c4f53d3e81e381da32aac7c2cd145fec8c9201e863997ff15cdac6ee7a16103b

Sharing

Copy URL Twitter E-mail

General

Target

c4f53d3e81e381da32aac7c2cd145fec8c9201e863997ff15cdac6ee7a16103b
Size

351KB
MD5

1aa93be95d3410ba02cd584b787a3b33
SHA1

a7ee5c0f83d0dd06094f8dc67d6028db41d7666e
SHA256

c4f53d3e81e381da32aac7c2cd145fec8c9201e863997ff15cdac6ee7a16103b
SHA512

60b9a1cb3a5885704decc438a947810d4949e1088fd1fdff96668163864b237cc85262129e3eede37689cca50325338b69025e2a36d498659df92aca37b97046
SSDEEP

6144:MkU5lwoOCSwOkGwRaesnaNhOrOOyaA2XLEovcAL5HaLlkyDJ7MbhJ5Kq70/Z3:XboLdGwzsaNMLya/xEzDJ7MbsB

Score

N/A

Malware Config

Signatures

Files

c4f53d3e81e381da32aac7c2cd145fec8c9201e863997ff15cdac6ee7a16103b
.zip
shuache2014/BaiSeJianYue.she
shuache2014/QQɳˢ.exe
.exe windows x86

38b77dfcc911203c1a3aa8da2125eb02

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaVarLateMemSt
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord319
_CIlog
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
shuache2014/SkinH.bas
shuache2014/SkinH.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.Hmily
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.52PoJie
Size: 96KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
shuache2014/TOMCTML32.OCX.exe
.exe windows x86

62944af135d6658bf844ff5e38fc4784

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaObjVar
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
ord319
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
_CIatan
__vbaStrMove
_allmul
_CItan
ord546
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
shuache2014/XinChunDaJie.she
װʹ˵.txt
QQ.url
.url

Sharing

General

Malware Config

Signatures

Files

38b77dfcc911203c1a3aa8da2125eb02

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 60KB - Virtual size: 56KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 48KB - Virtual size: 44KB

Headers

File Characteristics

Exports

Exports

Sections

.Hmily Size: - Virtual size: 228KB

.52PoJie Size: 96KB - Virtual size: 112KB

62944af135d6658bf844ff5e38fc4784

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 180KB - Virtual size: 177KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 60KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 48KB - Virtual size: 44KB

.Hmily
Size: - Virtual size: 228KB

.52PoJie
Size: 96KB - Virtual size: 112KB

.text
Size: 180KB - Virtual size: 177KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 12KB - Virtual size: 10KB