Rectangle
Escape
GetObjectType
SelectPalette
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
OffsetRgn
GetDeviceCaps
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateFontIndirectA
DeleteObject
GetObjectA
SetBkColor
SetTextColor
CreateBitmap
CreateDCA
CopyMetaFileA
SelectObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA

shell32

SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderA
DragQueryFileA
DragFinish
ShellExecuteA

comctl32

ImageList_GetIconSize

shlwapi

PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathRemoveFileSpecW

ole32

DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
VariantInit
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantChangeType
VariantClear
SysStringLen

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 552KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 564KB - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17ba36e1101145bc1dde5120c18cd6d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

oleaut32

pdh

psapi

powrprof

advapi32

shell32

bcrypt

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 628KB - Virtual size: 627KB

.rdata Size: 165KB - Virtual size: 164KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 48KB - Virtual size: 47KB

.reloc Size: 2KB - Virtual size: 2KB

1aacb940e1e344a531c545d7fc2daf6f

Code Sign

0c:70:e5:1d:6e:4c:85:38:5c:46:23:cf:87:6a:fa:7dCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

0c:70:e5:1d:6e:4c:85:38:5c:46:23:cf:87:6a:fa:7dCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

cc:0f:8b:11:e2:46:be:7c:14:24:13:16:36:ab:0b:06:d7:e2:28:af:3e:f4:98:d8:39:7b:35:bc:47:d6:43:03Signer

da:27:9a:a7:6d:e1:3f:4e:c2:90:df:66:21:3f:a5:08:b1:f6:a6:b7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

UPX0 Size: - Virtual size: 2.4MB

UPX1 Size: 13.2MB - Virtual size: 13.2MB

UPX2 Size: 512B - Virtual size: 4KB

.vmp0 Size: 18KB - Virtual size: 18KB

.tls Size: 512B - Virtual size: 48B

.vmp1 Size: 62KB - Virtual size: 61KB

.reloc Size: 512B - Virtual size: 68B

.rsrc Size: 147KB - Virtual size: 147KB

97a52a67ed0dc3b06e1115942701fd4f

Headers

DLL Characteristics

.text
Size: 628KB - Virtual size: 627KB

.rdata
Size: 165KB - Virtual size: 164KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 48KB - Virtual size: 47KB

.reloc
Size: 2KB - Virtual size: 2KB

0c:70:e5:1d:6e:4c:85:38:5c:46:23:cf:87:6a:fa:7d
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0c:70:e5:1d:6e:4c:85:38:5c:46:23:cf:87:6a:fa:7d
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

cc:0f:8b:11:e2:46:be:7c:14:24:13:16:36:ab:0b:06:d7:e2:28:af:3e:f4:98:d8:39:7b:35:bc:47:d6:43:03
Signer

da:27:9a:a7:6d:e1:3f:4e:c2:90:df:66:21:3f:a5:08:b1:f6:a6:b7
Signer

UPX0
Size: - Virtual size: 2.4MB

UPX1
Size: 13.2MB - Virtual size: 13.2MB

UPX2
Size: 512B - Virtual size: 4KB

.vmp0
Size: 18KB - Virtual size: 18KB

.tls
Size: 512B - Virtual size: 48B

.vmp1
Size: 62KB - Virtual size: 61KB

.reloc
Size: 512B - Virtual size: 68B

.rsrc
Size: 147KB - Virtual size: 147KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 556B

.rdata
Size: 8KB - Virtual size: 7KB

.eh_fram
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 7KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: - Virtual size: 178KB

.rdata
Size: - Virtual size: 67KB

.data
Size: - Virtual size: 312KB

.pdata
Size: - Virtual size: 9KB

_RDATA
Size: - Virtual size: 500B

.#rH
Size: - Virtual size: 3.0MB

.)6P
Size: 2KB - Virtual size: 2KB

.V^n
Size: 5.2MB - Virtual size: 5.2MB

.reloc
Size: 512B - Virtual size: 76B

.rsrc
Size: 1024B - Virtual size: 985B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

47:7f:a8:59:43:47:1c:94:f0:e1:70:22:aa:26:a2:d3:b4:01:15:94:1f:02:59:a2:5b:4a:04:4f:21:2d:d5:3e
Signer

.text
Size: - Virtual size: 29KB