D:\GoldMiner-C--main\obj\Release\GoldMiner.pdb
Overview
overview
10Static
static
32024po.exe
windows7-x64
42024po.exe
windows10-2004-x64
4Timo.exe
windows7-x64
1Timo.exe
windows10-2004-x64
10[D]2024年...��.exe
windows7-x64
1[D]2024年...��.exe
windows10-2004-x64
1点击此�...��.exe
windows7-x64
8点击此�...��.exe
windows10-2004-x64
7票9254523...��.exe
windows7-x64
1票9254523...��.exe
windows10-2004-x64
1考勤异�...��.exe
windows7-x64
1考勤异�...��.exe
windows10-2004-x64
1Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024po.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024po.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
Timo.exe
Resource
win7-20240419-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
Timo.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral5
Sample
[D]2024年移动合作方人员出入管理门禁安装程序.exe
Resource
win7-20240611-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral6
Sample
[D]2024年移动合作方人员出入管理门禁安装程序.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
点击此处安装语言包.exe
Resource
win7-20240611-en
windows7-x64
10 signatures
150 seconds
Behavioral task
behavioral8
Sample
点击此处安装语言包.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
9 signatures
150 seconds
Behavioral task
behavioral9
Sample
票925452362131助手.exe
Resource
win7-20240220-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
票925452362131助手.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral11
Sample
考勤异常信息统计结果查询工具.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral12
Sample
考勤异常信息统计结果查询工具.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
4x(24-06-27).rar
-
Size
30.6MB
-
MD5
d968f62a6d7bb3187c25b1eb53e0dae8
-
SHA1
3e1c59a45a923b15b7f32f5a1cc246be07b58c08
-
SHA256
a47ef1b22b4797187294ec207237a8195273dab7d4543d46d5d23dafe520f853
-
SHA512
b9711c7b8a2fa7fb6257d13738662e3ab381693aa642a68f28f7a705b18e520cfb74d8e88ab04bfa8dd87d45f97bd86366ec5e3f33cb799b1cec833be6d5fe18
-
SSDEEP
786432:B72Jh0QWV3emCsQFEebPIGRl6XdXdf2zL:B72Jh0CTqaRSXpUL
Score
3/10
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/2024po.exe.vir unpack001/Timo.exe.vir unpack001/[D]2024年移动合作方人员出入管理门禁安装程序.exe.vir unpack001/考勤异常信息统计结果查询工具.exe.vir
Files
-
4x(24-06-27).rar.rar
-
2024po.exe.vir.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 24.8MB - Virtual size: 24.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 127KB - Virtual size: 126KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Timo.exe.vir.exe windows:6 windows x64 arch:x64
cbd03d548e96d66a238682ac4c7fe152
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetModuleFileNameA
VirtualProtect
VirtualFree
VirtualAlloc
CreateFileW
GetModuleHandleA
OpenProcess
Sleep
GetCurrentThread
GetSystemInfo
GetProcAddress
GetCurrentProcessId
GlobalMemoryStatusEx
GetTickCount
VirtualQueryEx
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualQuery
VirtualProtectEx
SetLastError
FreeLibrary
LoadLibraryExW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
CloseHandle
Sections
.text Size: 121KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
[D]2024年移动合作方人员出入管理门禁安装程序.exe.vir.exe windows:6 windows x64 arch:x64
c110cb8d12060febe265ec48153846e2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
E:\miansha\diaoyu\x64\Debug\diaoyu.pdb
Imports
kernel32
GetModuleHandleA
GetProcAddress
LoadLibraryA
CreateFileW
GetCurrentThreadId
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RtlPcToFileHeader
GetModuleHandleExW
GetStdHandle
WriteFile
ExitProcess
GetCommandLineA
GetCommandLineW
HeapSize
HeapValidate
GetSystemInfo
GetFileType
OutputDebugStringW
WriteConsoleW
SetConsoleCtrlHandler
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
HeapReAlloc
HeapQueryInformation
GetFileSizeEx
SetFilePointerEx
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
ReadConsoleW
CloseHandle
RtlUnwind
Sections
