8a1bd135aa45c8df80a6bb733235bd976caef3ee7cc2c9a3e6784585f7384925

Sharing

Copy URL

Twitter E-mail

General

Target

8a1bd135aa45c8df80a6bb733235bd976caef3ee7cc2c9a3e6784585f7384925
Size

4.5MB
MD5

ffdff64cff1b0d81d566f4fc112eded6
SHA1

4100b60bcc97b0c316f03c1f6ac69b1b59fa70eb
SHA256

8a1bd135aa45c8df80a6bb733235bd976caef3ee7cc2c9a3e6784585f7384925
SHA512

0e89f3074988f8e16d761f64b9c7120a9abf17c3d5c8ce7f5c7b09eb33af8eeb7588ce096da417d4688d54ac7d1e58024e4aa29bb41550d35c46a4676597c987
SSDEEP

98304:KZFUuoFL3X5KLSb8h0aNvtqZvLDdVLGJLluDwHOHAIT:I+KLSb8hhfYtV6DuMHOHpT

Score

N/A

Malware Config

Signatures

Files

8a1bd135aa45c8df80a6bb733235bd976caef3ee7cc2c9a3e6784585f7384925
.rar
GisTool/GisTool.chm
.chm
GisTool/Install.exe
.exe windows x86

4e5e43d4c53191d8b3b02edfad58ebab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaResume
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaAryVar
__vbaAryDestruct
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVarNull
_CIsin
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord531
__vbaFPException
__vbaUbound
__vbaVarCat
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
ord616
__vbaVarLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaStrMove
__vbaAryCopy
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
ord580

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GisTool/install.dat
.cab
GisTool/runlib.dat
.cab
GisTool/runlib.exe
.exe windows x86

3d9405469d16b475997a5f2066143c7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaAryDestruct
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaStrToAnsi
__vbaVarDup
ord617
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GisTool/说明.txt
Readme-说明.htm
.html

Sharing

General

Malware Config

Signatures

Files

4e5e43d4c53191d8b3b02edfad58ebab

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 40KB - Virtual size: 38KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

3d9405469d16b475997a5f2066143c7e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 40KB - Virtual size: 38KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 20KB