C:\Users\jimmy\Desktop\上海管局\ExcelEncryptor\Debug\浦江之盾-企业端.pdb
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
f33ef4705b9235282c0c20f139fedc4ae95f8ec623c9a484697f1ff895f9c6b2.exe
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
f33ef4705b9235282c0c20f139fedc4ae95f8ec623c9a484697f1ff895f9c6b2.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
f33ef4705b9235282c0c20f139fedc4ae95f8ec623c9a484697f1ff895f9c6b2
-
Size
12.2MB
-
MD5
0a104d7b886a499f3b3a252ae72868da
-
SHA1
eabb487f74b22678aac1bec5232f18a39956b298
-
SHA256
f33ef4705b9235282c0c20f139fedc4ae95f8ec623c9a484697f1ff895f9c6b2
-
SHA512
c3717066b58f2c98c959397c237b99b452db9f7e81f0ad77c8566d7917bdfdb5929c4c03d4a66e22bc129ed7ba421905cce886fd276d63814df6c6904724e233
-
SSDEEP
196608:hZ8eQBGyYML2fnDL6KjHBnR5b9V7AUkkQnirm/N9:flML2fa4HxRZAGQnirmD
Score
3/10
Malware Config
Signatures
-
Embeds OpenSSL 1 IoCs
Embeds OpenSSL, may be used to circumvent TLS interception.
resource yara_rule sample embeds_openssl -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f33ef4705b9235282c0c20f139fedc4ae95f8ec623c9a484697f1ff895f9c6b2
Files
-
f33ef4705b9235282c0c20f139fedc4ae95f8ec623c9a484697f1ff895f9c6b2.exe windows:6 windows x86 arch:x86
8ae9075df63581f857104c65083623b9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
InterlockedFlushSList
HeapValidate
WriteConsoleW
InterlockedPushEntrySList
MoveFileExW
ExitProcess
SetConsoleCtrlHandler
CreateThread
DeleteFileW
ExitThread
FreeLibraryAndExitThread
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SetFilePointerEx
GetCommandLineA
GetCommandLineW
GetFullPathNameW
IsValidCodePage
HeapQueryInformation
GetTempPathW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleOutputCP
GetTimeZoneInformation
SetStdHandle
SetCurrentDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTickCount64
FindResourceExW
GetUserDefaultLCID
ReplaceFileA
GetTempFileNameA
GetDiskFreeSpaceA
GetOEMCP
SetFileTime
SetFileAttributesA
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetProfileIntA
GetAtomNameA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
ResumeThread
GetThreadPriority
SetThreadPriority
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetSystemDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileA
FileTimeToLocalFileTime
GetStringTypeExA
GetThreadLocale
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
GetHandleInformation
DuplicateHandle
GetVolumeInformationA
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
DeleteFileA
CreateFileA
SetErrorMode
GlobalAddAtomA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
SuspendThread
CreateEventA
SetEvent
FreeResource
CopyFileA
MulDiv
GlobalFree
GlobalUnlock
GlobalSize
CompareStringA
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryExW
GetModuleFileNameA
GetVersionExA
GetCurrentThread
GetModuleHandleA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
EncodePointer
GetLocaleInfoEx
LocalFree
VirtualQuery
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindNextFileW
FindFirstFileW
FindClose
ConvertThreadToFiberEx
ConvertFiberToThread
SystemTimeToFileTime
GetSystemTime
LoadLibraryW
CreateFiberEx
DeleteFiber
SwitchToFiber
FormatMessageA
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
Sleep
CreateSemaphoreA
GetExitCodeThread
WaitForSingleObject
ReleaseSemaphore
TryEnterCriticalSection
InitializeCriticalSection
CloseHandle
VirtualLock
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleHandleExW
GetEnvironmentVariableW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetProcAddress
GetModuleHandleW
OutputDebugStringW
WriteFile
GetFileType
GetStdHandle
GetACP
FindResourceA
FindResourceW
SizeofResource
LockResource
LoadResource
GetFileAttributesA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
AllocConsole
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
SetEnvironmentVariableW
user32
DrawMenuBar
HiliteMenuItem
KillTimer
SetTimer
SetCapture
GetOpenClipboardWindow
ChangeClipboardChain
GetClipboardViewer
SetClipboardViewer
GetClipboardOwner
OpenClipboard
GetNextDlgTabItem
GetNextDlgGroupItem
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
