blackmoon | 样本[.]zip

Resubmissions

24/06/2024, 08:15

240624-j5zm4asera 10

10/06/2024, 16:22

240610-tvfscatcnn 10

Sharing

Copy URL

Twitter E-mail

General

Target

样本.zip
Size

180.3MB
MD5

c37be047c0949b4f349ef99528f0d684
SHA1

8c40dd0b8585a2390271ecb7bb5513f779a0f123
SHA256

3a15890bedd42d2f1212ace0369dce19f30f85ac65faf3f094933b3be7a6372b
SHA512

935189eb061ae8b7d585df0873a0bcc6ffff84a0a49377c6c4313886345be57123ca930f783514d33cc09ae117003fe10d14845ac8c08fbe3a09794777ae9434
SSDEEP

3145728:hf1T1l+QtfwiI/ioad7Gq2DEq040HfnRAXHLfHBdSsDhHAnITNp:vhPI6oadN2wql0/nRwhDPTP

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/??/APP	family_blackmoon

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/??/12386.bin
unpack001/??/325.exe
unpack001/??/APP
unpack001/??/output_64.bin
unpack001/??/rundll32.dll
unpack001/??/styem.exe

Files

样本.zip
.zip

Password: infected
??/12386.bin
.dll windows:5 windows x64 arch:x64

47dda00bdcf59faf193ec0b35f2c522b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
Sleep
CreateEventA
GetLastError
CloseHandle
GetCurrentThreadId
SwitchToThread
SetLastError
WideCharToMultiByte
lstrlenW
ResetEvent
CreateEventW
DeleteCriticalSection
TryEnterCriticalSection
SetWaitableTimer
CreateWaitableTimerW
LoadLibraryW
LocalReAlloc
GetProcAddress
LocalAlloc
LocalSize
LocalFree
lstrcpyW
ExitProcess
CreateThread
CreateFileW
FlushFileBuffers
EnterCriticalSection
HeapCreate
LeaveCriticalSection
HeapDestroy
InitializeCriticalSectionAndSpinCount
HeapFree
HeapAlloc
VirtualAlloc
CancelIo
VirtualFree
WriteConsoleW
SetStdHandle
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
HeapReAlloc
HeapSize
GetProcessHeap
ExitThread
DecodePointer
EncodePointer
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
FlsGetValue
FlsFree
FlsAlloc
RtlUnwindEx
GetCPInfo

user32

PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
DispatchMessageW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW

ws2_32

shutdown
WSACreateEvent
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl
connect
WSAStartup
WSAEventSelect
htons
setsockopt
WSACleanup
recv
socket
closesocket
gethostbyname
send
WSAEnumNetworkEvents
WSAGetLastError
WSACloseEvent
select
WSASetLastError

winmm

timeGetTime

Exports

Exports

Main
run

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
??/325.exe
.exe windows:5 windows x86 arch:x86

d6b0dc1b7cdf65cf7e0ae1b8c64eba7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderLocation

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Destroy
ImageList_AddMasked
ImageList_Create

user32

GetDlgItemTextW
SetDlgItemTextW
RegisterClassW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
SetWindowPos
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
EndDialog
GetSystemMetrics
CreatePopupMenu
AppendMenuW
GetWindowRect
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
ScreenToClient
CheckDlgButton
LoadCursorW
SetCursor
MessageBoxIndirectW
GetSysColor
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
CharPrevW
DispatchMessageW
wsprintfA
GetWindowLongW
PeekMessageW
SystemParametersInfoW

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
CreateProcessW
CreateDirectoryW
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
lstrcatW
GetCurrentProcess
GetVersionExW
GetModuleFileNameW
GetFileSize
GetLastError
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
RemoveDirectoryW
lstrcpyA
MoveFileExW
ExitProcess

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
??/8???Ukey????? (1).msi
.msi
??/9jRa0z93.rar
.rar
9jRa0z93.exe
.exe windows:4 windows x86 arch:x86

b600798dc0cba5e324813444b5969f90

Code Sign

62:f8:12:a3:5f:52:bd:74:b7:18:d6:10:ac:4b:47:83
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:28

Not After

11/09/2023, 09:28

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:55:9d:9a:1e:2f:c1:a4:79:d6:27:68:4d:11:3a:59
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/08/2021, 19:03

