5da71079ddfce84f31ff070b3d251144b01fa44c02ff0fb88e68e2b09665551e

Sharing

Copy URL

Twitter E-mail

General

Target

5da71079ddfce84f31ff070b3d251144b01fa44c02ff0fb88e68e2b09665551e
Size

59KB
MD5

e9d9c649e0790c19c36eb3e4cb534609
SHA1

563eaff494a5f2e35d305d330407fc2af20b2dc9
SHA256

5da71079ddfce84f31ff070b3d251144b01fa44c02ff0fb88e68e2b09665551e
SHA512

aa4384a2969d16b286726b5a343eb3dd645854fc00058c2dc6a70a895b31583f3f371c729e4518f253b6ff9e1c48fbc0be22a6e409329b56939b18199a12f44b
SSDEEP

1536:2ZC+KIis87nI/H+W6Lv7crOMy5rpk33WFNbRu8G:2ZCrIise3bLv7Bnrpk3mFN9HG

Score

N/A

Malware Config

Signatures

Files

5da71079ddfce84f31ff070b3d251144b01fa44c02ff0fb88e68e2b09665551e
.rar
MemoryLoadDll/Form1.frm
MemoryLoadDll/MSSCCPRJ.SCC
MemoryLoadDll/Module1.bas
.vbs
MemoryLoadDll/Module2.bas
MemoryLoadDll/Module3.bas
.vbs
MemoryLoadDll/Module4.bas
MemoryLoadDll/SampleDLL.dll
.dll windows x86

d0b0ab81bf0e4cd20070f6525db9fd67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

_addNumbers@8
subNumbers

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MemoryLoadDll/clsASM.cls
.vbs
MemoryLoadDll/工程1.exe
.exe windows x86

b56e960c757a5ddf27b6dfe93f148b99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVargParmRef
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaVarIndexLoadRef
_adj_fprem1
__vbaCopyBytes
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
_CIsin
ord631
__vbaErase
__vbaVarZero
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
DllFunctionCall
ord563
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaUI1I2
ord601
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaUbound
__vbaGetOwner3
__vbaVarCat
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
_CIatan
__vbaUI1Str
__vbaStrMove
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MemoryLoadDll/工程1.vbp
MemoryLoadDll/工程1.vbw
MemoryLoadDll/移植代码必看-C运行时函数的 Win 32 等效 - Dbgger.mht
.eml

Sharing

General

Malware Config

Signatures

Files

d0b0ab81bf0e4cd20070f6525db9fd67

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 3KB - Virtual size: 3KB

b56e960c757a5ddf27b6dfe93f148b99

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 128KB - Virtual size: 127KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 128KB - Virtual size: 127KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB