关玉梅-13504224612-河南开封黄河水利职业技术学院 _fdp[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

关玉梅-13504224612-河南开封黄河水利职业技术学院 _fdp.exe
Size

1.2MB
MD5

ba2aae3f852db33829ee9aa4c12b7eb9
SHA1

6d61f474a6b23334becad4f5831710393b8acebe
SHA256

58758eed4ef34157ee2dccdeec5b95d2cc91e0aad768e7661ccbc3490f193e65
SHA512

caadc2a01a7b9037b43eb736a28d68858399b3c63310973decce31dba41f7c007129ca4e98d4c50af2d8e754d10195351a2d150e0253ccf4be74938567ac3106
SSDEEP

24576:5+2Fxa/awyms5djx/1k+YMPqUaJF/BkU8rHW5/SaG:HxayDms5dthfaJhB98rH0/SaG

Score

1^/10

Malware Config

Signatures

Files

关玉梅-13504224612-河南开封黄河水利职业技术学院 _fdp.exe
.exe windows:4 windows x64 arch:x64

314494a99a9c690a72f55a7e71271382

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:31

Not After

02/12/2021, 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:bb:3c:5d:d0:8a:cc:16:e5:5f:37:5b:dd:4b:db:f2:77:47:2c:4d:99:00:80:5b:b6:41:8e:9f:f2:99:74:ea
Signer

Actual PE Digest

60:bb:3c:5d:d0:8a:cc:16:e5:5f:37:5b:dd:4b:db:f2:77:47:2c:4d:99:00:80:5b:b6:41:8e:9f:f2:99:74:ea

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
rand
signal
strlen
strncmp
vfprintf

rpcrt4

UuidFromStringA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 517KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

314494a99a9c690a72f55a7e71271382

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:dfCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

60:bb:3c:5d:d0:8a:cc:16:e5:5f:37:5b:dd:4b:db:f2:77:47:2c:4d:99:00:80:5b:b6:41:8e:9f:f2:99:74:eaSigner

Headers

File Characteristics

Imports

kernel32

msvcrt

rpcrt4

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 768B

.rdata Size: 5KB - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 1008B

.xdata Size: 1024B - Virtual size: 848B

.bss Size: - Virtual size: 11KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 517KB - Virtual size: 520KB

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

60:bb:3c:5d:d0:8a:cc:16:e5:5f:37:5b:dd:4b:db:f2:77:47:2c:4d:99:00:80:5b:b6:41:8e:9f:f2:99:74:ea
Signer

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 768B

.rdata
Size: 5KB - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 1008B

.xdata
Size: 1024B - Virtual size: 848B

.bss
Size: - Virtual size: 11KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 517KB - Virtual size: 520KB