Not After

18/08/2024, 19:03

Subject

SERIALNUMBER=C 86211,CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Prague,C=CZ,1.3.6.1.4.1.311.60.2.1.3=#1302435a,1.3.6.1.4.1.311.60.2.1.2=#1306507261677565,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:2b:83:b9:c7:4c:38:a5:a4:c2:a8:5f:54:1d:7d:f0:cd:c6:59:76:65:93:68:ae:00:a9:a3:8e:5f:7b:47:63
Signer

Actual PE Digest

58:2b:83:b9:c7:4c:38:a5:a4:c2:a8:5f:54:1d:7d:f0:cd:c6:59:76:65:93:68:ae:00:a9:a3:8e:5f:7b:47:63

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame
AVIStreamInfoA

winmm

waveOutPrepareHeader
PlaySoundA
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutRestart
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
waveOutUnprepareHeader
midiOutPrepareHeader

ws2_32

inet_ntoa
WSACleanup
closesocket
WSAAsyncSelect
recvfrom
ioctlsocket
recv
getpeername
accept
ntohl

kernel32

TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
GetTempFileNameA
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
IsDBCSLeadByte
GlobalDeleteAtom
GetShortPathNameA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
InterlockedDecrement
InterlockedIncrement
SuspendThread
TerminateThread
ReleaseMutex
CreateMutexA
GetVersion
GetTimeZoneInformation
SetLastError
GlobalHandle
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
TlsAlloc
LocalAlloc
GlobalFindAtomA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
MoveFileA
DeleteFileA
CopyFileA
CreateDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
GlobalGetAtomNameA
GlobalAddAtomA
InterlockedExchange
GetProfileIntA
FindResourceExA
lstrcpyW
lstrcmpA

user32

GetTabbedTextExtentA
wvsprintfA
ShowOwnedPopups
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollPos
RegisterClassA
GetMenuItemCount
GetMenuItemID
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetWindowTextLengthA
HideCaret
GetSysColorBrush
GetWindowTextA
GetDlgItem
FindWindowA
keybd_event
GetClassNameA
GetDesktopWindow
VkKeyScanExA
GetKeyboardLayout
GetNextDlgTabItem
UnionRect
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
LoadStringA
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
InvertRect
InsertMenuA
GetMenuStringA
RemoveMenu
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
ClipCursor
DestroyCaret
ShowCaret
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
LockWindowUpdate
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
GetAsyncKeyState
MapDialogRect
InSendMessage
UnregisterClassA
GetDCEx
GetCaretPos
SetCaretPos
CreateCaret
GetDlgCtrlID

gdi32

BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
EndPath
PolyBezierTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
ExtTextOutA
Escape
GetTextMetricsA
GetMapMode
SetRectRgn
GetCharWidthA
CopyMetaFileA
AbortDoc
SetAbortProc
EnumFontFamiliesA
CreateICA
PtInRegion
RectInRegion
CreateEllipticRgnIndirect
Polyline
DeleteEnhMetaFile
SetWinMetaFileBits
PlayEnhMetaFile
SetEnhMetaFileBits
GetEnhMetaFileBits
FrameRgn
CloseFigure
GetPath
StrokeAndFillPath
OffsetRgn
SetPolyFillMode
RestoreDC
SaveDC
PathToRegion
CreateEllipticRgn
DeleteMetaFile
CloseMetaFile
GetTextAlign
GetNearestColor
GetTextFaceA
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBrushIndirect
CreateHatchBrush
CreateBitmap
GetDeviceCaps
GetTextExtentPoint32A
Polygon
Arc
Chord
Pie
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
SetPixelV
CreateCompatibleDC
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreatePatternBrush
EnumFontFamiliesExA
CreateFontA
SetDIBitsToDevice
StretchDIBits
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
SetROP2

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetOpenFileNameA
CommDlgExtendedError
ChooseFontA
ChooseColorA
GetSaveFileNameA
PrintDlgA
GetFileTitleA

advapi32

RegQueryValueExA
RegOpenKeyExA
GetFileSecurityA
RegSetValueExA
RegCreateKeyA
RegQueryValueA
SetFileSecurityA
RegOpenKeyA
RegSetValueA
RegCreateKeyExA
RegCloseKey

shell32

DragQueryFileA
Shell_NotifyIconA
ExtractIconA
DragFinish
SHGetFileInfoA
ShellExecuteA

ole32

OleSetMenuDescriptor
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CoUninitialize
CoInitialize
CoGetClassObject
OleSetClipboard
CreateFileMoniker
CoLockObjectExternal
OleQueryCreateFromData
OleGetClipboard
CreateGenericComposite
CreateItemMoniker
OleSaveToStream
WriteClassStm
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSave
OleCreate
OleCreateLinkToFile
OleCreateFromFile
OleCreateStaticFromData
OleCreateFromData
OleSetContainedObject
OleLockRunning
OleRun
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
OleUninitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CoDisconnectObject
OleIsRunning
OleLoad
OleConvertOLESTREAMToIStorage
OleGetIconOfClass

