CreatTempFileName
CreatTempPath
Execute
InttoByteSize
IsFileNameWrong
URLink
WinExecAndWait32
General
-
Target
1ff329b1159ab758eb605d74f9426eec
-
Size
1.9MB
-
MD5
1ff329b1159ab758eb605d74f9426eec
-
SHA1
486e85c8a0188aa969d230368e8b70094a84eecb
-
SHA256
ceeb2816402380c8ab0bb97359f35ca5da646f93943dd8b6f0f461b1f6f7e8ef
-
SHA512
bd1318980607064cc309c2fea3d7257b2da449bf871c43b588ff688f434a55ce646de901ed5b4343791900d9eedc019ea56d6d2e907117455fee9d33fd7ad104
-
SSDEEP
49152:WcRjl/AB4SxFAFxZgFabRK4RfrhRgdJHpx4d3akVhVUfOPTMzxUMAIh:tRxYxwFrgYFK45zgdJHhkVTUfbxUMF
Score
3/10
Malware Config
Signatures
-
Unsigned PE 12 IoCs
Checks for missing Authenticode signature.
Files
-
1ff329b1159ab758eb605d74f9426eec
-
Codetxt.exe
Headers
Sections
-
Lib/-BIG5.dtt
-
Lib/-JIS.dtt
-
Lib/-gb2312.dtt
-
Lib/BIG5.dtt
-
Lib/JIS.dtt
-
Lib/gb2312.dtt
-
MemText.exe
Headers
Sections
-
ReplaceTable/CustomReg.txt
-
ReplaceTable/auto.ico
-
ReplaceTable/chao.ico
-
ReplaceTable/chuan.ico
-
ReplaceTable/dian.ico
-
ReplaceTable/english.ico
-
ReplaceTable/ning.ico
-
ReplaceTable/txr文件使用说明.htm
-
ReplaceTable/yue.ico
-
ReplaceTable/国语变南京白话.txr
-
ReplaceTable/国语变四川白话.txr
-
ReplaceTable/国语变广东白话.txr
-
ReplaceTable/国语变昆明白话.txr
-
ReplaceTable/国语变潮汕白话.txr
-
ReplaceTable/字词替换制作表.xls
-
ReplaceTable/自定义.txr
-
ReplaceTable/英文变中文.txr
-
WebText.exe
Headers
Sections
-
cube.exe
Headers
Sections
-
dll/Common.dll
Headers
Exports
Sections
-
dll/RegCom.dll
Headers
Exports
Sections
-
dll/advp.dll
Headers
Exports
Sections
-
dll/新云软件.url
-
help/RegExample.txt
-
help/bk.gif
-
help/cedit.chm
-
help/codetxt.chm
-
help/help.ico
-
help/memtext.chm
-
plus/Counter.dll
Headers
Exports
Sections
-
plus/changetext.dll
Headers
Exports
Sections
-
plus/changetextbak.dll
Headers
Exports
Sections
-
plus/upsidedown.dll
Headers
Exports
Sections
-
plus/插件制作说明.txt
-
readme.txt
-
support/CodeEditReadme.mht
-
http://otot.w2.icgaya.com/
-
http://hi.baidu.com/drawtxt/blog/item/b22f3cfd3fc9b41508244dc3.html
-
-
attachment-2
-
email-html-1.txt
-
support/Codetxt.ini
-
support/CodetxtReadme.mht
-
http://otot.w2.icgaya.com/
-
http://hi.baidu.com/drawtxt/blog/item/b22f3cfd3fc9b41508244dc3.html
-
-
attachment-2
-
email-html-1.txt
-
support/Drg1.bmp
-
support/Drg10.bmp
-
support/Drg11.bmp
-
support/Drg12.bmp
-
support/Drg13.bmp
-
support/Drg2.bmp
-
support/Drg3.bmp
-
support/Drg4.bmp
-
support/Drg5.bmp
-
support/Drg6.bmp
-
support/Drg7.bmp
-
support/Drg8.bmp
-
support/Drg9.bmp
-
support/MemText.ini
-
support/Thumbs.db
-
support/beeb.wav
-
support/cube.exe
Headers
Sections
-
support/help.txt
-
support/memTextreadme.mht
-
http://otot.w2.icgaya.com/
-
http://hi.baidu.com/drawtxt/blog/item/e09486335f958cfc1b4cffaf.html
-
-
attachment-2
-
email-html-1.txt
-
support/pop1.bmp
-
support/pop10.bmp
-
support/pop11.bmp
-
support/pop12.bmp
-
support/pop13.bmp
-
support/pop2.bmp
-
support/pop3.bmp
-
support/pop4.bmp
-
support/pop5.bmp
-
support/pop6.bmp
-
support/pop7.bmp
-
support/pop8.bmp
-
support/pop9.bmp
-
support/user.in_
-
support/user.ini
-
temp/090927/现代化酒店宾馆公共广播系统设计方案.txt
-
temp/091014/0001.半天收集的东西全部丢失.txt
-
temp/tmp.txt
-
temp/使用前先看此说明2.txt
-
temp/使用采文文本采集器前先看此说明2.txt
-
user/BIG5转GB(简体).dtt
-
user/BIG5转GBK(繁体).dtt
-
user/GBK转BIG5.dtt
-
user/变火星文字.dtt
-
user/清除干扰文.dtt
-
user/火星文还原.dtt
-
user/简体转繁体.dtt
-
user/繁体转简体.dtt
-
收藏夹/《舞舞舞》/w01.txt
-
收藏夹/《舞舞舞》/w02.txt
-
收藏夹/《舞舞舞》/w03.txt
-
收藏夹/《舞舞舞》/w04.txt
-
收藏夹/《舞舞舞》/w05.txt
-
收藏夹/杂文/0001.柳叶船(徐小明).txt
-
收藏夹/编程/0006.VC与Delphi之间动态链接库互相调用2008-01-.txt
-
文本范例/日文例1_JIS编码.txt
-
文本范例/日文例2_JIS编码.txt
-
文本范例/日文例4_unicode编码.txt
-
文本范例/日文例5_UTF8编码.txt
-
文本范例/日文全_JIS编码.txt
-
文本范例/简中例1_UTF8编码.txt
-
文本范例/简中例2_ASCII_GBK.txt
-
文本范例/繁中例1_Big5编码.txt
-
文本范例/繁中例2_Big5编码.txt
-
文本范例/繁中例3_GBK编码.txt
-
文本范例/繁中例4_UTF8编码.txt
-
文本范例/繁中例5_unicode编码.txt
-
文本范例/英文例1_ANSI.txt
-
文本范例/韩文例1_韩文编码.txt
-
文本范例/韩文例2_UTF8编码.txt
-
文本范例/韩文例3_韩文编码.txt