CloseWindow
OpenIcon
ShowOwnedPopups
FlashWindow
PostThreadMessageA
SendNotifyMessageA
DrawAnimatedRects
DrawCaption
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
UnhookWindowsHookEx
GetTopWindow
GetClassNameA
GetClassLongA
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropA
GetPropA
SetPropA
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
IsDialogMessageA
SetWindowLongA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
ScrollWindowEx
SetFocus
GetDlgCtrlID
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
CharUpperA
CopyRect
MapVirtualKeyA
GetKeyNameTextA
GetWindow
SetWindowContextHelpId
SetWindowPos
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxA
SetCursor
CallNextHookEx
SetWindowsHookExA
GetTabbedTextExtentW
UnregisterClassA
TranslateMessage
DispatchMessageA
PeekMessageA
GetCursorPos
ValidateRect
GetKeyState
GetMessageA
GetDesktopWindow
GetWindowLongA
SetActiveWindow
IsWindowEnabled
EnableWindow
GetActiveWindow
GetDlgItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetMenuCheckMarkDimensions
GetFocus
LoadBitmapW
CheckMenuRadioItem
InvertRect
FrameRect
FillRect
DrawFocusRect
GetSysColorBrush
GetMenuContextHelpId
SetMenuContextHelpId
ScrollDC
ExcludeUpdateRgn
WindowFromDC
GetTabbedTextExtentA
DrawStateA
GrayStringA
DrawTextExA
DragDetect
UpdateWindow
GetForegroundWindow
SetForegroundWindow
GetDCEx
GetUpdateRect
GetUpdateRgn
SetWindowRgn
GetWindowRgn
InvalidateRect
DrawTextA
DrawIcon
InvalidateRgn
ValidateRgn
RedrawWindow
LockWindowUpdate
ShowScrollBar
EnableScrollBar
GetWindowContextHelpId
GetSystemMenu
PostQuitMessage
GetSystemMetrics
LoadBitmapA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetParent
IsMenu
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
SendMessageA
PostMessageA
IsWindow
TabbedTextOutA
MapDialogRect
DrawEdge
DrawFrameControl
LoadMenuA
LoadMenuW
CreateCaret
LoadMenuIndirectA
CreateMenu
CreatePopupMenu
CheckMenuItem
EnableMenuItem
ModifyMenuA
DeleteMenu
SetMenuItemBitmaps
InsertMenuItemA
GetMenuItemInfoA
SetMenuItemInfoA
GetMenuDefaultItem
SetMenuDefaultItem
InSendMessage
IsClipboardFormatAvailable
RegisterClipboardFormatA
UnionRect
MessageBeep
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReuseDDElParam
GetMenuBarInfo
LoadImageA
IntersectRect
TranslateAcceleratorA
LoadAcceleratorsA
DestroyIcon
UnpackDDElParam
GetClipboardFormatNameA
GetDialogBaseUnits
GetAsyncKeyState
InflateRect
SetRect
DestroyMenu
LoadAcceleratorsW
RealChildWindowFromPoint
SystemParametersInfoA
CopyImage
ReleaseCapture
WaitMessage
NotifyWinEvent
ArrangeIconicWindows
DlgDirSelectComboBoxExA
DlgDirListComboBoxA
DlgDirSelectExA
DlgDirListA
LoadCursorW
LoadCursorA
FindWindowExA
FindWindowA
SetParent
ChildWindowFromPointEx
ChildWindowFromPoint
WindowFromPoint
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
gdi32
FillRgn
FloodFill
FrameRgn
GetROP2
GetAspectRatioFilterEx
GetBkColor
GetBkMode
GetBitmapBits
GetBitmapDimensionEx
GetBoundsRect
GetBrushOrgEx
GetCharWidthA
GetCharWidthFloatA
GetCharABCWidthsA
GetCharABCWidthsFloatA
GetCurrentObject
GetCurrentPositionEx
GetFontData
GetGlyphOutlineA
GetGraphicsMode
GetMapMode
GetNearestColor
GetNearestPaletteIndex
GetObjectType
GetOutlineTextMetricsA
GetPaletteEntries
GetPixel
GetPolyFillMode
GetRegionData
GetRgnBox
GetStockObject
GetStretchBltMode
GetTextCharacterExtra
GetTextAlign
GetTextColor
GetTextExtentPoint32A
GetFontLanguageInfo
GetCharacterPlacementA
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
InvertRgn
MaskBlt
PlgBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PolyPolygon
PtInRegion
PtVisible
RectInRegion
RectVisible
Rectangle
ResetDCA
RealizePalette
RoundRect
ResizePalette
SelectObject
SetBitmapBits
SetBoundsRect
SetPaletteEntries
SetPixel
SetPixelV
StretchBlt
SetRectRgn
UpdateColors
PlayEnhMetaFile
GdiComment
GetTextMetricsA
AngleArc
PolyPolyline
GetWorldTransform
GetColorAdjustment
CreateHalftonePalette
StartDocA
EndDoc
StartPage
EndPage
CreatePatternBrush
SetAbortProc
AbortPath
BeginPath
CloseFigure
ExtCreateRegion
FillPath
FlattenPath
GetPath
PathToRegion
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
