5x(24-10-31)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

5x(24-10-31).zip
Size

15.6MB
MD5

e463dd4147f091e5f7d8224507626bf1
SHA1

ddd2de7b3935803ac018fb7d5c413784aed29e5d
SHA256

b570bb151f66847a7c06f0f8a4630a9982fd4742e3ea85b93807d856929fc457
SHA512

c5414383aa7ccd1f785ee4f43b32b85d3874581e5ef771c6fcf06435487d89930f3f2029e875483bffc3595aa19aac8ce3871775ede68653e29c6234faf95914
SSDEEP

393216:2uH57ABH19jQBIfkT0zMFd38SHRUiCD/rnAktY4OtMJWYM9HNiHv0F:2m5M1hQebM/HRUiCD/V6qJBM9tiHvG

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b286a5a36ab9f02b8c2b6b57d2282f0b.exe
unpack001/content_1730298613069.scr
unpack001/uninst.exe
unpack001/《融通集团员工个人身份信息泄露处置手册》.exe

Files

5x(24-10-31).zip
.zip

Password: infected
2024年河北移动冬日取暖.exe
.exe windows:6 windows x64 arch:x64

Password: infected

a3469accb0b50572342eb689105eda25

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:41

Not After

08-05-2033 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:5e:21:e8:3e:4f:82:88:70:9d:5a:d6
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13-09-2022 08:06

Not After

16-10-2025 08:28

Subject

SERIALNUMBER=22178368,CN=MICRO-STAR INTERNATIONAL CO.\, LTD.,O=MICRO-STAR INTERNATIONAL CO.\, LTD.,STREET=No. 69\, Lide St.\, Zhonghe Dist.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:2a:fa:08:9e:ec:eb:3f:90:5e:93:5b:c2:88:87:23:98:49:9c:f5
Signer

Actual PE Digest

8e:2a:fa:08:9e:ec:eb:3f:90:5e:93:5b:c2:88:87:23:98:49:9c:f5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseThreadpoolWork
SetWaitableTimer
GetCurrentProcess
CreateWaitableTimerW
WaitForSingleObject
WaitForThreadpoolWorkCallbacks
GetModuleHandleA
GetLastError
CloseHandle
FreeConsole
SubmitThreadpoolWork
GetProcAddress
CreateThreadpoolWork
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW

msvcp140

?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
_Query_perf_counter

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
_CxxThrowException
__current_exception_context
__std_terminate
__std_exception_copy
__std_exception_destroy
memcpy
__C_specific_handler
memset
memmove

api-ms-win-crt-stdio-l1-1-0

fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
_get_stream_buffer_pointers
_set_fmode
fgetc
__p__commode
fclose
fflush
fputc
_fseeki64

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_c_exit
terminate
_initialize_narrow_environment
_get_initial_narrow_environment
_cexit
__p___argv
__p___argc
_register_thread_local_exe_atexit_callback
_initterm
_set_app_type
_seh_filter_exe
_exit
exit
_initterm_e
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b286a5a36ab9f02b8c2b6b57d2282f0b.exe
.exe windows:6 windows x64 arch:x64

Password: infected

19c1926b9c91b1e754a114ac3df76f51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

IsThemeActive
SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
CloseThemeData
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeMargins
GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemePartSize
OpenThemeData
IsAppThemed
GetCurrentThemeName

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmSetWindowAttribute

oleaut32

SafeArrayPutElement
SysFreeString
SysAllocString
SafeArrayCreateVector

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd

gdi32

GetDIBits
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx

userenv

GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

getprotobyname
recv
recvfrom
select
socket
listen
bind
getsockname
htonl
WSAPoll
getpeername
ntohs
freeaddrinfo
inet_addr
accept
send
getaddrinfo
WSASocketW
WSASend
WSARecv
WSAIoctl
WSAGetOverlappedResult
setsockopt
htons
connect
closesocket
WSAWaitForMultipleEvents
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSAGetLastError
WSACloseEvent
WSAStartup
gethostname
getsockopt
ioctlsocket
gethostbyname
shutdown
sendto
WSACleanup
WSAAsyncSelect

