414d68f1148a3b596cef9291ebd25582017349216f259819c4d7c6c66dc4384d

Sharing

Copy URL

Twitter E-mail

General

Target

414d68f1148a3b596cef9291ebd25582017349216f259819c4d7c6c66dc4384d
Size

560KB
MD5

8a50fcc6c2105975cb4c1a9d9c093011
SHA1

f2dfc211c94cc29752e72a9501205da3b8043a32
SHA256

414d68f1148a3b596cef9291ebd25582017349216f259819c4d7c6c66dc4384d
SHA512

3e15e35f58330a77f7c52fb59ab57ea4521d1e40952efd009eb5dba8adac28aaef334f8b2d9c4413acb40c16d697386266a3890734e872fb25011789307007d7
SSDEEP

12288:O0D9zdc587Zwdy9/HmX9mZhU37gevXw9zW0c9wOV72y022TlEkumCU:OCmqgy9/GX9+qLo9a1JqTik7

Score

N/A

Malware Config

Signatures

Files

414d68f1148a3b596cef9291ebd25582017349216f259819c4d7c6c66dc4384d
.zip
??????.txt
??????.url
.url
QQ??????.exe
.exe windows x86

a742ca0bd563c7ff78315e532e091d3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
_adj_fprem1
ord626
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
ord528
__vbaVarTstEq
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
_CIlog
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaVarDup
__vbaVarLateMemCallLd
__vbaUnkVar
__vbaVarSetObjAddref
_CIatan
__vbaForEachVar
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UnRAR.exe
.exe windows x86

c55d3b1108334dbc363288ef56ea8bff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
LocalFree
FormatMessageW
CloseHandle
GetCurrentProcess
CreateHardLinkW
SetFileTime
DeleteFileW
RemoveDirectoryW
DeviceIoControl
CreateDirectoryW
CreateFileW
MoveFileW
GetShortPathNameW
GetLongPathNameW
SetFilePointer
SetEndOfFile
ReadFile
FlushFileBuffers
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetFileAttributesW
SetFileAttributesW
ExpandEnvironmentStringsW
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetModuleFileNameW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleHandleW
SetErrorMode
FreeLibrary
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetCurrentProcessId
GetLastError
SetThreadPriority
GetCurrentThread
SetPriorityClass
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
WaitForSingleObject
GetProcessAffinityMask
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
SetEvent
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
GetCPInfo
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetLocaleInfoA
SetConsoleCtrlHandler
Sleep
WriteFile
WriteConsoleW
SetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
GetConsoleMode
CompareStringA
GetCommandLineW
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
ExitProcess
RaiseException
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
SetStdHandle
GetConsoleCP
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

CharUpperW
CharLowerW
MessageBeep
ExitWindowsEx
LoadStringW
CharToOemBuffW
OemToCharBuffA
OemToCharA
CharToOemA

advapi32

RegQueryValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
data.exe
.exe windows x86

d9a170116d365d3b9adc44fb1cf2de5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
system
vfprintf

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/105
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pack.rar
.rar

Sharing

General

Malware Config

Signatures

Files

a742ca0bd563c7ff78315e532e091d3c

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 236KB - Virtual size: 233KB

c55d3b1108334dbc363288ef56ea8bff

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 229KB - Virtual size: 229KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 6KB - Virtual size: 90KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 10KB - Virtual size: 10KB

.rmnet Size: 56KB - Virtual size: 60KB

d9a170116d365d3b9adc44fb1cf2de5d

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 44B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

/4 Size: 1024B - Virtual size: 760B

/19 Size: 42KB - Virtual size: 41KB

/31 Size: 6KB - Virtual size: 6KB

/45 Size: 7KB - Virtual size: 6KB

/57 Size: 2KB - Virtual size: 1KB

/70 Size: 1024B - Virtual size: 754B

/81 Size: 3KB - Virtual size: 3KB

/92 Size: 19KB - Virtual size: 19KB

/105 Size: 1024B - Virtual size: 560B

.text
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 236KB - Virtual size: 233KB

.text
Size: 229KB - Virtual size: 229KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 6KB - Virtual size: 90KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 10KB - Virtual size: 10KB

.rmnet
Size: 56KB - Virtual size: 60KB

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 1024B - Virtual size: 760B

/19
Size: 42KB - Virtual size: 41KB

/31
Size: 6KB - Virtual size: 6KB

/45
Size: 7KB - Virtual size: 6KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 1024B - Virtual size: 754B

/81
Size: 3KB - Virtual size: 3KB

/92
Size: 19KB - Virtual size: 19KB

/105
Size: 1024B - Virtual size: 560B