2efa5e7244aac9c7c450eb28a220f3f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2efa5e7244aac9c7c450eb28a220f3f5_JaffaCakes118
Size

896KB
MD5

2efa5e7244aac9c7c450eb28a220f3f5
SHA1

8cae8344ede81db9b3127fbd79c19357bc254473
SHA256

18230786e4224691941d4b9973e87e0bc4d022b589b90613dcaf9171d12b6003
SHA512

3d637aa68092314c4517de1cfb971c5424b2bb457deccaccb6967e84a188fda46d91ff160903effaaf6b53dc770f98e10fe5728b194203941803230ae634df7f
SSDEEP

12288:/vtui5oKzSYwN3rrHayyHiF9DqBk5ZYbWdDJW/Ba675Cx1NPmEwsQLyRTydxEEb3:3Yi2KzJKHcDy5ZZgBa0S11w7LEmjB3

Score

1^/10

Malware Config

Signatures

Files

2efa5e7244aac9c7c450eb28a220f3f5_JaffaCakes118
.rar
365日历/365Helper.dll
.dll windows:4 windows x86 arch:x86

29f0d5663ac0ebe1ef94afe3a9e94583

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

29/03/2010, 00:00

Not After

29/03/2011, 23:59

Subject

CN=北京问日科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

85:2c:01:51:00:ac:b6:4d:58:c5:b4:e0:39:4f:68:d6:1f:29:5a:18
Signer

Actual PE Digest

85:2c:01:51:00:ac:b6:4d:58:c5:b4:e0:39:4f:68:d6:1f:29:5a:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenUrlW
InternetReadFile
InternetOpenW
InternetCloseHandle

kernel32

SetFilePointer
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
SetStdHandle
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle

Exports

Exports

Download

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
365日历/365rili.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e3defb24b11cdabefff2cca94ea5a34c

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

29/03/2010, 00:00

Not After

29/03/2011, 23:59

Subject

CN=北京问日科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

35:e6:08:e5:59:b5:a7:07:70:f7:2d:bb:1c:03:53:c6:3f:d4:0e:a3
Signer

Actual PE Digest

35:e6:08:e5:59:b5:a7:07:70:f7:2d:bb:1c:03:53:c6:3f:d4:0e:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\lmatt\Documents\Visual Studio 2005\Projects\ShellTest\ShellTest\Release\ShellTest.pdb

Imports

kernel32

InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
InterlockedIncrement
FindResourceW
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
GetSystemTimeAsFileTime
GetCurrentProcessId
GetLastError
DeleteCriticalSection
lstrcmpiW
GetSystemDirectoryW
InitializeCriticalSection
CreateProcessW
CloseHandle
RaiseException
LoadResource
lstrlenW
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange

user32

UnregisterClassA
CharNextW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

msvcr80

__clean_type_info_names_internal
??3@YAXPAX@Z
malloc
free
memcpy_s
_CxxThrowException
wcsncpy_s
memset
_snwprintf_s
??_V@YAXPAX@Z
__CxxFrameHandler3
_purecall
_recalloc
??_U@YAPAXI@Z
??2@YAPAXI@Z
wcscpy_s
wcscat_s
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
365日历/365日历.exe
.exe windows:5 windows x86 arch:x86

e53af2b90f68515c5f9bfea0c949a109

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

29/03/2010, 00:00

Not After

29/03/2011, 23:59

Subject

CN=北京问日科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:be:9f:78:f3:ba:e6:3d:56:2f:8f:4c:cd:c4:49:b1:b8:75:ff:45
Signer

Actual PE Digest

ea:be:9f:78:f3:ba:e6:3d:56:2f:8f:4c:cd:c4:49:b1:b8:75:ff:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendCommandA

kernel32

ConvertDefaultLocale
GetCurrentThread
GetCurrentProcessId
FindNextFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
ExitThread
SetEnvironmentVariableA
SetCurrentDirectoryA
HeapReAlloc
ExitProcess
GetFileType
GetStartupInfoA
RtlUnwind
HeapSize
InterlockedExchange
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
GetStdHandle
GetTimeZoneInformation
CompareStringW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetProcessHeap
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
EnumResourceLanguagesA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
lstrcmpA
ResumeThread
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
CompareStringA
GlobalFree
FormatMessageA
LocalFree
MulDiv
GetFileTime
GetFileSizeEx
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
SetLastError
GetThreadLocale
MoveFileA
GetDiskFreeSpaceA
SetVolumeLabelA
GetDriveTypeA
GetFileAttributesA
SetFileAttributesA
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersion
CopyFileA
GetLocaleInfoA
GetFileSize
CreateFileA
WinExec
Sleep
GetModuleHandleW
GetCurrentThreadId
InterlockedIncrement
GetVersionExA
GetModuleFileNameW
CreateMutexA
GetCommandLineA
GetModuleFileNameA
LoadLibraryExA
RaiseException
lstrlenW
IsDBCSLeadByte
lstrcmpiA
lstrlenA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
InterlockedDecrement
GetModuleHandleA
GetCurrentProcess
SetProcessWorkingSetSize
DeleteFileA
CreateThread
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryA
LockResource
FindResourceA
LoadResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLastError
SetFilePointer
SetStdHandle

user32

SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatA
PostQuitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
WinHelpA
IsChild
GetCapture
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetLastActivePopup
DispatchMessageA
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
PostThreadMessageA
DefWindowProcA
GetMenu
GetWindowPlacement
GetWindowTextA
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
ReleaseCapture
SetFocus
GetFocus
SetCapture
InvalidateRgn
EqualRect
IntersectRect
IsWindowEnabled
IsWindowVisible
IsRectEmpty
CopyAcceleratorTableA
GetMenuState
GetMenuItemID
CharUpperA
OemToCharBuffA
SetCursor
DrawTextA
ReleaseDC
GetWindowDC
SetWindowPos
SetWindowRgn
LoadBitmapA
CopyRect
LoadCursorA
GetSysColorBrush
SetRect
SetActiveWindow
RedrawWindow
GetClassNameA
TrackPopupMenu
GetMenuItemCount
UnregisterClassA
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
InsertMenuA
TabbedTextOutA
DestroyMenu
MessageBeep
GetNextDlgGroupItem
GetSubMenu
LoadMenuA
SystemParametersInfoA
GetAsyncKeyState
AttachThreadInput
GetForegroundWindow
OffsetRect
DrawIcon
GetSystemMetrics
IsIconic
AppendMenuA
GetSystemMenu
InvalidateRect
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
LoadIconA
RegisterWindowMessageA
MessageBoxA
FindWindowA
CharNextA
EnableWindow
KillTimer
PtInRect
GetWindowRect
GetCursorPos
SetTimer
BringWindowToTop
FindWindowExA
CallWindowProcA
GetClientRect
GetWindowLongA
SetWindowLongA
GetDC
GetDesktopWindow
SetParent
SendMessageA
SetForegroundWindow
PostMessageA
IsWindow

gdi32

ExtSelectClipRgn
DeleteDC
SetWindowExtEx
GetMapMode
DPtoLP
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetObjectA
GetDeviceCaps
SetMapMode
SetBkMode
RestoreDC
SaveDC
ExtTextOutA
GetTextColor
GetBkColor
GetStockObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetRgnBox
CreateRectRgnIndirect
BitBlt
CreateCompatibleDC
GetDIBits
DeleteObject
CombineRgn
CreateRectRgn
CreateFontIndirectA
GetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathFileExistsA
PathRemoveFileSpecW

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoUninitialize
CoGetClassObject
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoInitializeEx

oleaut32

VariantClear
OleCreateFontIndirect
VariantChangeType
VariantCopy
SafeArrayDestroy
SysAllocStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
LoadTypeLi
SysStringLen
VarUI4FromStr
SysAllocString
SysFreeString
SysAllocStringLen
VariantInit

urlmon

CoInternetGetSession
URLDownloadToCacheFileA

ws2_32

getprotobyname
WSAGetLastError
socket
gethostbyname
htons
connect
send
recv
closesocket
setsockopt
WSACleanup
WSASetLastError
WSAStartup

iphlpapi

GetAdaptersInfo

wininet

InternetOpenUrlA
InternetOpenA
HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetCloseHandle

Sections

.text
Size: 447KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
365日历/core.dat
365日历/desktop.dll
.dll windows:5 windows x86 arch:x86

ee3de515e76c4f277fa4624e9aae4ba5

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

29/03/2010, 00:00

Not After

29/03/2011, 23:59

Subject

CN=北京问日科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

a1:80:53:1d:a8:48:3f:a7:d7:93:b9:ce:fa:e2:6a:ed:a6:6b:c4:7a
Signer

Actual PE Digest

a1:80:53:1d:a8:48:3f:a7:d7:93:b9:ce:fa:e2:6a:ed:a6:6b:c4:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\LYC\Documents\Visual Studio 2008\Projects\desktop\Release\desktop.pdb

Imports

user32

CallNextHookEx
FindWindowExW
PostMessageW

kernel32

QueryPerformanceCounter
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

ShowDesktopHookProc

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
365日历/iecatch.dll
.dll .vbs regsvr32 windows:4 windows x86 arch:x86 polyglot

9093555040534a95314722428f2a652e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

29/03/2010, 00:00

Not After

29/03/2011, 23:59

Subject

CN=北京问日科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:f3:b7:52:fb:55:13:1c:6c:27:4e:b0:e9:50:0b:ff:a3:ef:e2:4c
Signer