advapi32

RegQueryInfoKeyW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
GetLengthSid
FreeSid
DuplicateToken
CopySid
AllocateAndInitializeSid
AccessCheck
OpenProcessToken
RegSetValueExW
RegCloseKey
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
SystemFunction036
RegQueryValueExW
RegOpenKeyExW

kernel32

FreeLibraryAndExitThread
GetCommandLineA
LoadLibraryExW
RtlUnwind
SetLastError
RtlUnwindEx
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
RaiseException
RtlPcToFileHeader
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
GetSystemTimeAsFileTime
CreateMutexW
ReleaseMutex
GetExitCodeProcess
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
GetModuleHandleExW
SetFileAttributesW
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetStdHandle
HeapFree
HeapAlloc
HeapReAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
HeapSize
FreeLibrary
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
Sleep
VirtualAlloc
VirtualFree
GetLastError
CancelIo
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
ExitThread
IsBadReadPtr
ResetEvent
lstrcmpW
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageW
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetCurrentProcessId
GetUserDefaultLangID
CreateFileW
GetFileSize
ReadFile
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
GetLongPathNameW
GetVolumeInformationW
GetDriveTypeW
GetConsoleWindow
ExitProcess
CompareStringEx
GetCommandLineW
GetSystemTime
GetLocalTime
OutputDebugStringW
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetSystemDirectoryW
LoadLibraryW
DuplicateHandle
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetFileAttributesExW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetStartupInfoW
GetModuleFileNameW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointerEx
UnregisterWaitEx
RegisterWaitForSingleObject
CompareStringW
LCMapStringW
MultiByteToWideChar
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
FindNextFileW

ole32

CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
CoCreateInstance
StringFromGUID2
CoCreateGuid
OleGetClipboard
OleSetClipboard
CoInitialize
CoInitializeEx
CoUninitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleFlushClipboard
OleIsCurrentClipboard

shell32

CommandLineToArgvW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHGetKnownFolderPath
SHBrowseForFolderW

user32

CloseTouchInputHandle
GetWindowTextW
EnumWindows
ChangeWindowMessageFilterEx
MessageBoxW
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
RealGetWindowClassW
GetSystemMetrics
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
UnregisterClassW
GetClassInfoW
RegisterClassExW
GetFocus
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
GetTouchInputInfo
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
RegisterClassW
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
SetClipboardViewer

winmm

PlaySoundW
timeGetTime
timeSetEvent
timeKillEvent

Sections

.text
Size: 16.2MB - Virtual size: 16.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content_1730298613069.scr
.exe windows:4 windows x86 arch:x86

Password: infected

9e2d69c8b152e215ab7a932bfd405aef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
TerminateProcess
ExitProcess
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
InterlockedExchange
ReadFile
GetCurrentProcess
DuplicateHandle
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
SetLastError
GetProcessVersion
GlobalFlags
MulDiv
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
GetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
GlobalAlloc
lstrcmpA
GetCurrentThread
GlobalFree
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetCurrentThreadId
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
lstrcatA
lstrcpyA
lstrlenA
GlobalLock
lstrcpynA
GlobalUnlock
GlobalGetAtomNameA
GlobalAddAtomA
GetVersion
CreateDirectoryA
Sleep
GetLastError
CreateFileA
WriteFile
GetVersionExA
CloseHandle

user32

EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ReleaseDC
GetDC
PtInRect
CreateDialogIndirectParamA
EndDialog
PostQuitMessage
ShowOwnedPopups
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
GetClassNameA
ClientToScreen
LoadCursorA
GetSysColorBrush
LoadStringA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
SetTimer
KillTimer
WindowFromPoint
SetRect
InsertMenuA
DeleteMenu
GetMenuStringA
DestroyIcon
CharUpperA
InflateRect
GetDCEx
LockWindowUpdate
SetCapture
SetParent
GetNextDlgTabItem
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
DispatchMessageA
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
GetClientRect
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
MessageBoxA
IsChild
RegisterClassA
GetWindowTextA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetLastActivePopup
BringWindowToTop
IsWindowVisible
IsIconic
GetFocus
EqualRect
CopyRect
GetDlgItem
InvalidateRect
SetWindowLongA
wsprintfA
GetKeyState
SetWindowPos
GetDlgCtrlID
GetMenuItemCount
GetSubMenu
GetMenuItemID
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
WinHelpA
SetMenu
GetMenu
LoadIconA
GetClassInfoA
LoadMenuA
DestroyMenu
SetFocus
GetParent
GetActiveWindow
ShowWindow
GetWindowLongA
IsWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
SendMessageA
SetCursor
PeekMessageA
PostMessageA
GetCapture
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
RegisterWindowMessageA
EnableWindow
UpdateWindow
CallWindowProcA
UnregisterClassA

