王海明-个人简历[.]doc [.]exe

Sharing

Copy URL Twitter E-mail

General

Target

王海明-个人简历.doc .exe
Size

10.0MB
MD5

19e761bb94de01833c4b821b22921840
SHA1

4dddfaefd0fdf34d0f1a7981622638ff8468b07f
SHA256

f414d1e7d7ea2417e50acc0ae97da355c82810bc9e1efda4fa42a5fe2df49e22
SHA512

651b26c351f4c56775c6da2548ff34281e82422d218a09353e308f78d4ef78426cb7c07537cd5240f9c5f8e1db1dc506c15a65874c8cfee9671ad7b6af2a590d
SSDEEP

98304:R1usJc8ySZRpu6aas7GnmuAwiO3E+Egt/16:vcXwru1aT6wiOst

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
王海明-个人简历.doc .exe

Files

王海明-个人简历.doc .exe
.exe windows:4 windows x64 arch:x64

92b24f7e991fd4b1ad49e11b01f64c1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ConvertSidToStringSidW
ConvertStringSidToSidW
CopySid
GetLengthSid
GetTokenInformation
IsValidSid
LookupAccountSidW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

bcrypt

BCryptGenRandom

iphlpapi

FreeMibTable
GetAdaptersAddresses
GetIfEntry2
GetIfTable2

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
DeleteFileW
DeviceIoControl
DuplicateHandle
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLogicalDrives
GetLogicalProcessorInformationEx
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessId
GetProcessIoCounters
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTimes
GetTempPathW
GetThreadId
GetThreadIdealProcessorEx
GetThreadPriority
GetTickCount64
GetVolumeInformationW
GetWindowsDirectoryW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryA
LoadLibraryExW
LocalAlloc
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
OpenProcess
OpenThread
Process32Next
ProcessIdToSessionId
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
ReadConsoleW
ReadFile
ReadFileEx
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadErrorMode
SetThreadIdealProcessor
SetThreadPriority
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SuspendThread
SwitchToThread
TerminateProcess
TerminateThread
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFileEx
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwindEx
RtlVirtualUnwind
VirtualProtect
__C_specific_handler

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups

ntdll

NtCreateFile
NtQueryInformationProcess
NtQuerySystemInformation
NtReadFile
NtWriteFile
RtlGetVersion
RtlNtStatusToDosError

ole32

CoCreateGuid
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

GetErrorInfo
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear

pdh

PdhAddEnglishCounterA
PdhAddEnglishCounterW
PdhCloseQuery
PdhCollectQueryData
PdhCollectQueryDataEx
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhRemoveCounter

powrprof

CallNtPowerInformation

psapi

EnumProcessModulesEx
GetModuleBaseNameW
GetModuleFileNameExW
GetModuleInformation
GetPerformanceInfo
GetProcessMemoryInfo

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData

shell32

CommandLineToArgvW

user32

MessageBoxW

userenv

GetUserProfileDirectoryW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown

msvcrt

__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_fmode
_fpreset
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
realloc
signal
strlen
strncmp
vfprintf
wcslen

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 928B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 609KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 989KB - Virtual size: 988KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/47
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/61
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/73
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/86
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 512B - Virtual size: 234B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/127
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/143
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/159
Size: 512B - Virtual size: 421B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92b24f7e991fd4b1ad49e11b01f64c1e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

iphlpapi

kernel32

netapi32

ntdll

ole32

oleaut32

pdh

powrprof

psapi

secur32

shell32

user32

userenv

ws2_32

msvcrt

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.pdata Size: 81KB - Virtual size: 80KB

.xdata Size: 156KB - Virtual size: 155KB

.bss Size: - Virtual size: 928B

.idata Size: 11KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 156KB - Virtual size: 156KB

.reloc Size: 30KB - Virtual size: 29KB

/4 Size: 2KB - Virtual size: 1KB

/19 Size: 609KB - Virtual size: 608KB

/35 Size: 989KB - Virtual size: 988KB

/47 Size: 12KB - Virtual size: 12KB

/61 Size: 409KB - Virtual size: 408KB

/73 Size: 4KB - Virtual size: 3KB

/86 Size: 1.4MB - Virtual size: 1.4MB

/97 Size: 512B - Virtual size: 234B

/113 Size: 564KB - Virtual size: 564KB

/127 Size: 9KB - Virtual size: 8KB

/143 Size: 6KB - Virtual size: 5KB

/159 Size: 512B - Virtual size: 421B

.text
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.pdata
Size: 81KB - Virtual size: 80KB

.xdata
Size: 156KB - Virtual size: 155KB

.bss
Size: - Virtual size: 928B

.idata
Size: 11KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 156KB - Virtual size: 156KB

.reloc
Size: 30KB - Virtual size: 29KB

/4
Size: 2KB - Virtual size: 1KB

/19
Size: 609KB - Virtual size: 608KB

/35
Size: 989KB - Virtual size: 988KB

/47
Size: 12KB - Virtual size: 12KB

/61
Size: 409KB - Virtual size: 408KB

/73
Size: 4KB - Virtual size: 3KB

/86
Size: 1.4MB - Virtual size: 1.4MB

/97
Size: 512B - Virtual size: 234B

/113
Size: 564KB - Virtual size: 564KB

/127
Size: 9KB - Virtual size: 8KB

/143
Size: 6KB - Virtual size: 5KB

/159
Size: 512B - Virtual size: 421B