Actual PE Digest

5e:f3:b7:52:fb:55:13:1c:6c:27:4e:b0:e9:50:0b:ff:a3:ef:e2:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapCreate
lstrlenW
Sleep
GetTickCount
CreateProcessA
GetVersionExA
lstrlenA
WideCharToMultiByte
DebugBreak
HeapFree
GetSystemInfo
HeapAlloc
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
DisableThreadLibraryCalls
RtlUnwind

user32

MessageBoxA
FindWindowA
IsWindow
SendMessageA

oleaut32

SysStringLen
LoadRegTypeLi
SysFreeString

atl

ord23
ord15
ord18
ord57
ord32
ord16
ord58
ord30
ord21

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
365日历/rili.dll
.dll windows:4 windows x86 arch:x86

9355bee5e6d48564245406a4a369f07d

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

29/03/2010, 00:00

Not After

29/03/2011, 23:59

Subject

CN=北京问日科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

78:27:2b:4b:85:d9:f2:a5:68:49:23:43:4b:8e:0a:cb:ab:db:a0:32
Signer

Actual PE Digest

78:27:2b:4b:85:d9:f2:a5:68:49:23:43:4b:8e:0a:cb:ab:db:a0:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
CloseHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
SetStdHandle
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
WriteFile
HeapFree
VirtualFree
OutputDebugStringA
GetLocalTime
GetVersion
GetCurrentThreadId
lstrcmpiA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate

user32

DestroyWindow
DestroyMenu
CharNextA
SetWindowLongA
GetClassLongA
SetClassLongA
GetParent
InvalidateRect
PtInRect
SetCapture
SetTimer
KillTimer
ReleaseCapture
CallWindowProcA
DefWindowProcA
GetClassNameA
CallNextHookEx
IsWindow
SendMessageA
UnhookWindowsHookEx
GetWindowLongA
GetWindowThreadProcessId
SetWindowsHookExA
PostMessageA
FindWindowA
GetClientRect

gdi32

DeleteObject
DeleteDC

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

End
Start

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MYDATA
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
365日历/settings.ini
365日历/sntp.dll
.dll windows:4 windows x86 arch:x86

d1a94162ca46242d980dd7feec8c82e7

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

29/03/2010, 00:00

Not After

29/03/2011, 23:59

Subject

CN=北京问日科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:67:99:a2:e8:99:94:16:65:78:75:3e:68:90:8b:1f:73:ca:75:06
Signer

Actual PE Digest

4c:67:99:a2:e8:99:94:16:65:78:75:3e:68:90:8b:1f:73:ca:75:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcess
SetSystemTime
GetSystemTime
CreateThread
GetExitCodeThread
GetLastError
CloseHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
RaiseException
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle

user32

TranslateMessage
PeekMessageA
DispatchMessageA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

wsock32

htons
ioctlsocket
gethostbyname
connect
htonl
ntohl
WSAStartup
WSACleanup
send
recv
select
socket

Exports

Exports

CheckTime

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
365日历/sound/Lock.wav
365日历/sound/alert.wav
365日历/sound/bell_cdok.WAV
365日历/sound/cd_start.wav

Sharing

General

Malware Config

Signatures

Files

29f0d5663ac0ebe1ef94afe3a9e94583

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60Certificate

Extended Key Usages

Key Usages

85:2c:01:51:00:ac:b6:4d:58:c5:b4:e0:39:4f:68:d6:1f:29:5a:18Signer

Headers

File Characteristics

Imports

wininet

kernel32

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 11KB - Virtual size: 17KB

.reloc Size: 3KB - Virtual size: 3KB

e3defb24b11cdabefff2cca94ea5a34c

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60Certificate

Extended Key Usages

Key Usages

35:e6:08:e5:59:b5:a7:07:70:f7:2d:bb:1c:03:53:c6:3f:d4:0e:a3Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcr80

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

e53af2b90f68515c5f9bfea0c949a109

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60Certificate

Extended Key Usages

Key Usages

ea:be:9f:78:f3:ba:e6:3d:56:2f:8f:4c:cd:c4:49:b1:b8:75:ff:45Signer

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate

85:2c:01:51:00:ac:b6:4d:58:c5:b4:e0:39:4f:68:d6:1f:29:5a:18
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 11KB - Virtual size: 17KB

.reloc
Size: 3KB - Virtual size: 3KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate

35:e6:08:e5:59:b5:a7:07:70:f7:2d:bb:1c:03:53:c6:3f:d4:0e:a3
Signer

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate

ea:be:9f:78:f3:ba:e6:3d:56:2f:8f:4c:cd:c4:49:b1:b8:75:ff:45
Signer

.text
Size: 447KB - Virtual size: 447KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 26KB - Virtual size: 42KB

.rsrc
Size: 222KB - Virtual size: 221KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate

a1:80:53:1d:a8:48:3f:a7:d7:93:b9:ce:fa:e2:6a:ed:a6:6b:c4:7a
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 3KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

b7:c6:f4:cf:b8:77:0b:a1:2e:ec:02:7c:8e:80:2d:60
Certificate