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
StretchDIBits
CreateRectRgn
SetMapMode
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
CreateFontIndirectA
PatBlt
SetRectRgn
CombineRgn
CreateRectRgnIndirect
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetStockObject
RestoreDC
SaveDC
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
GetClipBox
SelectObject

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegQueryValueA
RegSetValueA

shell32

SHGetFileInfoA
ExtractIconA
DragQueryFileA
ShellExecuteA
DragFinish

comctl32

ord17

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:6 windows x64 arch:x64

Password: infected

79120648ec091996f85d3334f39ef301

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
ReadConsoleW
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
WriteConsoleW
GetModuleFileNameA
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
LCMapStringW
GetStringTypeW
OutputDebugStringW
GetStartupInfoW
ExitProcess
IsDebuggerPresent
GetProcAddress
LoadLibraryA
CloseHandle
CreateThread
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
GetModuleHandleW
LoadLibraryW
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcess
GetLastError
LocalFree
FormatMessageA
CreateFileW
WriteFile
DuplicateHandle
SetEvent
CreateEventW
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
OutputDebugStringA
SetLastError
FreeResource
GetModuleFileNameW
GetModuleHandleExW
GlobalLock
GlobalUnlock
GlobalFree
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
WaitForSingleObject
GetCurrentThreadId
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
GetVersionExW
LoadLibraryExW
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpW
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
GetCurrentProcessId
GlobalSize
MulDiv
FormatMessageW
CopyFileW
EncodePointer
GetSystemDirectoryW
GlobalFindAtomW
InitializeCriticalSectionAndSpinCount
GlobalFlags
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
DeleteFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetShortPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
lstrcmpiW
MoveFileW
GetStringTypeExW
GetThreadLocale
GlobalGetAtomNameW
GetAtomNameW
FileTimeToSystemTime
SystemTimeToFileTime
VirtualProtect
GetWindowsDirectoryW
lstrcpyW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
SystemTimeToTzSpecificLocalTime
GetTickCount
FindResourceExW
VerSetConditionMask
VerifyVersionInfoW
GetTempFileNameW
GetTempPathW
GetProfileIntW
SearchPathW
Sleep
GetDiskFreeSpaceW
ReplaceFileW
GetUserDefaultLCID
LocalLock
LocalUnlock
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
FreeLibrary

user32

MessageBeep
GetNextDlgGroupItem
IsRectEmpty
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
CharUpperW
DestroyIcon
InvalidateRect
KillTimer
SetTimer
DeleteMenu
CopyImage
GetDialogBaseUnits
OffsetRect
SetRectEmpty
SendDlgItemMessageA
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
GetAsyncKeyState
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
GetKeyNameTextW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
SystemParametersInfoW
InflateRect
CopyRect
GetMenuItemInfoW
DestroyMenu
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongPtrW
SendMessageW
PostMessageW
IsIconic
EnableWindow
GetSystemMetrics
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
UnhookWindowsHookEx
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
MapDialogRect
GetWindow
CreatePopupMenu
GetMenuDefaultItem
TrackMouseEvent
LoadImageW
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetScrollPos
MapVirtualKeyW
GetSystemMenu
AppendMenuW
DrawIcon
GetClientRect
LoadIconW
UnregisterClassW
GetFocus
CheckMenuItem
IsZoomed
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetParent
LoadBitmapW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongW
GetDesktopWindow
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
PostQuitMessage
ShowOwnedPopups
SetCursor
MessageBoxW
GetWindowThreadProcessId
GetLastActivePopup
SetWindowPos
SetWindowContextHelpId
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
GetTabbedTextExtentW
DestroyCursor
GetWindowRgn
WindowFromDC
CreateMenu
InSendMessage
SendNotifyMessageW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnumChildWindows
GetDCEx
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
PostThreadMessageW
UnionRect
FrameRect
CopyIcon
SetCursorPos
CreateWindowExW

gdi32

GetTextFaceW
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
CreateMetaFileW
CloseMetaFile
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetCurrentObject
OffsetRgn
Rectangle
StretchDIBits
GetCharWidthW
CreateFontW
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetDIBits
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
CreateCompatibleBitmap
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CombineRgn
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolylineTo
PolyBezierTo
ExtTextOutW
TextOutW
MoveToEx
GetObjectW
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocW
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
PlayMetaFileRecord
SetTextJustification
SetTextAlign
SetTextColor
SetTextCharacterExtra
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateBitmap

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
GetJobW
OpenPrinterW

advapi32

SystemFunction036
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegSetValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
ExtractIconW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteW
ShellExecuteExW
SHAppBarMessage
SHAddToRecentDocs
SHGetMalloc
DragFinish
DragQueryFileW

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFindExtensionW
PathRemoveFileSpecW

uxtheme

GetThemePartSize
GetThemeSysColor
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor

ole32

CoRevokeClassObject
CoRegisterClassObject
OleSetClipboard
OleFlushClipboard
OleQueryCreateFromData
OleQueryLinkFromData
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
PropVariantCopy
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
WriteClassStm
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleCreate
OleCreateFromData
OleRun
CoInitializeEx
StringFromGUID2
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc

oleaut32

OleCreateFontIndirect
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
VariantChangeType
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SafeArrayGetUBound
SysAllocString

oledlg

OleUIBusyW

ws2_32

WSAStartup
gethostbyaddr
socket
recvfrom
htons
htonl
closesocket
bind
WSACleanup

ntdll

NtQueryInformationWorkerFactory
NtSetInformationWorkerFactory
TpAllocJobNotification
ZwSetIoCompletion
RtlAdjustPrivilege
NtQueryObject
NtQueryInformationProcess
RtlNtStatusToDosError

wininet

InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageI
GdiplusShutdown
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromFileICM

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
《融通集团员工个人身份信息泄露处置手册》.exe
.exe windows:6 windows x64 arch:x64

Password: infected

4cc53d5569c556acfd92af6a20ca8ad6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AddVectoredExceptionHandler
CloseHandle
CompareStringW
CreateEventW
CreateFileW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushInstructionCache
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetThreadContext
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
K32EnumProcesses
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadContext
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForSingleObject
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gxfg
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a3469accb0b50572342eb689105eda25

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

08:5e:21:e8:3e:4f:82:88:70:9d:5a:d6Certificate

Extended Key Usages

Key Usages

8e:2a:fa:08:9e:ec:eb:3f:90:5e:93:5b:c2:88:87:23:98:49:9c:f5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 156B

Password: infected

19c1926b9c91b1e754a114ac3df76f51

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

gdi32

userenv

version

netapi32

ws2_32

advapi32

kernel32

ole32

shell32

user32

winmm

Sections

.text Size: 16.2MB - Virtual size: 16.2MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 97KB - Virtual size: 176KB

.pdata Size: 455KB - Virtual size: 454KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 31KB - Virtual size: 32KB

.reloc Size: 50KB - Virtual size: 49KB

Password: infected

9e2d69c8b152e215ab7a932bfd405aef

Headers

File Characteristics

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

08:5e:21:e8:3e:4f:82:88:70:9d:5a:d6
Certificate

8e:2a:fa:08:9e:ec:eb:3f:90:5e:93:5b:c2:88:87:23:98:49:9c:f5
Signer

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 156B

.text
Size: 16.2MB - Virtual size: 16.2MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 97KB - Virtual size: 176KB

.pdata
Size: 455KB - Virtual size: 454KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 31KB - Virtual size: 32KB

.reloc
Size: 50KB - Virtual size: 49KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 48KB - Virtual size: 97KB

.pdata
Size: 180KB - Virtual size: 180KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 81KB - Virtual size: 80KB

.text
Size: 205KB - Virtual size: 204KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 13KB - Virtual size: 13KB

.00cfg
Size: 512B - Virtual size: 56B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.gxfg
Size: 8KB - Virtual size: 8KB

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 260KB - Virtual size: 259KB

.reloc
Size: 4KB - Virtual size: 3KB