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
UnRegisterTypeLi
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
SafeArrayPutElement

odbc32

ord18
ord44
ord3
ord54
ord68
ord72
ord4
ord48
ord49
ord20
ord17
ord59
ord8
ord19
ord46
ord12
ord43
ord41
ord2
ord1
ord50
ord45
ord51
ord15
ord9
ord14
ord11
ord13
ord16
ord5
ord10

comctl32

DestroyPropertySheetPage
PropertySheetA
CreatePropertySheetPageA
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_Draw
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Read
ImageList_Duplicate

wininet

InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FtpGetFileA
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

imm32

ImmGetContext
ImmGetCompositionStringA
ImmNotifyIME
ImmReleaseContext
ImmSetCompositionWindow

wldap32

ord29

oledlg

ord11
ord4
ord3

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22.7MB - Virtual size: 22.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
??/ALL
.exe windows:6 windows x64 arch:x64

e1d09075f28cda2545402ab47b4fbcb1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:db:0c:b4:da:c2:6e:c6:70:77:cb:04:55:98:54:ed
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/01/2023, 00:00

Not After

04/01/2025, 23:59

Subject

CN=武汉木仓科技股份有限公司,O=武汉木仓科技股份有限公司,L=武汉市,ST=湖北省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:13:99:8f:be:fe:ea:c6:eb:a8:23:f7:19:1d:06:cc:e7:80:7c:13:67:a2:6e:25:dc:38:c8:b9:ef:16:d6:bd
Signer

Actual PE Digest

04:13:99:8f:be:fe:ea:c6:eb:a8:23:f7:19:1d:06:cc:e7:80:7c:13:67:a2:6e:25:dc:38:c8:b9:ef:16:d6:bd

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetHandleInformation
FindFirstFileA
TerminateProcess
FindNextFileA
CreatePipe
FindClose
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
GetLastError
Process32NextW
MoveFileA
Process32FirstW
CloseHandle
ExitProcess
GetCurrentProcessId
CreateProcessA
GetCurrentProcess
lstrlenW
DeviceIoControl
CreateFileW
lstrcatW
WriteConsoleW
lstrcmpiA
GetProcAddress
LoadLibraryA
lstrcatA
K32GetDeviceDriverBaseNameA
LoadLibraryExA
QueryFullProcessImageNameA
K32EnumDeviceDrivers
HeapReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
WideCharToMultiByte
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize

advapi32

RegSetValueExA
RegOpenKeyExW
RegCreateKeyW
RegCloseKey

ntdll

NtQuerySystemInformation
NtQueryInformationProcess

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data
.pdata
.rdata
.reloc
.rsrc/0/GROUP_ICON/MAINICON
.rsrc/0/ICON/1
.png
.rsrc/0/version.txt
.rsrc/1033/MANIFEST/1
.xml
.rsrc_1
.text
CERTIFICATE
_RDATA
??/APP
.exe windows:5 windows x86 arch:x86

