1b2e9813cf5008d6fa5285284ca4e49e

Sharing

Copy URL Twitter E-mail

General

Target

1b2e9813cf5008d6fa5285284ca4e49e
Size

164KB
MD5

1b2e9813cf5008d6fa5285284ca4e49e
SHA1

79082f04f35ff1b5ba51467c6b5c6681dab054f1
SHA256

e27786a22802ec307d453fa1a9d1e4d393c819a4450f934618619471a7885aee
SHA512

92e6258cf73a1c1ba698869d2bdd2026239ce8f5fb0696364ebf94fca069a0884800618e6fb795ee0bc7f361bdd985b6bb56f9f8276a914b9470ac0afdf92302
SSDEEP

3072:ELBJguoth3zkawK0YED2gPe4NzHNdCN8qr8Ql1qiqXob+pkMMhLHPJXy:EN4T3zktK6Pe4NzHjCyq1qmbokMMhDP4

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/833146785/GUI/ProcSpy32.exe
unpack001/833146785/OCX/Release/PROCSPY.oca
unpack001/833146785/OCX/Release/ProcSpy.ocx
unpack001/833146785/REGSVR32.EXE

Files

1b2e9813cf5008d6fa5285284ca4e49e
.rar
833146785/GUI/MSSCCPRJ.SCC
833146785/GUI/ProcSpy32.bas
833146785/GUI/ProcSpy32.exe
.exe windows:4 windows x86 arch:x86

cb8ff76c778be68c151a2cb5fe11088e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
__vbaStrFixstr
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaFpI4
ord617
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
833146785/GUI/ProcSpy32.vbp
833146785/GUI/ProcSpy32.vbw
833146785/GUI/frmAbout.frm
833146785/GUI/frmAbout.frx
833146785/GUI/frmMain.frm
.vbs
833146785/GUI/frmMain.frx
833146785/GUI/frmMain.log
833146785/GUI/frmSplash.frm
833146785/GUI/frmSplash.frx
833146785/OCX/MyWnd.cpp
833146785/OCX/MyWnd.h
833146785/OCX/ProcSpy.aps
833146785/OCX/ProcSpy.clw
833146785/OCX/ProcSpy.cpp
833146785/OCX/ProcSpy.def
833146785/OCX/ProcSpy.dsp
833146785/OCX/ProcSpy.dsw
833146785/OCX/ProcSpy.h
833146785/OCX/ProcSpy.ncb
833146785/OCX/ProcSpy.odl
833146785/OCX/ProcSpy.opt
833146785/OCX/ProcSpy.plg
.html
833146785/OCX/ProcSpy.rc
833146785/OCX/ProcSpyCtl.bmp
833146785/OCX/ProcSpyCtl.cpp
833146785/OCX/ProcSpyCtl.h
833146785/OCX/ProcSpyPpg.cpp
833146785/OCX/ProcSpyPpg.h
833146785/OCX/Release/PROCSPY.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
833146785/OCX/Release/ProcSpy.exp
833146785/OCX/Release/ProcSpy.lib
833146785/OCX/Release/ProcSpy.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

84b1d7e88326504e3ad5737351255240

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2055
ord6376
ord3749
ord5065
ord2648
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3742
ord567
ord825
ord818
ord4275
ord2152
ord1233
ord2794
ord2795
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1168
ord6467
ord1227
ord823
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord3798
ord4837
ord4441
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord6055
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4979
ord2488
ord3404
ord4539
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord6004
ord6030
ord3946
ord423
ord3571
ord3626
ord2414
ord640
ord5785
ord1640
ord1641
ord1146
ord323
ord2541
ord4949
ord6262
ord1614
ord3663
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord4713
ord2514
ord6052
ord1775
ord6371
ord5286
ord4438
ord3279
ord4625
ord4425
ord449
ord746
ord2278
ord4407
ord1776
ord4078
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord2998
ord5649
ord2876
ord4909
ord269
ord826
ord1575
ord1182
ord1577
ord1243
ord1197
ord1131
ord1132
ord1116
ord1176
ord1570
ord1253
ord1578
ord342
ord600
ord1255

msvcrt

__dllonexit
_EH_prolog
_onexit
__CxxFrameHandler
_adjust_fdiv
malloc
free
_initterm
??1type_info@@UAE@XZ

kernel32

DeviceIoControl
CloseHandle
SleepEx
CreateFileA
CreateThread
GetVersionExA
LocalFree
LocalAlloc
TerminateThread

user32

LoadBitmapA
PostMessageA
EnableWindow

gdi32

BitBlt
CreateCompatibleDC

oleaut32

LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
833146785/OCX/Release/ProcSpy.res
833146785/OCX/Release/ProcSpy.tlb
833146785/OCX/Release/regsvr32.trg
833146785/OCX/StdAfx.cpp
833146785/OCX/StdAfx.h
833146785/OCX/apcx.h
833146785/OCX/bitmap1.bmp
833146785/OCX/resource.h
833146785/REGSVR32.EXE
.exe windows:5 windows x86 arch:x86

11f4b6f18db0c09bc187655542b61e3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__set_app_type
__p__fmode
__argv
_splitpath
_stricmp
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3
__argc
_ismbblead

advapi32

RegOpenKeyExA
RegQueryValueA
RegCloseKey

kernel32

GetModuleHandleA
lstrcatA
LocalAlloc
SetErrorMode
LoadLibraryExA
GetLastError
GetProcAddress
FreeLibrary
MultiByteToWideChar
lstrcpyW
lstrcpyA
lstrlenA
GetStartupInfoA

user32

LoadStringA
wsprintfA
MessageBoxA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
833146785/Register.bat
833146785/Unregister.bat
833146785/VxD/PROCSPY.NMS
833146785/VxD/PROCSPY.RES
833146785/VxD/PROCSPY.VRC
833146785/VxD/PROCSPY.VXD
833146785/VxD/PROCSPY.exp
833146785/VxD/PROCSPY.lib
833146785/VxD/apcx.h
833146785/VxD/build.bat
833146785/VxD/procspy.c
833146785/VxD/procspy.def
833146785/VxD/procspy.h
833146785/VxD/procspy.mak
833146785/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

cb8ff76c778be68c151a2cb5fe11088e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 8KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

84b1d7e88326504e3ad5737351255240

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

oleaut32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

11f4b6f18db0c09bc187655542b61e3e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 384B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 384B

.rsrc
Size: 3KB - Virtual size: 2KB