2bc4cfeb8fcb731731ab2987172d76f2e35b4d7924a1bbe935c6b6ac1e51fa12

Sharing

Copy URL Twitter E-mail

General

Target

2bc4cfeb8fcb731731ab2987172d76f2e35b4d7924a1bbe935c6b6ac1e51fa12
Size

1.9MB
MD5

27cd7a1d072f6112686915e819e3c6d8
SHA1

ec067c87cbec33170090234881f002beb228c5f6
SHA256

2bc4cfeb8fcb731731ab2987172d76f2e35b4d7924a1bbe935c6b6ac1e51fa12
SHA512

cfdc8352f590da59c260fff043ffce251aad96594c0e0a6910a6b6bcd4b050af9a072989c2f9b2c047ad78e6084b0536e7dd0b7c7f4398f8fef06b4419c57118
SSDEEP

49152:NyBZDUK9FZjDp8c8SjbAyrWk8lbhmBYkogGB0jrIa8i:o2SJ8c8SjblrJ8xYdogAUrIw

Score

1^/10

Malware Config

Signatures

Files

2bc4cfeb8fcb731731ab2987172d76f2e35b4d7924a1bbe935c6b6ac1e51fa12
.exe windows:5 windows x86 arch:x86

1890089f43984f28ac0c53867151e7da

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:29:04:9d:9b:a4:e6:fd:2e:22:b3:05:9a:c6:1d:4d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/08/2019, 00:00

Not After

26/08/2020, 12:00

Subject

CN=Wuhan SiTuoFu Technology Co.\, Ltd,O=Wuhan SiTuoFu Technology Co.\, Ltd,L=Wuhan,ST=Hubei,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:fb:02:29:ab:0f:8e:83:3f:02:b8:ef:c7:a0:1a:ac:f2:95:a6:40
Signer

Actual PE Digest

85:fb:02:29:ab:0f:8e:83:3f:02:b8:ef:c7:a0:1a:ac:f2:95:a6:40

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\代码文件夹\最终提交版20150729\已转交\MrtSetupEn\Mrt4\Release\MrtTool.pdb

Imports

kernel32

GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
SizeofResource
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetFileType
SetStdHandle
HeapSize
CreateThread
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
GetStartupInfoW
FindResourceExW
VirtualProtect
GetProfileIntW
SearchPathW
GetTempPathW
GetTempFileNameW
lstrcpyW
GetCurrentDirectoryW
GetFileTime
GetFileSizeEx
SetErrorMode
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
GetLocaleInfoA
SetUnhandledExceptionFilter
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
GlobalFlags
lstrlenA
FindNextFileW
ResumeThread
SetThreadPriority
InterlockedDecrement
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
FreeLibrary
lstrcmpW
GetVersionExA
GetProcAddress
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
LoadLibraryW
GetThreadLocale
DeleteFileW
SetLastError
GlobalSize
FormatMessageW
lstrlenW
MulDiv
FreeResource
GetFileAttributesW
RemoveDirectoryW
CopyFileW
CreateDirectoryW
GetPrivateProfileSectionW
GetTickCount
GetModuleHandleW
GetModuleFileNameW
Sleep
CreateMutexW
MultiByteToWideChar
LocalAlloc
LocalFree
GetLastError
WideCharToMultiByte
ExitProcess
WaitForSingleObject
TerminateProcess
GlobalFree
GlobalUnlock
WriteFile
CreateFileW
GlobalLock
GlobalAlloc
ReadProcessMemory
CloseHandle
OpenProcess
FindResourceW
LoadResource
LockResource
GetConsoleOutputCP

user32

GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetCursorPos
DrawFocusRect
DrawFrameControl
DrawEdge
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
UnregisterClassW
GetNextDlgGroupItem
InvalidateRgn
SetRect
CharNextW
EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageW
DestroyIcon
CopyImage
OpenClipboard
DrawStateW
RegisterClipboardFormatW
EnumChildWindows
LockWindowUpdate
BringWindowToTop
IsRectEmpty
KillTimer
SetTimer
InvalidateRect
IsMenu
SetClassLongW
SetParent
CreatePopupMenu
NotifyWinEvent
CreateAcceleratorTableW
LoadAcceleratorsW
DestroyAcceleratorTable
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
PostThreadMessageW
SetRectEmpty
DeleteMenu
WaitMessage
WindowFromPoint
SetCapture
LoadMenuW
DestroyMenu
GetMenuItemInfoW
InflateRect
ShowOwnedPopups
ValidateRect
SetWindowContextHelpId
MapDialogRect
MessageBeep
RedrawWindow
IsZoomed
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
RegisterWindowMessageW
SendDlgItemMessageA
SubtractRect
IsCharLowerW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetFocus
CopyIcon
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
CheckDlgButton
GetWindow
GetKeyNameTextW
MapVirtualKeyExW
IsClipboardFormatAvailable
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CharUpperW
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyCursor
GetWindowRgn
CreateMenu
GetDoubleClickTime
IsChild
GetIconInfo
CharUpperBuffW
GetUpdateRect
WinHelpW
FrameRect
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
wsprintfW
DispatchMessageW
TranslateMessage
GetMessageW
SetCursor
TrackMouseEvent
ReleaseCapture
PtInRect
EndPaint
BeginPaint
IsWindow
DrawTextW
DrawIconEx
IsWindowVisible
LoadBitmapW
UpdateWindow
SystemParametersInfoW
SetWindowRgn
GetSysColorBrush
LoadCursorW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
PostMessageW
FindWindowW
EnableWindow
ReleaseDC
GetDesktopWindow
GetDC
SetWindowPos
GetCursorPos

gdi32

CreatePen
CreateSolidBrush
CreateHatchBrush
GetTextExtentPoint32W
GetTextMetricsW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
OffsetRgn
GetRgnBox
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetTextColor
SetDIBColorTable
SetPixel
CreateDIBSection
GetBkColor
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
Polygon
Rectangle
RoundRect
GetObjectType
GetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
CreateRectRgn
SelectClipRgn
CreateBitmap
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
CreatePalette
GetDeviceCaps
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
SetBkColor
GetClipBox
GetDCOrgEx
CopyMetaFileW
StretchBlt
SetTextColor
SetBkMode
CreateRoundRectRgn
DeleteObject
SelectObject
CreateFontIndirectW
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectW
DeleteDC
CreateDCW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetViewportExtEx

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegCloseKey
RegQueryValueW

shell32

DragFinish
SHGetFileInfoW
SHAppBarMessage
SHGetPathFromIDListW
DragQueryFileW
ShellExecuteW
SHBrowseForFolderW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathIsUNCW
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ole32

OleUninitialize
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleLockRunning
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleGetClipboard
CoFreeUnusedLibraries
OleInitialize
CoUninitialize
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop

oleaut32

SysStringLen
OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
VariantCopy

urlmon

URLDownloadToFileW

gdiplus

GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetCanonicalizeUrlW
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetCrackUrlW

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1890089f43984f28ac0c53867151e7da

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

0f:29:04:9d:9b:a4:e6:fd:2e:22:b3:05:9a:c6:1d:4dCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

85:fb:02:29:ab:0f:8e:83:3f:02:b8:ef:c7:a0:1a:ac:f2:95:a6:40Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

gdiplus

setupapi

version

wininet

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 288KB - Virtual size: 287KB

.data Size: 25KB - Virtual size: 53KB

.rsrc Size: 194KB - Virtual size: 193KB

.reloc Size: 143KB - Virtual size: 143KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

0f:29:04:9d:9b:a4:e6:fd:2e:22:b3:05:9a:c6:1d:4d
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

85:fb:02:29:ab:0f:8e:83:3f:02:b8:ef:c7:a0:1a:ac:f2:95:a6:40
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 288KB - Virtual size: 287KB

.data
Size: 25KB - Virtual size: 53KB

.rsrc
Size: 194KB - Virtual size: 193KB

.reloc
Size: 143KB - Virtual size: 143KB