a80097d13f7e0058bb1a805555708354

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapQueryInformation
LCMapStringA
GetCommandLineA
GetTickCount
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
MulDiv
GetCurrentDirectoryA
GetVolumeInformationA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
GetPrivateProfileStringA
GetStartupInfoA
CreateProcessA
ExitProcess
CancelWaitableTimer
VirtualAlloc
VirtualFree
HeapReAlloc
FreeLibrary
HeapDestroy
TryEnterCriticalSection
SetCriticalSectionSpinCount
DeleteCriticalSection
HeapCreate
CreateEventA
WaitForMultipleObjects
SetEvent
lstrcpyn
RtlMoveMemory
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
IsWow64Process
GetSystemInfo
GlobalMemoryStatusEx
GetProcessId
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
SetFileAttributesA
GetFileAttributesA
GetLongPathNameA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetComputerNameA
MoveFileA
ReadFile
GetFileSizeEx
WriteFile
SetEndOfFile
SetFilePointerEx
CreateFileA
CreateFileW
TlsSetValue
IsBadReadPtr
TlsGetValue
GetTempPathW
lstrlenW
DeleteFileA
CreateFileMappingA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
HeapSize
GetCurrentProcess
TerminateProcess
GetProcAddress
LoadLibraryA
GetModuleHandleA
SetThreadAffinityMask
HeapFree
InterlockedExchange
LeaveCriticalSection
GetCurrentThreadId
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerA
SwitchToThread
InterlockedCompareExchange
EnterCriticalSection
HeapAlloc
GetProcessHeap
CloseHandle
CreateThread
SetProcessDEPPolicy
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
LocalReAlloc
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
LocalAlloc
SetFilePointer
GetLastError
GetDriveTypeA
Sleep
lstrcpyA
lstrlenA
SetLastError
lstrcatA
QueryPerformanceCounter
GetVersion
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
RtlUnwind
RaiseException
SetUnhandledExceptionFilter
GetModuleHandleW
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsFree
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
VirtualQuery
GetStringTypeW
LoadLibraryW
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
WriteConsoleW
EnumSystemLocalesA
IsValidLocale
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
LocalFree
lstrcpynA
IsBadReadPtr
LCMapStringA
LoadLibraryA
FreeLibrary
GetProcAddress
HeapFree
HeapAlloc
ExitProcess
GetProcessHeap
GetModuleHandleA
GetEnvironmentVariableA
VirtualProtectEx
RtlMoveMemory

user32

PtInRect
GetWindow
GetParent
PostQuitMessage
PostMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
TabbedTextOutA
DrawTextA
GrayStringA
UnhookWindowsHookEx
DestroyWindow
GetDlgCtrlID
SetWindowTextA
GetMenuItemCount
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetWindowLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
EmptyClipboard
SetClipboardData
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetWindowTextA
SystemParametersInfoA
GetClassNameA
SendMessageA
SetForegroundWindow
SetActiveWindow
BringWindowToTop
CloseClipboard
GetClipboardData
OpenClipboard
ClientToScreen
GetClientRect
SetFocus
GetWindowThreadProcessId
ShowWindowAsync
BlockInput
FindWindowExA
DestroyIcon
GetDC
FillRect
AttachThreadInput
SetWindowLongA
GetDlgItem
SetWindowPos
GetAncestor
GetForegroundWindow
IsWindow
MsgWaitForMultipleObjects
GetWindowPlacement
IsWindowVisible
IsIconic
DrawIconEx
ReleaseDC
SendInput
GetSystemMetrics
MapVirtualKeyA
GetLastInputInfo
LoadImageA
EnumDisplaySettingsA
GetWindowRect
wsprintfA
MessageBoxA

oleaut32

SystemTimeToVariantTime
OleLoadPicture
VarR8FromCy
VarR8FromBool
VariantTimeToSystemTime
SafeArrayDestroy
VariantClear
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantTimeToSystemTime

shlwapi

PathFindFileNameA
PathFindExtensionA

gdi32

GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
GetDeviceCaps
SetDIBitsToDevice
GetDIBits
SetPixelV
GetPixel
GdiFlush
BitBlt
GetObjectA
CreateDIBSection
DeleteObject
SetTextColor
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetBkColor
RestoreDC
SaveDC
CreateBitmap
DeleteDC

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegOpenKeyA
RegCloseKey
OpenProcessToken
GetTokenInformation
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
ShellExecuteA
SHGetSpecialFolderPathA
SHGetFileInfoA
ShellExecuteExA

ole32

CoCreateGuid
CoInitialize
OleRun
CoInitializeEx
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
CoUninitialize

wininet

HttpSendRequestA
HttpSendRequestExA
InternetWriteFile
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
HttpEndRequestA
InternetOpenA

msvcrt

strstr
malloc
free
strchr
_ftol
atoi
sprintf

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

Sections

.text
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
??/output_64.bin
.dll windows:5 windows x64 arch:x64

