苗曦丹-北京大学-经济学-硕士[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

苗曦丹-北京大学-经济学-硕士.rar
Size

116KB
MD5

808bc838f5455fed884a3da600c1b54c
SHA1

5d536489cb6b86f231a50750b1df13c72526e5cb
SHA256

d384509bbb363a87495875a60216d6534eaadbd531213f206e7162dc53bcba62
SHA512

7de0e55d536d98e8e7130311d2624865db760317586d44f8d2fa11a5262b76715b17f8052493bc4ae5b1cad5baf52ca89815384323bd8110d68df25a85c12f62
SSDEEP

3072:Kj/ZG759KWkRm9SYZT/EMpAyRPzTQh6WA:y/o750W/9SYZMM+yPzT5v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/_MACOSX/__MACOSX/DS_Store

Files

苗曦丹-北京大学-经济学-硕士.rar
.rar
_MACOSX/__MACOSX/DS_Store
.exe windows:6 windows x86 arch:x86

bd79276c66d035407a9ec078c3b80b0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

BioEnrollmentHost.pdb

Imports

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-1

GetLocaleInfoEx
FormatMessageW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

AcquireSRWLockExclusive
LeaveCriticalSection
Sleep
InitializeCriticalSectionEx
EnterCriticalSection
DeleteCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-com-l1-1-1

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree

msvcrt

_acmdln
_except_handler4_common
_controlfp
_free_locale
_get_current_locale
__crtLCMapStringW
__crtCompareStringW
wcsrchr
_wcsdup
__setusermatherr
??1type_info@@UAE@XZ
abort
___lc_collate_cp_func
___mb_cur_max_func
calloc
___lc_codepage_func
___lc_handle_func
__pctype_func
setlocale
_callnewh
memcpy
??0exception@@QAE@ABQBDH@Z
__CxxFrameHandler3
_CxxThrowException
wcslen
memset
??3@YAXPAX@Z
_vsnwprintf
malloc
realloc
free
strchr
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??0bad_cast@@QAE@PBD@Z
wcstol
_errno
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
__p__commode
_initterm
_amsg_exit
_XcptFilter
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_purecall
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
memmove

wincorlib

?GetCmdArguments@Details@Platform@@YGPAPA_WPAH@Z
?GetIidsFn@@YGJHPAKPBU__s_GUID@@PAPAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YGJPAXAAVGuid@Platform@@PAPAX@Z
?UninitializeData@Details@Platform@@YGXH@Z
?InitializeData@Details@Platform@@YGJH@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YGPAXPAXIPBXPA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YGIPAX@Z
?EventSourceGetTargetArray@Details@Platform@@YGPAXPAXPAUEventLock@12@@Z
?__abi_ObjectToString@__abi_details@@YGP$AAVString@Platform@@P$AAVObject@3@_N@Z
?get@FullName@Type@Platform@@Q$AAAP$AAVString@3@XZ
?GetIBoxVtable@Details@Platform@@YGPAXPAX@Z
??0ChangedStateException@Platform@@Q$AAA@XZ
?CreateValue@Details@Platform@@YGP$AAVObject@2@W4TypeCode@2@PBX@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@P$AAV12@@Z
?EventSourceRemove@Details@Platform@@YGXPAPAXPAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceAdd@Details@Platform@@YG?AVEventRegistrationToken@Foundation@Windows@@PAPAXPAUEventLock@12@P$AAVDelegate@2@@Z
??0FailureException@Platform@@Q$AAA@XZ
??0OutOfMemoryException@Platform@@Q$AAA@XZ
??0OutOfBoundsException@Platform@@Q$AAA@XZ
?EventSourceInitialize@Details@Platform@@YGXPAPAX@Z
?EventSourceUninitialize@Details@Platform@@YGXPAPAX@Z
?ResolveWeakReference@Details@Platform@@YGP$AAVObject@2@ABU_GUID@@PAPAU__abi_IUnknown@@@Z
??0NullReferenceException@Platform@@Q$AAA@XZ
??0InvalidArgumentException@Platform@@Q$AAA@XZ
??0NotImplementedException@Platform@@Q$AAA@XZ
?GetWeakReference@Details@Platform@@YGPAU__abi_IUnknown@@Q$ADVObject@2@@Z
??0Delegate@Platform@@Q$AAA@XZ
?CreateException@Exception@Platform@@SAP$AAV12@HP$AAVString@2@@Z
?get@Message@Exception@Platform@@Q$AAAP$AAVString@3@XZ
?Allocate@Heap@Details@Platform@@SAPAXII@Z
??0Object@Platform@@Q$AAA@XZ
?GetIBoxArrayVtable@Details@Platform@@YGPAXPAX@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AAEXXZ
?__abi_translateCurrentException@@YGJ_N@Z
??0FailureException@Platform@@Q$AAA@P$AAVString@1@@Z
?AllocateException@Heap@Details@Platform@@SAPAXII@Z
?__abi_make_type_id@@YGP$AAVType@Platform@@ABU__abi_type_descriptor@@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@P$AAV01@@Z
?__abi_WinRTraiseNotImplementedException@@YGXXZ
?__abi_WinRTraiseInvalidCastException@@YGXXZ
?__abi_WinRTraiseNullReferenceException@@YGXXZ
?__abi_WinRTraiseOperationCanceledException@@YGXXZ
?__abi_WinRTraiseFailureException@@YGXXZ
?__abi_WinRTraiseAccessDeniedException@@YGXXZ
?__abi_WinRTraiseOutOfMemoryException@@YGXXZ
?__abi_WinRTraiseInvalidArgumentException@@YGXXZ
?__abi_WinRTraiseOutOfBoundsException@@YGXXZ
?__abi_WinRTraiseChangedStateException@@YGXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YGXXZ
?__abi_WinRTraiseWrongThreadException@@YGXXZ
?__abi_WinRTraiseDisconnectedException@@YGXXZ
?__abi_WinRTraiseObjectDisposedException@@YGXXZ
?__abi_WinRTraiseCOMException@@YGXJ@Z
?AlignedFree@Heap@Details@Platform@@SAXPAX@Z
?Free@Heap@Details@Platform@@SAXPAX@Z
?__abi_cast_String_to_Object@__abi_details@@YGP$AAVObject@Platform@@P$AAVString@3@@Z
?GetActivationFactory@Details@Platform@@YGJPAVModuleBase@1WRL@Microsoft@@PAUHSTRING__@@PAPAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YG_NPAVModuleBase@1WRL@Microsoft@@@Z

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoFailFastWithErrorContext
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoReportUnhandledError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteString
WindowsIsStringEmpty
WindowsConcatString
WindowsGetStringLen
WindowsGetStringRawBuffer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-kernel32-legacy-l1-1-1

GetStartupInfoA

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
VSDesignerDllMain

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_MACOSX/__MACOSX/DS_Store.vbs
.vbs
_MACOSX/__MACOSX/苗曦丹-北京大学-经济学-硕士.docx
.docx office2007
苗曦丹-北京大学-经济学-硕士.docx.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

bd79276c66d035407a9ec078c3b80b0b

Headers

File Characteristics

PDB Paths

Imports

api-ms-win-core-debug-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-1

msvcrt

wincorlib

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

Exports

Exports

Sections

.text Size: 215KB - Virtual size: 214KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 14KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 215KB - Virtual size: 214KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 14KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB