xmrig | PKSJ Malware[.]zip

Resubmissions

08-10-2022 00:17

221008-alen5seafl 10

07-10-2022 06:08

221007-gv6mjsbhhn 10

Sharing

Copy URL

Twitter E-mail

General

Target

PKSJ Malware.zip
Size

13.0MB
MD5

f364e0c7d99f303101114aa5affa3312
SHA1

1663193c0b5fd858307a7d8ae5be9c823d7244e9
SHA256

3a0f0986193d0dc5e03ca1229e2509287593c03247e32bb5424009bc35e80738
SHA512

7b7b82a2a9ba7eb180893e59f8ca251bc15b7dfb1096a513cb8f75b710e5bf12d8d3552e5ad4e24df067ed898f74a051bc8389f0855712b645ae98f967c2d691
SSDEEP

393216:jBMytqydJ/P6ucYTPZN91ZwBxF+CFa93lgf1:jaDyf/PFN91ZuIW9

Score

10^/10

miner 0 upx macro macro_on_action ono33 xmrig cobaltstrike trickbot

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Extracted

Family

trickbot

Version

1000501

Botnet

ono33

5.182.210.226:443

5.182.210.120:443

185.65.202.183:443

212.80.217.243:443

85.143.218.249:443

194.5.250.178:443

198.15.119.121:443

107.175.87.142:443

185.14.31.72:443

188.165.62.2:443

194.5.250.179:443

198.15.119.71:443

185.14.29.4:443

185.99.2.202:443

192.3.193.162:443

89.191.234.89:443

195.54.32.12:443

31.131.21.30:443

5.34.177.194:443

190.214.13.2:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Signatures

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
static1/unpack001/PKSJ Malware/1/VirusShare_0a2d1ecedf3f79754aa2c18d62e75287	cobalt_reflective_dll

Cobaltstrike family
cobaltstrike
Trickbot family
trickbot

XMRig Miner payload 1 IoCs

miner

Processes:

resource	yara_rule
static1/unpack001/PKSJ Malware/1/VirusShare_0a2d1ecedf3f79754aa2c18d62e75287	xmrig

Xmrig family
xmrig

Office macro that triggers on suspicious action 7 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

Processes:

resource	yara_rule
static1/unpack001/PKSJ Malware/1/VirusShare_0fea640a7da27f365b3675f73626b9c9	office_macro_on_action
static1/unpack001/PKSJ Malware/2/VirusShare_3f0b1eed4b7b9ae05fab4d949843f103	office_macro_on_action
static1/unpack001/PKSJ Malware/3/VirusShare_3fb34964fa7b8c6bfad8d960380ff04e	office_macro_on_action
static1/unpack001/PKSJ Malware/4/VirusShare_4b8eb7fe75f72c1c5c1f80af9cd165d2	office_macro_on_action
static1/unpack001/PKSJ Malware/5/VirusShare_067c4f4a0dc9cbf4829faba0173b2716	office_macro_on_action
static1/unpack001/PKSJ Malware/5/VirusShare_9f644bd37d57a34bc92336111209e3ed	office_macro_on_action
static1/unpack001/PKSJ Malware/6/VirusShare_26bac03db47a2a447c72096d28cf20d8	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

Processes:

resource
static1/unpack001/PKSJ Malware/1/VirusShare_0fea640a7da27f365b3675f73626b9c9

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/PKSJ Malware/1/VirusShare_0aee78510c46e3a200b6bc21ac1c954d	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack001/PKSJ Malware/6/VirusShare_7d1689a52a3c7d32b8b7d728bbe3efa2	autoit_exe

Files

PKSJ Malware.zip
.zip

Password: infected
PKSJ Malware/1/VirusShare_0a2d1ecedf3f79754aa2c18d62e75287
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PKSJ Malware/1/VirusShare_0aee78510c46e3a200b6bc21ac1c954d
.exe windows x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:86:44:63:bb:bc:2e:4e:67:d4:27:71:e4:cb:d9:a5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21-04-2017 00:00

Not After

04-02-2020 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,OU=RD Department,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:e0:b5:be:99:0e:46:a6:96:3f:d9:a1:0d:d4:bb:ac
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19-04-2017 00:00

Not After

03-02-2020 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,OU=RD Department,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08-04-2015 01:00

Not After

08-04-2023 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:c8:f0:70:80:b1:2b:f4:14:36:02:ff:c8:11:86:e8:9e:6e:a6:68:d2:b6:8b:d0:e0:e4:4b:9e:c3:1e:8f:09
Signer