47dda00bdcf59faf193ec0b35f2c522b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
Sleep
CreateEventA
GetLastError
CloseHandle
GetCurrentThreadId
SwitchToThread
SetLastError
WideCharToMultiByte
lstrlenW
ResetEvent
CreateEventW
DeleteCriticalSection
TryEnterCriticalSection
SetWaitableTimer
CreateWaitableTimerW
LoadLibraryW
LocalReAlloc
GetProcAddress
LocalAlloc
LocalSize
LocalFree
lstrcpyW
ExitProcess
CreateThread
CreateFileW
FlushFileBuffers
EnterCriticalSection
HeapCreate
LeaveCriticalSection
HeapDestroy
InitializeCriticalSectionAndSpinCount
HeapFree
HeapAlloc
VirtualAlloc
CancelIo
VirtualFree
WriteConsoleW
SetStdHandle
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
HeapReAlloc
HeapSize
GetProcessHeap
ExitThread
DecodePointer
EncodePointer
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
FlsGetValue
FlsFree
FlsAlloc
RtlUnwindEx
GetCPInfo

user32

PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
DispatchMessageW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW

ws2_32

shutdown
WSACreateEvent
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl
connect
WSAStartup
WSAEventSelect
htons
setsockopt
WSACleanup
recv
socket
closesocket
gethostbyname
send
WSAEnumNetworkEvents
WSAGetLastError
WSACloseEvent
select
WSASetLastError

winmm

timeGetTime

Exports

Exports

Main
run

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
??/output_86.bin
??/rundll32.dll
.dll windows:5 windows x64 arch:x64

b932983d019d93532eb783e0889be147

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CancelIo
TryEnterCriticalSection
SetWaitableTimer
CreateWaitableTimerW
GetCurrentProcess
GetProcessHeap
OpenProcess
GetModuleFileNameW
GetCurrentProcessId
LocalFree
GetThreadContext
SetThreadContext
GetExitCodeProcess
CreateProcessA
GetSystemDirectoryA
VirtualAllocEx
WriteProcessMemory
ResumeThread
GetProcAddress
VirtualProtect
CreateMutexW
FindFirstFileW
SystemTimeToFileTime
GlobalSize
CreateEventW
GlobalLock
WriteFile
GlobalAlloc
FileTimeToSystemTime
CreateFileW
lstrcmpW
GlobalUnlock
GlobalFree
FindClose
GetLocalTime
RemoveDirectoryW
lstrcatW
FindNextFileW
GetFileTime
DeleteFileW
GetSystemTime
SetFileAttributesW
CreateThread
HeapSize
ExitThread
DecodePointer
EncodePointer
SetThreadStackGuarantee
FlushFileBuffers
WriteConsoleW
SetStdHandle
VirtualFree
ResetEvent
lstrlenW
WideCharToMultiByte
SetLastError
SwitchToThread
GetCurrentThreadId
CloseHandle
GetLastError
CreateEventA
Sleep
SetEvent
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
HeapCreate
LeaveCriticalSection
HeapDestroy
InitializeCriticalSectionAndSpinCount
HeapFree
HeapAlloc
VirtualAlloc
CreateDirectoryW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemInfo
VirtualQuery
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
LoadLibraryW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwindEx
FlsAlloc
FlsFree
FlsGetValue
GetStdHandle
ExitProcess
GetModuleHandleW
GetVersion
HeapSetInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc

user32

GetDC
DispatchMessageW
ReleaseDC
GetDesktopWindow
GetSystemMetrics
PeekMessageW
MsgWaitForMultipleObjects
TranslateMessage
wsprintfW

gdi32

DeleteDC
CreateDIBSection
GetDeviceCaps
StretchBlt
GetDIBits
SetDIBColorTable
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode

advapi32

RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

ws2_32

connect
WSAStartup
select
htons
setsockopt
WSACleanup
socket
closesocket
gethostbyname
send
recv
WSACloseEvent
WSAGetLastError
WSAEnumNetworkEvents
WSAEventSelect
shutdown
WSACreateEvent
WSASetLastError
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl

winmm

timeGetTime

gdiplus

GdiplusShutdown
GdipSaveImageToStream
GdipFree
GdipGetImageHeight
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImagePaletteSize
GdipDisposeImage
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipAlloc
GdipGetImageEncodersSize
GdiplusStartup
GdipGetImageWidth
GdipCloneImage

Exports

Exports

load
run
run

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 233KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
??/styem.exe
.exe windows:5 windows x64 arch:x64

