G:\晴天小工具2021年3月4日\Debug\晴天小工具.pdb
Static task
static1
Behavioral task
behavioral1
Sample
f6fa162a034d5a8310d3634ede959641244fa23180fffc44d810899694dd6d20.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f6fa162a034d5a8310d3634ede959641244fa23180fffc44d810899694dd6d20.exe
Resource
win10v2004-20240709-en
General
-
Target
f6fa162a034d5a8310d3634ede959641244fa23180fffc44d810899694dd6d20
-
Size
2.6MB
-
MD5
e3066b7de4dd974b984fa178740718cf
-
SHA1
f66fb475dfe7b089ce769a7ba20c184ad7116292
-
SHA256
f6fa162a034d5a8310d3634ede959641244fa23180fffc44d810899694dd6d20
-
SHA512
6beafe26b9cd3d683f02291dc40a1070d6a2532a2bf935232864d2a1113c1bc73ba26762141bfee1b23688eb933de8d841ff008169bed2cf6bfb1e4ee8c22bec
-
SSDEEP
24576:6rNwFRfjkKskNMP9U4olg9wF3H6HIJyCRN9T8pTCkCVovHtSpVe5XOK6EcfmTlWg:6rGbjuvVulb1HpJyGc05Vg3UCFlt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f6fa162a034d5a8310d3634ede959641244fa23180fffc44d810899694dd6d20
Files
-
f6fa162a034d5a8310d3634ede959641244fa23180fffc44d810899694dd6d20.exe windows:6 windows x86 arch:x86
b1e37d7fed4d7fb53e81f082b7dbdc33
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GlobalHandle
GetLastError
WaitForSingleObject
ReadConsoleW
SetEnvironmentVariableA
SetStdHandle
SetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapQueryInformation
WaitForSingleObjectEx
SetConsoleCtrlHandler
FatalAppExitA
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetCPInfo
GetOEMCP
IsValidCodePage
GetTickCount
TerminateProcess
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
WriteConsoleW
OutputDebugStringW
GetFileType
GetStdHandle
VirtualQuery
VirtualAlloc
GetModuleFileNameA
ExitThread
AreFileApisANSI
ExitProcess
GetSystemInfo
HeapValidate
RtlUnwind
GetModuleHandleExW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
ReplaceFileW
GetTempFileNameW
GetDiskFreeSpaceW
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
CreateSemaphoreW
WaitForMultipleObjects
ReleaseMutex
ReleaseSemaphore
GetStringTypeExW
MoveFileW
GetCurrentProcess
GetHandleInformation
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
CreateFileW
VirtualProtect
GetProfileIntW
DeleteFileW
GetCurrentDirectoryW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
PulseEvent
ResetEvent
GetThreadLocale
SystemTimeToFileTime
LocalReAlloc
LocalAlloc
CloseHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetAtomNameW
SetErrorMode
GetCurrentProcessId
GetPrivateProfileIntW
CreateEventW
SetEvent
CompareStringA
lstrcmpA
GetVersionExW
GetCurrentThread
ResumeThread
SuspendThread
GetThreadPriority
SetThreadPriority
GlobalGetAtomNameW
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
FileTimeToSystemTime
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
LoadLibraryW
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
GetACP
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
CreateThread
DecodePointer
Process32NextW
Process32FirstW
lstrlenW
lstrcmpiW
CreateDirectoryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
CreateMutexW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
VirtualAllocEx
OpenProcess
GetExitCodeThread
TerminateThread
CreateRemoteThread
user32
SetCursor
TranslateMessage
GetMessageW
EndDialog
CreateDialogIndirectParamW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
TabbedTextOutW
PostQuitMessage
NotifyWinEvent
ArrangeIconicWindows
DlgDirSelectComboBoxExW
DlgDirListComboBoxW
DlgDirSelectExW
DlgDirListW
MapDialogRect
LoadCursorW
GetLastActivePopup
FindWindowExW
FindWindowW
SetParent
GetDesktopWindow
ChildWindowFromPointEx
ChildWindowFromPoint
WindowFromPoint
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
GetWindowContextHelpId
SetWindowContextHelpId
EnableScrollBar
ShowScrollBar
LockWindowUpdate
RedrawWindow
ValidateRgn
InvalidateRgn
ValidateRect
InvalidateRect
GetWindowRgn
SetWindowRgn
GetUpdateRgn
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDCEx
GetDC
SetForegroundWindow
GetForegroundWindow
UpdateWindow
DragDetect
GetSystemMenu
DrawMenuBar
HiliteMenuItem
KillTimer
SetTimer
SetCapture
GetActiveWindow
GetOpenClipboardWindow
ChangeClipboardChain
GetClipboardViewer
SetClipboardViewer
GetClipboardOwner
OpenClipboard
GetNextDlgTabItem
GetNextDlgGroupItem
IsZoomed
BringWindowToTop
IsIconic
CloseWindow
OpenIcon
ShowOwnedPopups
FlashWindow
PostThreadMessageW
PostMessageW
SendNotifyMessageW
DrawAnimatedRects
DrawCaption
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
EnableWindow
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
GetKeyNameTextW
GetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
IsMenu
SendMessageTimeoutW
SetDlgItemTextW
GetClassNameW
GrayStringW
UnregisterClassA
GetParent
SendDlgItemMessageA
UnregisterClassW
LoadIconW
GetCursorPos
GetWindowTextW
GetSystemMetrics
IsWindowVisible