Actual PE Digest

8c:c8:f0:70:80:b1:2b:f4:14:36:02:ff:c8:11:86:e8:9e:6e:a6:68:d2:b6:8b:d0:e0:e4:4b:9e:c3:1e:8f:09

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,OU=RD Department,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=Zhuhai,ST=Guangdong,C=CN

27-03-2018 18:06
Valid: false

a2:71:64:f3:87:e9:1d:ac:6e:ca:7d:87:06:ba:6e:06:ff:b4:8d:8f
Signer

Actual PE Digest

a2:71:64:f3:87:e9:1d:ac:6e:ca:7d:87:06:ba:6e:06:ff:b4:8d:8f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,OU=RD Department,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=Zhuhai,ST=Guangdong,C=CN

27-03-2018 18:06
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 509KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PKSJ Malware/1/VirusShare_0fea640a7da27f365b3675f73626b9c9
.xls windows office2003

Sem

Page1

Module1

UserForm1

Module2

Class1

UserForm6

Page11

Module6

Module5

Module4
PKSJ Malware/1/VirusShare_1ba8249d8503c0cf7bc125588c43bef9
.doc windows office2003

Aojplemq

Jeuwzqvsdrcqz

Rgzhzedt
PKSJ Malware/1/VirusShare_3cd9a967b67fe69351e390195ca7a430
.pdf
PKSJ Malware/2/VirusShare_01b55404de50bd1a56343b2f316ff88d
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PKSJ Malware/2/VirusShare_1ad9a67240d5775395c45b64dd6529fa
.exe windows x86

483f0c4259a9148c34961abbda6146c1

Code Sign

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11-09-2018 09:26

Not After

11-09-2023 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:f8:da:05:30:f5:16:06
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

29-01-2019 08:48

Not After

29-01-2020 08:48

Subject

CN=Rabbit Speedy (Superior Media Ltd.),O=Rabbit Speedy (Superior Media Ltd.),L=Tel Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24-06-2016 20:44

Not After

24-06-2031 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:40:24:7a:c9:3b:7b:19:d6:51:17:2f:8e:a5:56:5d:21:0d:23:88
Signer

Actual PE Digest

ab:40:24:7a:c9:3b:7b:19:d6:51:17:2f:8e:a5:56:5d:21:0d:23:88

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Rabbit Speedy (Superior Media Ltd.),O=Rabbit Speedy (Superior Media Ltd.),L=Tel Aviv,ST=Israel,C=IL

06-10-2022 18:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PKSJ Malware/2/VirusShare_2fe5b00079aec2d8369a798230313ec8
.doc windows office2003

Xmtcmcovmi

Rlndryuf

Sfxuqprex
PKSJ Malware/2/VirusShare_3f0b1eed4b7b9ae05fab4d949843f103
.doc .vbs windows office2003

ThisWorkbook

Sheet1

Sheet2

Sheet3

Sheet4

Module1
PKSJ Malware/2/VirusShare_480ef02bb062a57724e1b3e14532a140
.pdf
PKSJ Malware/3/VirusShare_3fb34964fa7b8c6bfad8d960380ff04e
.doc .vbs windows office2003

ThisWorkbook

Sheet1

Sheet2

Sheet3

Sheet4

Module1
PKSJ Malware/3/VirusShare_4675e87be15585e66b0c88b833dd9ecd
.pdf
PKSJ Malware/3/VirusShare_4aa5734fe9c86184f931f4ddaf2d4d7b
.exe windows x86

a32f20584ee1cae950a64ef226eea819

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord666
ord595
ord596
ord525
EVENT_SINK_AddRef
ord568
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ProcCallEngine
ord646
ord571
ord575
ord100
ord689
ord541
ord544
ord545
ord546
ord547
ord580

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PKSJ Malware/3/VirusShare_5c8b670c503455baafbff400a446cf82
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PKSJ Malware/3/VirusShare_6ad036ba93c94d6976e2d93c7a3aec6f
.doc windows office2003

Hsheolxjq

Ytxatmhtmzwws

Gwgukvssw
PKSJ Malware/4/VirusShare_4b8eb7fe75f72c1c5c1f80af9cd165d2
.doc windows office2003

ThisWorkbook

Sheet1

Module1

AttachedFile

AttachedFiles

Module2

Sheet2
PKSJ Malware/4/VirusShare_6d2d7d94fe5faab76b3e786e7d810c1d
.exe windows x86

7e7fe8e87abf6a0f8fc87713f2d5769f

Code Sign

34:23:10:43:1d:85:06:82:47:47:b2:14:f7:44:9f:d9
Certificate

Issuer

CN=xPCAPInc,1.2.840.113549.1.9.1=#0c117465616d407870636170696e632e636f6d

Not Before

28-11-2019 00:00

Not After

28-11-2020 23:59

Subject

CN=xPCAPInc,1.2.840.113549.1.9.1=#0c117465616d407870636170696e632e636f6d

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetWsChangesEx
GetMappedFileNameW
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModulesEx

kernel32

IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
ExitProcess
GetModuleFileNameA
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
EnumSystemLocalesW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
GetCPInfo
LCMapStringW
GetStringTypeW
OutputDebugStringW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetTimeZoneInformation
SetFilePointerEx
GetModuleHandleExW
GetConsoleMode
WriteConsoleW
SetConsoleCtrlHandler
SetEnvironmentVariableW
SizeofResource
ReadConsoleW
GetConsoleCP
FindFirstFileExA
FindFirstFileExW
FindNextFileA
LockResource
LoadResource
FindResourceW
MultiByteToWideChar
FindNextFileW
Sleep
CloseHandle
TerminateThread
ResumeThread
GetExitCodeThread
CreateFileW
WriteFile
GetTempPathW
GetShortPathNameW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateFileA
GetFileSize
ReadFile
SetLastError
RemoveDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedDecrement
GetVolumeInformationW
WideCharToMultiByte
FindFirstVolumeW
GetModuleFileNameW
CreateDirectoryW
GetFileAttributesW
GetExitCodeProcess
lstrlenW
WaitForSingleObject
MulDiv
ResetEvent
SetEvent
GetPrivateProfileSectionW
GetPrivateProfileStringW
LocalFree
GetPrivateProfileIntW
WritePrivateProfileStringW
BackupRead
DebugActiveProcess
DnsHostnameToComputerNameW
EnumTimeFormatsW
FlsAlloc
GetCommState
GetDurationFormatEx
GetSystemDefaultLocaleName
GetTempFileNameW
GetThreadPreferredUILanguages
LocalLock
OpenMutexA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObjectEx
LocalUnlock
GetUserDefaultLCID
ReplaceFileW
GetDiskFreeSpaceW
GetProfileIntW
GetTickCount
FindResourceExW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
SetErrorMode
SystemTimeToTzSpecificLocalTime
SetFileAttributesW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
lstrcpyW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
SetLocaleInfoW
CopyFileW
SetThreadpoolThreadMaximum
SetWaitableTimer
FileTimeToSystemTime
CompareStringA
GetVersionExW
GetCurrentThread
GetAtomNameW
GlobalGetAtomNameW
CreateSemaphoreW
WaitForMultipleObjects
CreateMutexW
ReleaseMutex
ReleaseSemaphore
lstrcmpA
GetStringTypeExW
MoveFileW
lstrcmpiW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
GetThreadLocale
SuspendThread
SetThreadPriority
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
GetCurrentProcessId
GetModuleHandleA
OutputDebugStringA
FormatMessageW
GlobalSize
GlobalAlloc
GetLongPathNameW
LocalAlloc
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
HeapDestroy
DecodePointer
RaiseException
HeapReAlloc
HeapSize
ExpandEnvironmentStringsW
SearchPathW
SetFilePointer
GetProcessId
CreateEventW
GlobalUnlock
GlobalLock
FreeResource
GlobalFree
OpenProcess
AssignProcessToJobObject
CreateJobObjectW
GetDriveTypeW
GetLogicalDrives
HeapFree
GetProcessHeap
HeapAlloc
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
WritePrivateProfileSectionW
GetCurrentProcess
SetUnhandledExceptionFilter
WriteConsoleA
TlsAlloc
RtlCaptureContext

user32

GetMenuDefaultItem
MessageBeep
GetNextDlgGroupItem
DeleteMenu
WaitMessage
InvalidateRgn
CopyAcceleratorTableW
GetAsyncKeyState
CopyImage
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
TrackMouseEvent
GetDialogBaseUnits
RealChildWindowFromPoint
GetSysColorBrush
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
MsgWaitForMultipleObjectsEx
CharUpperW
MapVirtualKeyW
GetKeyNameTextW
IntersectRect
CharNextW
TranslateMessage
GetMessageW
LoadMenuW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
SendNotifyMessageW
MonitorFromRect
WinHelpW
GetScrollInfo
EnableScrollBar
UnhookWindowsHookEx
SetWindowsHookExW
GetClassLongW
EqualRect
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
SetScrollPos
ScrollWindow
ValidateRect
TrackPopupMenuEx
SetMenu
GetMenu
IsIconic
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
InSendMessage
PeekMessageW
DispatchMessageW
IsDialogMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
ScrollWindowEx
GetFocus
SetFocus
GetDlgCtrlID
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
HideCaret
InvertRect
NotifyWinEvent
EnumDisplayMonitors
SetClassLongW
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
DrawIcon
RegisterClipboardFormatW
LoadAcceleratorsW
TranslateAcceleratorW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
UnionRect
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
CharUpperBuffW
IsClipboardFormatAvailable
EnumChildWindows
SetScrollInfo
DrawMenuBar
GetWindowRect
SetWindowLongW
GetWindowLongW
ShowWindow
LoadCursorW
GetClientRect
FillRect
InvalidateRect
EnableWindow
MoveWindow
IsWindowVisible
GetParent
PostMessageW
MessageBoxW
LoadIconW
SendMessageW
SetTimer
KillTimer
DestroyIcon
DestroyCursor
LoadImageW
GetIconInfo
RedrawWindow
LoadBitmapW
GetActiveWindow
GetCapture
SetCapture
ClientToScreen
WindowFromPoint
ReleaseCapture
CopyRect
FrameRect
InflateRect
GetSysColor
OffsetRect
DrawStateW
DrawFocusRect
SetCursor
GetDC
PtInRect
ReleaseDC
GetSystemMetrics
SetRect
IsRectEmpty
GetCursorPos
ScreenToClient
DrawIconEx
GetScrollPos
GetMessagePos
MapWindowPoints
IsWindow
RegisterWindowMessageW
WaitForInputIdle
UpdateWindow
BeginDeferWindowPos
EndDeferWindowPos
GetWindow
GetClassNameW
FindWindowW
CreateMenu
WindowFromDC
GetWindowRgn
GetDCEx
GetTabbedTextExtentW
GetMessageTime
GetDesktopWindow
InsertMenuItemW
MonitorFromWindow
RealGetWindowClassA
SetWindowRgn
ShutdownBlockReasonQuery
AnyPopup
CallNextHookEx
CreateMDIWindowW
DefFrameProcW
EndMenu
GetCaretBlinkTime
GetClassInfoExA
GetTopWindow
SetLayeredWindowAttributes
GetKeyState
DeferWindowPos
CreatePopupMenu
AppendMenuW
SetForegroundWindow
TrackPopupMenu
GetWindowThreadProcessId
GetForegroundWindow
SetWindowPos
MessageBoxExW
DefWindowProcW
GetUpdateRect
BeginPaint
EndPaint
CallWindowProcW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
SetRectEmpty
SendDlgItemMessageA
GetLastActivePopup
SetActiveWindow
IsWindowEnabled
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
UnregisterClassW
wsprintfW

gdi32

CreateFontIndirectW
GetObjectW
DeleteObject
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextColor
CombineRgn
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
GetRgnBox
CreatePalette
SelectObject
GetPaletteEntries
GetSystemPaletteEntries
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
SetPixel
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
EnumFontFamiliesExW
OffsetRgn
GetCurrentObject
CreateFontW
GetCharWidthW
StretchDIBits
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
StretchBlt
GetStockObject
GetTextExtentPoint32W
CreatePen
GetDeviceCaps
GetViewportOrgEx
SetViewportOrgEx
Rectangle
AddFontResourceW
CreateBrushIndirect
GetGlyphOutlineW
GetKerningPairsW
RealizePalette
SaveDC
GetBkColor
RemoveFontResourceW
DeleteDC
CopyMetaFileW
CreateDCW
CreateBitmap
CreateDIBPatternBrushPt
CreateHatchBrush
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetBkMode
SetMapperFlags
GetLayout
SetGraphicsMode
SetMapMode
SetLayout
GetNearestPaletteIndex
GetCurrentPositionEx

msimg32

AlphaBlend
TransparentBlt
GradientFill

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetJobW

advapi32

OpenProcessToken
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW
RegQueryValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueW
RegDeleteValueW
DuplicateTokenEx
RegSetKeySecurity
BuildExplicitAccessWithNameW
LookupAccountSidW
ConvertStringSidToSidW
RegGetKeySecurity
RegCreateKeyExA
RegOpenKeyExA
GetSecurityDescriptorDacl
GetLengthSid
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
CheckTokenMembership
RegSetValueExA
RegSaveKeyExA
RegQueryInfoKeyA
RegEnumValueW
RegEnumValueA
GetUserNameA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CreateWellKnownSid
FreeSid
SetSecurityInfo
SetEntriesInAclW
AllocateAndInitializeSid
GetSecurityInfo
RegCreateKeyExW
RegEnumKeyW

