1c2751d2b00a5adf923b964d651c5435

Sharing

Copy URL

Twitter E-mail

General

Target

1c2751d2b00a5adf923b964d651c5435
Size

168KB
MD5

1c2751d2b00a5adf923b964d651c5435
SHA1

980500bfaec25ace2820add54dcc2282eb548b8b
SHA256

b877762d7aa9c641dd1f1bfeb916f782e37ba800462956bec0df964bfcb8bc35
SHA512

20a30dd6d41a53db5f845fe08f13b15c821ac3c2fa3f5b8690fc789c78a55f2990df8d028bba52da88a6e5f5d125d6f8277ccfcb96b466ae33a75c021868d7bf
SSDEEP

3072:TnL1htGKAESan8ik045BtUkRJMgud68AmLG7yhu2gCOSOBuAmjvu051/2p+hB98:TL1zGLEVn8BXJPS68AAGCVgCBOBVmj/Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ空间克隆大师/EXButton.ocx
unpack001/QQ空间克隆大师/QQ空间克隆大师.exe

Files

1c2751d2b00a5adf923b964d651c5435
.rar
QQ空间克隆大师/EXButton.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

564c5ccb05d4c5c8dc5aec793ab4e653

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaFreeVar
__vbaAptOffset
__vbaStrVarMove
ord588
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaVarCmpNe
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaExitProc
__vbaObjSet
__vbaOnError
__vbaCyAdd
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord599
__vbaBoolVar
ord520
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
__vbaCyVar
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaCyI2
__vbaVarTstEq
__vbaCyI4
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaR8Cy
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
ord717
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaCyMulI2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
__vbaFpCy
ord105
__vbaAryLock
__vbaStrToAnsi
__vbaFpI2
__vbaFpI4
_CIatan
__vbaStrMove
__vbaCastObj
__vbaAryCopy
__vbaI4Cy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 332KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQ空间克隆大师/QQ空间克隆大师.exe
.exe windows:4 windows x86 arch:x86

91f67b64d89a22cfa10d0ab0ff915240

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQ空间克隆大师/ico.ico
QQ空间克隆大师/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

564c5ccb05d4c5c8dc5aec793ab4e653

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 332KB - Virtual size: 329KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 20KB - Virtual size: 18KB

91f67b64d89a22cfa10d0ab0ff915240

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 136KB - Virtual size: 134KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 332KB - Virtual size: 329KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 136KB - Virtual size: 134KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 4KB