09c7076514d32c660c7250b0c365b204

Sharing

Copy URL

Twitter E-mail

General

Target

09c7076514d32c660c7250b0c365b204
Size

280KB
MD5

09c7076514d32c660c7250b0c365b204
SHA1

a2151fadc22ccb4a58d8111b020c55e8d4c0c71a
SHA256

02a26f8f64889b2e8c73b107d538a41c0985b329d21e7082a99bbee20141e0bc
SHA512

6b97ba1372e2d53c15f653ba92124ec9706cd4df4d267dad118c071bb9a1a3a2e92471db52bb1dd091533bfeff7def79659f1aad793edb218731697579146f6b
SSDEEP

6144:kcTqb++elas6UYr7nSsWh3G8DQtWSjtIJ7KAgCwy5kW:Dqb+FavUY3Q8LjtEKPZW

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BugReport.exe
unpack001/WindowHider.exe
unpack001/psapi.dll

Files

09c7076514d32c660c7250b0c365b204
.rar
BugReport.exe
.exe windows:4 windows x86 arch:x86

fff61fd9f63a42b2bc1f317f6dcfd930

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord669
__vbaExitProc
ord300
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord306
__vbaStrFixstr
ord309
_CIsin
__vbaErase
ord631
ord632
ord525
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaGet4
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
ord567
__vbaFixstrConstruct
__vbaStrR8
__vbaR8Cy
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
ord717
__vbaStrVarVal
__vbaVarCat
ord535
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
ord610
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord612
__vbaFpI2
ord616
ord617
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaCastObj
ord619
ord650
_allmul
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
History.txt
Options.ini
Readme-说明.htm
.html
WindowHider.exe
.exe windows:4 windows x86 arch:x86

2903d578245da3d68b7ea2cb93aa037d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaR8FixI4
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
ord588
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaRaiseEvent
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaVarSetVarAddref
__vbaI2Abs
__vbaResume
__vbaCopyBytes
__vbaVarCmpNe
__vbaStrCat
__vbaForEachCollAd
ord660
__vbaLsetFixstr
ord553
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarCmpGe
__vbaVarIndexLoadRefLock
ord669
__vbaLateMemSt
ord591
EVENT_SINK2_Release
__vbaStrBool
ord593
__vbaExitProc
__vbaForEachCollObj
__vbaI4Abs
ord594
__vbaOnError
__vbaObjSet
ord595
__vbaStrLike
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord599
__vbaFpR4
ord520
__vbaStrFixstr
__vbaBoolVar
__vbaRefVarAry
__vbaVarTstLt
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord631
ord709
__vbaErase
__vbaVargVarMove
ord525
ord632
__vbaNextEachCollObj
__vbaVarZero
__vbaChkstk
__vbaCyVar
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
__vbaVarLikeVar
ord562
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
ord567
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord712
ord605
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
ord607
__vbaI2Str
ord715
ord608
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaGetOwner4
__vbaVarCat
ord535
__vbaDateVar
__vbaI2Var
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord570
ord648
__vbaNew2
__vbaInStr
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaFpI2
ord616
__vbaVarCopy
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarSetObjAddref
__vbaRecDestructAnsi
ord617
__vbaLateMemCallLd
_CIatan
ord618
__vbaUI1Str
__vbaStrMove
__vbaCastObj
__vbaAryCopy
__vbaStrVarCopy
__vbaI4Cy
__vbaForEachVar
ord619
ord542
__vbaLateIdNamedCall
_allmul
__vbaLateIdSt
ord545
_CItan
ord546
__vbaNextEachCollAd
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign
ord581

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
psapi.dll
.dll windows:5 windows x86 arch:x86

56c78d77e4cd475b23af92183b7936ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind
wcslen
wcschr
_stricmp
atoi
NtStopProfile
sprintf
_chkstk
DbgPrint
RtlUnicodeToOemN
RtlAdjustPrivilege
RtlMultiByteToUnicodeN
NtAllocateVirtualMemory
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation
RtlNtStatusToDosError

kernel32

GetSystemInfo
LoadLibraryA
InterlockedExchange
FreeLibrary
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
DisableThreadLibraryCalls
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
CloseHandle
GetProcessHeap
LocalFree
LocalAlloc
SetLastError
MultiByteToWideChar
WideCharToMultiByte
ReadProcessMemory
RaiseException
SetProcessWorkingSetSize
GetProcessWorkingSetSize
lstrcpyA
lstrlenA
HeapFree
HeapAlloc

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumPageFilesA
EnumPageFilesW
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetPerformanceInfo
GetProcessImageFileNameA
GetProcessImageFileNameW
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

fff61fd9f63a42b2bc1f317f6dcfd930

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 48KB - Virtual size: 46KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 5KB

2903d578245da3d68b7ea2cb93aa037d

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 4KB - Virtual size: 45KB

.rsrc Size: 44KB - Virtual size: 40KB

56c78d77e4cd475b23af92183b7936ad

Headers

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 3KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 1024B - Virtual size: 964B

.text
Size: 48KB - Virtual size: 46KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 4KB - Virtual size: 45KB

.rsrc
Size: 44KB - Virtual size: 40KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 1024B - Virtual size: 964B