shell32

ShellExecuteW
SHQueryRecycleBinW
SHGetFolderPathW
SHAppBarMessage
ord165
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHAddToRecentDocs
ExtractIconW
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHGetMalloc
SHBrowseForFolderW
ShellExecuteExW
SHGetSpecialFolderPathA

shlwapi

StrToIntW
SHGetValueW
PathFindFileNameW
SHSetValueW
PathFileExistsA
PathAppendA
StrCpyW
PathIsDirectoryW
UrlEscapeW
StrFormatByteSizeW
StrStrIW
PathGetCharTypeA
SHCopyKeyW
ord487
SHDeleteValueW
SHDeleteKeyW
ord217
PathRemoveFileSpecW
ord276
PathUnquoteSpacesW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathIsDirectoryA
StrFormatKBSizeW

uxtheme

DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
IsAppThemed
GetThemeSysColor
GetThemePartSize
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData

ole32

CoRegisterMessageFilter
CoRegisterClassObject
PropVariantCopy
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
OleUninitialize
OleInitialize
StgOpenStorageOnILockBytes
CoGetClassObject
OleRun
CoDisconnectObject
StringFromGUID2
CLSIDFromProgID
SetConvertStg
OleRegGetUserType
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
OleSave
OleCreateEmbeddingHelper
HWND_UserUnmarshal
CoFreeUnusedLibraries
CoCreateFreeThreadedMarshaler
CoInitializeSecurity
CLSIDFromString
StringFromCLSID
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
CoRevokeClassObject
ReleaseStgMedium

oleaut32

SafeArrayCopyData
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayLock
SysReAllocString
VarBoolFromUI4
VarDecFix
VarDecRound
VarI1FromDisp
VarI2FromDisp
VarNot
VarR4FromUI8
VarUI1FromI4
VarUI4FromR4
VarUI8FromR8
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayCreateVector
SysAllocStringLen
SysStringByteLen
OleSavePictureFile
VariantChangeType
OleCreateFontIndirect
SysReAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayRedim
CreateErrorInfo
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayUnlock
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarDecFromStr
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocStringByteLen
SysAllocString
GetErrorInfo
SetErrorInfo
VarBstrFromDec

oledlg

OleUIBusyW
OleUIPromptUserW
OleUIInsertObjectW
ord5
OleUIConvertW
ord12
ord2
ord8

setupapi

SetupDiDestroyDeviceInfoList
CM_Get_Device_IDW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiClassNameFromGuidW

winmm

mmioStringToFOURCCW
waveInAddBuffer
waveInGetDevCapsW
waveOutGetVolume
PlaySoundW
waveOutSetVolume

crypt32

CertOpenStore
CertFindCertificateInStore
CertGetNameStringW
CertCloseStore

gdiplus

GdipCreateBitmapFromFileICM
GdipGetImageWidth
GdipGetImagePixelFormat
GdipDisposeImage
GdipCloneImage
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipGetImageGraphicsContext
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageHeight
GdipCreateBitmapFromStreamICM

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PKSJ Malware/4/VirusShare_6defc6cf7eafa1d54935a26ba2cdc25e
.exe windows x64

104e3844f7d26941e527c62603133eee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
LoadLibraryA
Sleep
VirtualAlloc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PKSJ Malware/4/VirusShare_8f86d80d0220b9e18a2676956f9bc121
PKSJ Malware/4/VirusShare_9725d0f24a7a33ab98f6de9a5bb4c5d8
.pdf
PKSJ Malware/5/VirusShare_067c4f4a0dc9cbf4829faba0173b2716
.doc windows office2003

ThisDocument

Module1
PKSJ Malware/5/VirusShare_07bf56d11c86ee1ff9c4db02730c6aaf
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PKSJ Malware/5/VirusShare_44549c76c134c9ad180563fada222848
.pdf
PKSJ Malware/5/VirusShare_7d1f6cffc53e02256e5d6bd4b6691b55
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PKSJ Malware/5/VirusShare_9f644bd37d57a34bc92336111209e3ed
.doc .vbs windows office2003