.textbss Size: - Virtual size: 380KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 811KB - Virtual size: 811KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 188KB - Virtual size: 187KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 512B - Virtual size: 278B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 283B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 147KB - Virtual size: 147KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
点击此处安装语言包.exe.vir.exe windows:6 windows x86 arch:x86
7ecca5b83f5c154d3e2fae824099d2c4
Code Sign
0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-01-2021 00:00Not After06-01-2031 00:00SubjectCN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07-01-2016 12:00Not After07-01-2031 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29-04-2021 00:00Not After28-04-2036 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0f:c3:5e:9e:4e:dd:5b:cf:a4:be:5e:fe:96:b3:ac:27Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before08-07-2021 00:00Not After11-07-2022 23:59SubjectSERIALNUMBER=91110108700000458B,CN=Lenovo (Beijing) Limited,OU=ChinaServiceDriver,O=Lenovo (Beijing) Limited,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13104861696469616e204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29-04-2021 00:00Not After28-04-2036 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0f:c3:5e:9e:4e:dd:5b:cf:a4:be:5e:fe:96:b3:ac:27Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before08-07-2021 00:00Not After11-07-2022 23:59SubjectSERIALNUMBER=91110108700000458B,CN=Lenovo (Beijing) Limited,OU=ChinaServiceDriver,O=Lenovo (Beijing) Limited,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13104861696469616e204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-01-2021 00:00Not After06-01-2031 00:00SubjectCN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07-01-2016 12:00Not After07-01-2031 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3f:e5:8c:20:42:04:71:e0:de:ce:b2:df:ad:9d:e8:83:6b:32:cb:bb:6a:6f:e2:85:8e:a9:31:c8:49:cd:ee:d8Signer
Actual PE Digest3f:e5:8c:20:42:04:71:e0:de:ce:b2:df:ad:9d:e8:83:6b:32:cb:bb:6a:6f:e2:85:8e:a9:31:c8:49:cd:ee:d8Digest Algorithmsha256PE Digest Matchesfalse69:8d:27:74:10:60:58:3a:0c:c2:65:23:3e:6e:70:90:9f:f8:0f:b9Signer
Actual PE Digest69:8d:27:74:10:60:58:3a:0c:c2:65:23:3e:6e:70:90:9f:f8:0f:b9Digest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FindResourceW
GetTickCount
LoadLibraryW
GetProcAddress
FreeLibrary
CreateDirectoryW
SetLastError
GetCommandLineW
FindNextFileW
GetCurrentProcess
FindClose
MultiByteToWideChar
GlobalFlags
GetSystemInfo
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateProcessW
WideCharToMultiByte
VirtualQuery
SetEvent
CreateThread
ResetEvent
GetSystemTimeAsFileTime
lstrcmpiW
LockResource
WriteConsoleW
FlushFileBuffers
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleOutputCP
GetFileType
SetFilePointerEx
GetStdHandle
GetCommandLineA
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
OutputDebugStringW
FreeResource
InitializeCriticalSection
SizeofResource
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
TryEnterCriticalSection
GetProcessHandleCount
HeapFree
TerminateProcess
OpenProcess
GetCurrentProcessId
GetLocalTime
WriteFile
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetModuleHandleW
IsDebuggerPresent
CreateEventW
GetModuleFileNameW
CloseHandle
LoadResource
CreateFileW
Sleep
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
user32
PeekMessageW
GetMessageW
TranslateMessage
DefWindowProcW
DestroyWindow
MessageBoxW
ReleaseDC
DispatchMessageW
CharNextW
MonitorFromWindow
GetDC
LoadImageW
GetParent
GetDesktopWindow
LoadCursorW
LoadIconW
LoadStringW
SendMessageW
GetWindowLongW
WaitForInputIdle
gdi32
CreateDIBSection
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject
SelectObject
SetDIBColorTable
advapi32
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
shell32
ShellExecuteW
ole32
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
oleaut32
SystemTimeToVariantTime
VarUI4FromStr
comctl32
ImageList_AddMasked
InitCommonControlsEx
ImageList_Create
ImageList_Destroy
ws2_32
WSACleanup
gdiplus