7381bfdd301b4a54762432f13a9b5f13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CancelIo
TryEnterCriticalSection
SetWaitableTimer
CreateWaitableTimerW
GetCurrentProcess
GetProcessHeap
OpenProcess
GetModuleFileNameW
GetCurrentProcessId
LocalFree
GetThreadContext
SetThreadContext
GetExitCodeProcess
CreateProcessA
GetSystemDirectoryA
VirtualAllocEx
WriteProcessMemory
ResumeThread
FreeLibrary
GetProcAddress
VirtualProtect
CreateMutexW
FindFirstFileW
SetUnhandledExceptionFilter
SystemTimeToFileTime
GlobalSize
CreateDirectoryW
GlobalLock
CreateEventW
GlobalAlloc
LoadLibraryW
GetConsoleWindow
FileTimeToSystemTime
CreateFileW
lstrcmpW
GlobalUnlock
GlobalFree
FindClose
GetLocalTime
RemoveDirectoryW
lstrcatW
IsDebuggerPresent
FindNextFileW
GetFileTime
DeleteFileW
GetSystemTime
SetFileAttributesW
CreateThread
HeapSize
ExitThread
DecodePointer
EncodePointer
SetThreadStackGuarantee
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
ResetEvent
lstrlenW
WideCharToMultiByte
SetLastError
SwitchToThread
GetCurrentThreadId
CloseHandle
GetLastError
CreateEventA
Sleep
SetEvent
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
HeapCreate
LeaveCriticalSection
HeapDestroy
InitializeCriticalSectionAndSpinCount
HeapFree
HeapAlloc
VirtualAlloc
WriteFile
VirtualFree
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemInfo
GetSystemTimeAsFileTime
VirtualQuery
GetCommandLineW
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwindEx
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
GetStdHandle
ExitProcess
GetModuleHandleW
GetVersion
HeapSetInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
HeapReAlloc

user32

PostThreadMessageA
TranslateMessage
PeekMessageW
DispatchMessageW
wsprintfW
GetDC
GetInputState
ReleaseDC
GetDesktopWindow
ShowWindow
MsgWaitForMultipleObjects
GetSystemMetrics

gdi32

CreateDIBSection
GetDeviceCaps
StretchBlt
GetDIBits
SetDIBColorTable
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
DeleteDC

advapi32

RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegSetValueExW

shell32

SHGetFolderPathW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

ws2_32

select
htons
setsockopt
WSACleanup
recv
socket
gethostbyname
send
closesocket
WSACloseEvent
WSAGetLastError
WSAEnumNetworkEvents
WSAStartup
shutdown
WSACreateEvent
WSASetLastError
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl
connect
WSAEventSelect

winmm

timeGetTime

gdiplus

GdiplusShutdown
GdipSaveImageToStream
GdipFree
GdipGetImageHeight
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 233KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

47dda00bdcf59faf193ec0b35f2c522b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

winmm

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1KB - Virtual size: 1KB

d6b0dc1b7cdf65cf7e0ae1b8c64eba7d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 170KB

.ndata Size: - Virtual size: 100KB

.rsrc Size: 364KB - Virtual size: 363KB

b600798dc0cba5e324813444b5969f90

Code Sign

62:f8:12:a3:5f:52:bd:74:b7:18:d6:10:ac:4b:47:83Certificate

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

78:55:9d:9a:1e:2f:c1:a4:79:d6:27:68:4d:11:3a:59Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1cCertificate

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

58:2b:83:b9:c7:4c:38:a5:a4:c2:a8:5f:54:1d:7d:f0:cd:c6:59:76:65:93:68:ae:00:a9:a3:8e:5f:7b:47:63Signer

Headers

File Characteristics

Imports

msvfw32

avifil32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 170KB

.ndata
Size: - Virtual size: 100KB

.rsrc
Size: 364KB - Virtual size: 363KB

62:f8:12:a3:5f:52:bd:74:b7:18:d6:10:ac:4b:47:83
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

78:55:9d:9a:1e:2f:c1:a4:79:d6:27:68:4d:11:3a:59
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

58:2b:83:b9:c7:4c:38:a5:a4:c2:a8:5f:54:1d:7d:f0:cd:c6:59:76:65:93:68:ae:00:a9:a3:8e:5f:7b:47:63
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 22.7MB - Virtual size: 22.7MB

.data
Size: 164KB - Virtual size: 519KB

.rsrc
Size: 628KB - Virtual size: 627KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:db:0c:b4:da:c2:6e:c6:70:77:cb:04:55:98:54:ed
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

04:13:99:8f:be:fe:ea:c6:eb:a8:23:f7:19:1d:06:cc:e7:80:7c:13:67:a2:6e:25:dc:38:c8:b9:ef:16:d6:bd
Signer

.text
Size: 105KB - Virtual size: 104KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 3KB - Virtual size: 11KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 123KB - Virtual size: 122KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 464KB - Virtual size: 464KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 1.0MB - Virtual size: 1.2MB

.reloc
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 55KB - Virtual size: 56KB