ThisWorkbook

Sheet1

Sheet2

Sheet3

Sheet4

Module1
PKSJ Malware/6/VirusShare_26bac03db47a2a447c72096d28cf20d8
.doc .vbs windows office2003

ThisWorkbook

Sheet1

Sheet2

Sheet3

Sheet4

Module1
PKSJ Malware/6/VirusShare_53510216e695f817c35275cc2330ff3a
.pdf
PKSJ Malware/6/VirusShare_7d1689a52a3c7d32b8b7d728bbe3efa2
.exe windows x86

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PKSJ Malware/6/VirusShare_8ab6166526048c935765ecdc714febdd
.exe windows x86

1d1d25886af5c02c3fdb7cce11ebeb7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
GetModuleFileNameA
GetLocalTime
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateMutexA
GetLastError
GetTickCount
GetTempPathA
GetSystemDirectoryA
CreateProcessA
ExitProcess
ReadFile
GetProcessHeap
SetEndOfFile
GetModuleHandleA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
RaiseException
HeapAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

PostQuitMessage
EndPaint
BeginPaint
DefWindowProcA
RegisterClassExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PKSJ Malware/6/VirusShare_9373b04dd1464ab614b26b1654faf973
.doc windows office2003

AuapWicMiTR

jwjbwdvRmtdZD

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 619KB - Virtual size: 619KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 4KB - Virtual size: 2.5MB

.pdata Size: 17KB - Virtual size: 17KB

_TEXT_CN Size: 6KB - Virtual size: 6KB

_TEXT_CN Size: 7KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

60:86:44:63:bb:bc:2e:4e:67:d4:27:71:e4:cb:d9:a5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

44:e0:b5:be:99:0e:46:a6:96:3f:d9:a1:0d:d4:bb:acCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

8c:c8:f0:70:80:b1:2b:f4:14:36:02:ff:c8:11:86:e8:9e:6e:a6:68:d2:b6:8b:d0:e0:e4:4b:9e:c3:1e:8f:09Signer

Signature Validations

Verification

27-03-2018 18:06 Valid: false

a2:71:64:f3:87:e9:1d:ac:6e:ca:7d:87:06:ba:6e:06:ff:b4:8d:8fSigner

Signature Validations

Verification

27-03-2018 18:06 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 509KB - Virtual size: 512KB

.rsrc Size: 111KB - Virtual size: 112KB

Sem

Page1

Module1

UserForm1

Module2

Class1

UserForm6

Page11

Module6

Module5

Module4

Aojplemq

Jeuwzqvsdrcqz

Rgzhzedt

Headers

File Characteristics

Sections

.text Size: 105KB - Virtual size: 105KB

.data Size: 12KB - Virtual size: 11KB

.reloc Size: 3KB - Virtual size: 2KB

483f0c4259a9148c34961abbda6146c1

Code Sign

.text
Size: 619KB - Virtual size: 619KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 4KB - Virtual size: 2.5MB

.pdata
Size: 17KB - Virtual size: 17KB

_TEXT_CN
Size: 6KB - Virtual size: 6KB

_TEXT_CN
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:86:44:63:bb:bc:2e:4e:67:d4:27:71:e4:cb:d9:a5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

44:e0:b5:be:99:0e:46:a6:96:3f:d9:a1:0d:d4:bb:ac
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

8c:c8:f0:70:80:b1:2b:f4:14:36:02:ff:c8:11:86:e8:9e:6e:a6:68:d2:b6:8b:d0:e0:e4:4b:9e:c3:1e:8f:09
Signer

27-03-2018 18:06
Valid: false

a2:71:64:f3:87:e9:1d:ac:6e:ca:7d:87:06:ba:6e:06:ff:b4:8d:8f
Signer

27-03-2018 18:06
Valid: false

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 509KB - Virtual size: 512KB

.rsrc
Size: 111KB - Virtual size: 112KB

.text
Size: 105KB - Virtual size: 105KB

.data
Size: 12KB - Virtual size: 11KB

.reloc
Size: 3KB - Virtual size: 2KB

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

45:f8:da:05:30:f5:16:06
Certificate

64:33:51:d3:c7:38:9f:08
Certificate

ab:40:24:7a:c9:3b:7b:19:d6:51:17:2f:8e:a5:56:5d:21:0d:23:88
Signer

06-10-2022 18:34
Valid: false

.text
Size: 81KB - Virtual size: 80KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 44KB - Virtual size: 44KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 188KB - Virtual size: 185KB