SetWindowPos
ShowWindow
IsWindow
GetWindow
GetWindowThreadProcessId
GetTopWindow
MapVirtualKeyW
DrawFrameControl
LoadMenuW
LoadMenuIndirectW
CreateMenu
CreatePopupMenu
CheckMenuItem
EnableMenuItem
ModifyMenuW
DeleteMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuDefaultItem
SetMenuDefaultItem
DrawIcon
DrawTextExW
DrawTextW
DrawStateW
GetTabbedTextExtentW
WindowFromDC
ExcludeUpdateRgn
ScrollDC
SetMenuContextHelpId
GetMenuContextHelpId
GetSysColorBrush
DrawFocusRect
FillRect
FrameRect
InvertRect
CheckMenuRadioItem
DestroyMenu
InflateRect
SystemParametersInfoW
CopyImage
RealChildWindowFromPoint
GetClipboardFormatNameA
UnionRect
IsRectEmpty
MsgWaitForMultipleObjectsEx
ReuseDDElParam
GetMenuBarInfo
LoadImageW
TranslateAcceleratorW
CharUpperW
DestroyIcon
GetDialogBaseUnits
GetAsyncKeyState
OffsetRect
SetRect
SetRectEmpty
LoadAcceleratorsW
ReleaseCapture
WaitMessage
IntersectRect
UnpackDDElParam
CheckDlgButton
GetClipboardFormatNameW
DrawEdge
gdi32
Arc
BitBlt
Chord
CombineRgn
CreateBitmapIndirect
CreateBrushIndirect
CreateCompatibleBitmap
CreateDiscardableBitmap
CreateCompatibleDC
CreateDIBPatternBrushPt
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateFontIndirectW
CreateFontW
CreateHatchBrush
CreateICW
CreatePalette
CreatePen
CreatePenIndirect
CreatePolyPolygonRgn
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
DrawEscape
Ellipse
EnumObjects
EqualRgn
Escape
ExtEscape
ExtCreateRegion
ExtFloodFill
FillRgn
FloodFill
FrameRgn
GetROP2
GetAspectRatioFilterEx
GetBkColor
GetBkMode
GetBitmapBits
GetBitmapDimensionEx
GetBoundsRect
GetBrushOrgEx
GetCharWidthW
GetCharWidthFloatW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetCurrentObject
GetCurrentPositionEx
GetFontData
GetGlyphOutlineW
GetGraphicsMode
GetMapMode
GetNearestColor
GetNearestPaletteIndex
GetObjectType
GetOutlineTextMetricsW
GetPaletteEntries
GetPixel
GetPolyFillMode
GetRegionData
GetRgnBox
GetStockObject
GetStretchBltMode
GetTextCharacterExtra
GetTextAlign
GetTextColor
GetTextExtentPoint32W
GetFontLanguageInfo
GetCharacterPlacementW
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
InvertRgn
MaskBlt
PlgBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PolyPolygon
PtInRegion
PtVisible
RectInRegion
RectVisible
Rectangle
ResetDCW
RealizePalette
RoundRect
ResizePalette
SelectObject
SetBitmapBits
SetBoundsRect
AnimatePalette
SetPixel
SetPixelV
StretchBlt
SetRectRgn
UpdateColors
PlayEnhMetaFile
GdiComment
GetTextMetricsW
AngleArc
PolyPolyline
GetWorldTransform
GetColorAdjustment
CreateHalftonePalette
StartDocW
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
AbortPath
BeginPath
CloseFigure
EndPath
FillPath
FlattenPath
GetPath
PathToRegion
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
ExtCreatePen
GetMiterLimit
GetArcDirection
TextOutW
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetBitmapDimensionEx
SetBrushOrgEx
GetTextFaceW
GetKerningPairsW
UnrealizeObject
DeleteObject
ExcludeClipRect
GetClipBox
GetClipRgn
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
StretchDIBits
EnumFontFamiliesExW
CreateBitmap
ExtTextOutW
CreateEnhMetaFileW
CloseEnhMetaFile
CreateMetaFileW
CloseMetaFile
GetObjectW
SetTextColor
CreateSolidBrush
SetBkColor
GetDeviceCaps
CreateDCW
CopyMetaFileW
DeleteDC
SetPaletteEntries
winspool.drv
DocumentPropertiesW
ClosePrinter
OpenPrinterW
advapi32
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegSetValueW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
GetFileSecurityW
SetFileSecurityW
RegCloseKey
shell32
DragAcceptFiles
SHAddToRecentDocs
ExtractIconW
SHGetFileInfoW
DragQueryFileW
DragFinish
ShellExecuteW
Shell_NotifyIconW
shlwapi
PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsUNCW
PathFileExistsW
PathStripToRootW
uxtheme
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
ole32
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CoCreateGuid
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
SetConvertStg
StringFromCLSID
CoCreateInstance
CoInitialize
CoDisconnectObject
StringFromGUID2
CLSIDFromString
CoInitializeEx
CLSIDFromProgID
OleRun
PropVariantCopy
CoRegisterClassObject
CoTaskMemAlloc
CoUninitialize
CoRevokeClassObject
CreateStreamOnHGlobal
WriteClassStg
oleaut32
SysAllocStringLen
SysStringByteLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocString
SafeArrayGetDim
SafeArrayGetElemsize
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
SysAllocStringByteLen
gdiplus
GdiplusShutdown
oleacc
CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject
Sections
.textbss Size: - Virtual size: 965KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 358KB - Virtual size: 357KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 100KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