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdiplusStartup
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette
GdipSetCompositingMode
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipFree
GdipGetImageWidth
Exports
Exports
?get_active_implementation@simdutf@@YAAAV?$atomic_ptr@$$CBVimplementation@simdutf@@@internal@1@XZ
?get_available_implementations@simdutf@@YAABVavailable_implementation_list@internal@1@XZ
Sections
.text Size: 213KB - Virtual size: 212KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10.5MB - Virtual size: 10.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
票925452362131助手.exe.vir.exe windows:6 windows x64 arch:x64
e0f22ad3c983aa9c9ce4afda13b27307
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
19:9d:f8:9eCertificate
IssuerCN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CNNot Before08-08-2009 01:00Not After08-08-2024 01:00SubjectCN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CNKey Usages
KeyUsageCertSign
KeyUsageCRLSign
09:69:0a:76:fb:97:7eCertificate
IssuerCN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CNNot Before28-06-2013 06:37Not After29-06-2014 18:56SubjectCN=沈阳芝麻开门科技有限公司,O=沈阳芝麻开门科技有限公司,L=沈阳市,ST=辽宁省,C=CN,1.2.840.113549.1.9.1=#0c12627573696e65737340356b626f782e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Key Usages
KeyUsageDigitalSignature
3dCertificate
IssuerCN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=ILNot Before01-03-2011 01:00Not After01-03-2016 01:00SubjectCN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CNKey Usages
KeyUsageCertSign
KeyUsageCRLSign
03:42:61:f3:3a:45:2a:0d:36:5d:6e:ad:fa:c8:b1:d2:f9:ac:1f:6aSigner
Actual PE Digest03:42:61:f3:3a:45:2a:0d:36:5d:6e:ad:fa:c8:b1:d2:f9:ac:1f:6aDigest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
LocalAlloc
HeapAlloc
GetProcessHeap
LocalReAlloc
GetModuleFileNameA
GetCurrentProcess
WriteFile
VirtualAlloc
CreateMutexW
GetCurrentThreadId
EnumSystemLocalesA
GetTempPathA
HeapFree
DeleteFileA
ExitProcess
WinExec
Sleep
LoadLibraryW
GetProcAddress
SetEndOfFile
WriteConsoleW
CreateFileW
SetStdHandle
SetEnvironmentVariableW
DeleteCriticalSection
DecodePointer
RaiseException
CloseHandle
GetLastError
FindClose
GetEnvironmentVariableA
InitializeCriticalSectionEx
FindNextFileA
CreateFileA
FindFirstFileA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapSize
HeapReAlloc
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
RtlUnwind
IsValidLocale
GetFileType
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LocalFree
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
FreeLibrary
LoadLibraryExW
user32
MessageBoxA
advapi32
RegSetValueExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExW
shell32
FindExecutableA
ord680
oleaut32
VariantClear
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sections
.text Size: 149KB - Virtual size: 148KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 86KB - Virtual size: 86KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 545KB - Virtual size: 550KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
考勤异常信息统计结果查询工具.exe.vir.exe windows:6 windows x64 arch:x64
f0ea7b7844bbc5bfa9bb32efdcea957c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 236KB - Virtual size: 607KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
/4 Size: 512B - Virtual size: 295B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/19 Size: 376KB - Virtual size: 375KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/32 Size: 75KB - Virtual size: 74KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/46 Size: 512B - Virtual size: 34B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/65 Size: 647KB - Virtual size: 647KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/78 Size: 497KB - Virtual size: 497KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/90 Size: 126KB - Virtual size: 126KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 307KB - Virtual size: 306KB
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