ExtCreatePen
GetMiterLimit
GetArcDirection
GetObjectA
TextOutA
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetBitmapDimensionEx
SetBrushOrgEx
GetTextFaceA
GetKerningPairsA
UnrealizeObject
DeleteObject
ExcludeClipRect
GetClipBox
GetClipRgn
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
StretchDIBits
CreateDIBSection
EnumFontFamiliesExA
DeleteMetaFile
DeleteDC
CopyMetaFileA
CreateDCA
GetDeviceCaps
CloseMetaFile
CreateMetaFileA
CloseEnhMetaFile
CreateEnhMetaFileA
ExtTextOutA
AnimatePalette
ExtFloodFill
ExtEscape
Escape
EqualRgn
EnumObjects
Ellipse
DrawEscape
CreateSolidBrush
CreateRectRgnIndirect
CreateRoundRectRgn
EndPath
CreateRectRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateICA
CreateBitmapIndirect
CreateBrushIndirect
CreateCompatibleBitmap
CreateDiscardableBitmap
CreateCompatibleDC
CreateDIBPatternBrushPt
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateFontIndirectA
CreateFontA
CreateHatchBrush
CreatePalette
CreatePen
CreatePenIndirect
AbortDoc
CreatePolyPolygonRgn
winspool.drv
OpenPrinterA
DocumentPropertiesA
GetJobA
ClosePrinter
advapi32
RegQueryValueA
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyA
RegOpenKeyExW
RegEnumValueA
SetFileSecurityA
GetFileSecurityA
RegEnumKeyExA
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptExportKey
shell32
DragFinish
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
DragAcceptFiles
SHAddToRecentDocs
ExtractIconA
DragQueryFileA
comctl32
InitCommonControlsEx
shlwapi
PathFindExtensionA
PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
PathFindFileNameA
PathStripPathA
uxtheme
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeText
ole32
CreateItemMoniker
CreateFileMoniker
GetClassFile
CreateGenericComposite
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterClassObject
OleRun
PropVariantCopy
OleGetClipboard
StgOpenStorageOnILockBytes
StgIsStorageILockBytes
WriteClassStm
CoInitializeEx
GetHGlobalFromILockBytes
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleSave
OleSaveToStream
OleSetContainedObject
OleIsRunning
OleLockRunning
OleGetIconOfClass
CoGetMalloc
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
OleLoad
OleQueryLinkFromData
OleQueryCreateFromData
OleSetMenuDescriptor
DoDragDrop
CreateDataAdviseHolder
CreateOleAdviseHolder
OleRegGetMiscStatus
OleRegEnumVerbs
OleCreateMenuDescriptor
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CoGetClassObject
StringFromGUID2
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemAlloc
StringFromCLSID
CoCreateGuid
CoUninitialize
CoTaskMemFree
OleDestroyMenuDescriptor
CoLockObjectExternal
GetRunningObjectTable
OleTranslateAccelerator
IsAccelerator
CreateILockBytesOnHGlobal
oleaut32
SystemTimeToVariantTime
VarDecFromStr
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
SysReAllocStringLen
SafeArrayDestroy
SysAllocString
OleCreateFontIndirect
SysStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SafeArrayGetElemsize
SafeArrayGetDim
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysFreeString
VariantTimeToSystemTime
oledlg
ord9
ord7
ord6
ord5
ord4
ord3
ord8
gdiplus
GdiplusShutdown
oleacc
CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertOpenStore
ws2_32
closesocket
bind
accept
send
recv
WSASetLastError
getservbyname
getservbyport
listen
inet_ntoa
inet_addr
htons
htonl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
select
ntohs
getsockname
ioctlsocket
getsockopt
setsockopt
socket
shutdown
connect
getpeername
recvfrom
sendto
gethostbyaddr
Exports
Exports
_libiconv_version
iconv_canonicalize
libiconv
libiconv_close
libiconv_open
libiconv_open_into
libiconvctl
libiconvlist
locale_charset
Sections
.textbss Size: - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 8.3MB - Virtual size: 8.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 54KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 1024B - Virtual size: 777B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 270B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 326KB - Virtual size: 325KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