1c8d600b84e047b0537ed59d113f5927

Sharing

Copy URL Twitter E-mail

General

Target

1c8d600b84e047b0537ed59d113f5927
Size

982KB
MD5

1c8d600b84e047b0537ed59d113f5927
SHA1

32c33d4b4981a1bab6c47acd8a8df5ca24278a8b
SHA256

58c48638c2083ccd87efdb42313da37de60aacef925ed5b3d224d067e0ee1601
SHA512

2583fd2c7c9f854958c35beeea25e496f2d8fb5153e229520a920e2814bfd0b6166c54e8168382b144a5029633788d737908cf3d4e2a04c962f3f3821e21dc25
SSDEEP

24576:hIqcpTLiwzjf73INAlK59da4fPCBJjz0MaXiO:hIz5tf7Yg4fPeNz0M9O

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack003/APIGID32.DLL
unpack009/ImageToPDF/Converter.dll
unpack009/ImageToPDF/ImageToPDF.dll

Files

1c8d600b84e047b0537ed59d113f5927
.rar
1262523828/vc++1/Cool Saver.zip
.zip
CoolSaver.vbp
Form1.frm
.vbs
Form1.frx
Form2.frm
Form2.frx
Module1.bas
1262523828/vc++1/FileInfo11.zip
.zip
APIGID32.DLL
.dll windows:4 windows x86 arch:x86

e560bb937d7e8b95aaacdb757529e2ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
lstrcatA
HeapDestroy
InitializeCriticalSection
GetCurrentProcess
GetModuleFileNameA
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
CloseHandle
GetLastError
MultiByteToWideChar
lstrlenA
DisableThreadLibraryCalls
HeapFree
GetCommandLineA
GetCPInfo
GetLocaleInfoA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetModuleHandleA
SetFilePointer
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
LoadLibraryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FreeEnvironmentStringsA
HeapAlloc
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
GetStartupInfoA
GetACP
GetOEMCP
SetLastError
TlsFree
TlsAlloc
GetVersion
VirtualFree
HeapCreate
TlsGetValue
TlsSetValue
VirtualAlloc
GetProcAddress
ExitProcess

user32

GetWindowLongA
GetFocus
MessageBoxA
wsprintfA

oleaut32

VariantClear
SysFreeString
SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen

Exports

Exports

Add5ToDouble
Add5ToInteger
Add5ToLong
Add5ToSingle
AddPennyToCurrency
AddUserString
ChangeValues
ChangesObject
ChangesString
ChangesVBString
DumpValues
ReceivesBytes
ReceivesCurrency
ReceivesDouble
ReceivesIntArray
ReceivesInteger
ReceivesLong
ReceivesObject
ReceivesObject2
ReceivesSingle
ReceivesString
ReceivesUserType
ReceivesVBArray
ReceivesVBString
ReceivesVariant
ReceivesVariantByVal
ReturnUserType
ReturnsVBString
ShowAddress
Test
UsesDate
agAddFileTimes
agConvertDoubleToFileTime
agConvertFileTimeToDouble
agCopyData
agDWORDto2Integers
agGetAddressForObject
agGetAddressForVBString
agGetInstance
agGetStringFrom2NullBuffer
agGetStringFromLPSTR
agGetWndInstance
agInp
agInpd
agInpw
agIsValidName
agMakeROP4
agNegateFileTime
agOutp
agOutpd
agOutpw
agPOINTStoLong
agSubtractFileTimes
agSwapBytes
agSwapWords

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
About.frm
.vbs
About.frx
File Information.vbp
File Information.vbw
FileInfo.ico
Main.frm
.vbs
Main.frx
OSInfo.cls
.vbs
ReadMe.txt
User.dat
1262523828/vc++1/Guess.zip
.zip
Guess.frm
Guess.vbp
1262523828/vc++1/Image Viewer.zip
.zip
Form1.frm
.js
Form2.frm
Form3.frm
.vbs
Project1.vbp
1262523828/vc++1/Source Extensive Search11082002.zip
.zip
Source Extensive Search/ExtensiveSearch.vbp
Source Extensive Search/ExtensiveSearch.vbw
Source Extensive Search/FrmDataView.frm
.vbs
Source Extensive Search/FrmExtensiveSearch.frm
.vbs
Source Extensive Search/FrmExtensiveSearch.frx
Source Extensive Search/FrmHelp.frm
Source Extensive Search/FrmHelp.frx
Source Extensive Search/FrmSetDatabase.frm
.vbs
Source Extensive Search/FrmStatus.frm
.vbs
Source Extensive Search/FrmStatus.frx
Source Extensive Search/GenMod.bas
Source Extensive Search/MSSCCPRJ.SCC
Source Extensive Search/Read It First befor Start.txt
Source Extensive Search/keywords.mdb
1262523828/vc++1/byVal byRef.zip
.zip
byVal byRef/Form1.frm
byVal byRef/Module1.bas
byVal byRef/Project1.vbp
byVal byRef/Project1.vbw
1262523828/vc++1/calc11102002.zip
.zip
Calc.frm
.vbs
Calc.frx
calc.vbp
calc.vbw
1262523828/vc++1/imagetopdf.zip
.zip
ImageToPDF/Converter.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

BMPToJPG
DLLEntryPoint

Sections

CODE
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 97B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ImageToPDF/ImageToPDF.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b6bd354f593010eb456bb800e18dc9cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaPutOwner3
__vbaAryConstruct2
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
__vbaFileSeek
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord101
ord102
ord103
ord104
ord105
__vbaVarDup
__vbaStrToAnsi
ord613
ord616
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ImageToPDF/readme.txt
1262523828/vc++1/netsend2.zip
.zip
1262523828/vc++1/sample6.zip
.zip
1262523828/vc++1/vc++1.txt
1262523828/vc++2/CClockST_demo.zip
.zip
1262523828/vc++2/CClockST_src.zip
.zip
1262523828/vc++2/CIVStringSet_Demo.zip
.zip
1262523828/vc++2/CIVStringSet_Source.zip
.zip
1262523828/vc++2/CatListBox_demo.zip
.zip
1262523828/vc++2/CatListBox_src.zip
.zip
1262523828/vc++2/Mail_Report.zip
.zip
1262523828/vc++2/SrcFirstProg.zip
.zip
1262523828/vc++2/enum_display_modes_demo.zip
.zip
1262523828/vc++2/enum_display_modes_src.zip
.zip
1262523828/vc++2/iconbutton_demo.zip
.zip
1262523828/vc++2/iconbutton_src.zip
.zip
1262523828/vc++2/jpeglib_demo.zip
.zip
1262523828/vc++2/jpeglib_src.zip
.zip
1262523828/vc++2/tabcontrol_demo.zip
.zip
1262523828/vc++2/tabcontrol_src.zip
.zip
1262523828/vc++2/vc++2.txt
1262523828/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

e560bb937d7e8b95aaacdb757529e2ba

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 15KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 387KB - Virtual size: 386KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 97B

.reloc Size: 23KB - Virtual size: 22KB

.rsrc Size: 22KB - Virtual size: 22KB

b6bd354f593010eb456bb800e18dc9cb

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 15KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 4KB

CODE
Size: 387KB - Virtual size: 386KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 97B

.reloc
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 22KB - Virtual size: 22KB

.text
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB