37956c83d8923767693e8cc91bff8f1b

Sharing

Copy URL Twitter E-mail

General

Target

37956c83d8923767693e8cc91bff8f1b
Size

4.6MB
MD5

37956c83d8923767693e8cc91bff8f1b
SHA1

9310ab6f1d0154c25bf7a92ec700ac8a8a447ed0
SHA256

3107700ed00889f7976138f453172e0fc0e2e4c42e9ffa3505302bfbc7eb8e23
SHA512

6bdd6c3fc39d35e11f593300bff59d43226fe73ea535be4f393d8b4726cc3facf195d905004937ce036e22044391876e9aee68a7e724610e75a95e32fb87c453
SSDEEP

98304:V3nHhx9liAUGU67l6aSxZVOCPM+InINNjXw5Kh4QCr:9nHhxX7xIZVnPM+qejXFSQ6

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/WordLearn2009/help/help20.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WordLearn2009/Interop.SpeechLib.dll
unpack001/WordLearn2009/WordLearn2009.exe
unpack001/WordLearn2009/resources/DF.exe

Files

37956c83d8923767693e8cc91bff8f1b
.rar
WordLearn2009/Interop.SpeechLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WordLearn2009/WordLearn2009.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 380KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WordLearn2009/config/NHK.7z
.gz
NHK.txt
WordLearn2009/config/setting.ini
WordLearn2009/data/chinese_learn.txt.original
WordLearn2009/data/english_graduate_test.txt.original
WordLearn2009/data/jp_extra_words.txt.original
WordLearn2009/data/jp_jlpt_extra.txt.original
WordLearn2009/data/jp_jplt_1.txt.original
WordLearn2009/data/jp_jplt_2_1.txt.original
WordLearn2009/data/jp_jplt_2_2.txt.original
WordLearn2009/data/jp_jplt_3.txt.original
WordLearn2009/data/jp_jplt_4.txt.original
WordLearn2009/data/jp_jplt_new_3.txt.original
WordLearn2009/data/jp_jplt_new_4.txt.original
WordLearn2009/data/mywords.txt
WordLearn2009/help/help20.pdf
.pdf
- http://www.jiajibu.com/test/wordlearn/index.htm
- http://zh.wikipedia.org/w/index.php?title=%E8%BA%AB%E9%AB%98%E9%AB%94%E9%87%8D%E6%8C%87%E6%95%B8&variant=zh-tw
- http://www.jiajibu.com/test/wordlearn/index.htmen-US
- http://zh.wikipedia.org/w/index.php?title=%E8%BA%AB%E9%AB%98%E9%AB%94%E9%87%8D%E6%8C%87%E6%95%B8&variant=zh-twen-US
WordLearn2009/help/words_temp.xls
.xls windows office2003
WordLearn2009/images/bg0.jpg
.jpg
WordLearn2009/images/bg1.jpg
.jpg
WordLearn2009/images/bg10.jpg
.jpg
WordLearn2009/images/bg2.jpg
.jpg
WordLearn2009/images/bg3.jpg
.jpg
WordLearn2009/images/bg4.jpg
.jpg
WordLearn2009/images/bg5.jpg
.jpg
WordLearn2009/images/bg6.jpg
.jpg
WordLearn2009/images/bg7.jpg
.jpg
WordLearn2009/images/bg8.gif
.gif
WordLearn2009/images/bg9.bmp
WordLearn2009/language/chinese.txt
WordLearn2009/resources/DF.exe
.exe windows:4 windows x86 arch:x86

e16f5ff12771801871c24c6c7f7c88e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
HeapDestroy
HeapCreate
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetStdHandle
IsBadCodePtr
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetHandleCount
GetProfileStringA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
HeapSize
HeapReAlloc
GetFileType
SetStdHandle
GetACP
GetTimeZoneInformation
HeapFree
HeapAlloc
RaiseException
GetCommandLineA
GetStartupInfoA
TerminateProcess
ExitProcess
RtlUnwind
FindResourceExA
SetErrorMode
SizeofResource
GetOEMCP
GetCPInfo
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalFlags
GetProcessVersion
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
DuplicateHandle
GetLastError
SetLastError
GetModuleFileNameA
LocalFree
GetCurrentThread
lstrcmpA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
IsDBCSLeadByte
GetVersion
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
VirtualAlloc
ReadFile
VirtualFree
CreateFileA
CloseHandle
GetFileAttributesA
lstrcatA
MulDiv
FindFirstFileA
FindNextFileA
FindClose
Sleep
CreateProcessA
GetCurrentDirectoryA
lstrcpynA
lstrlenA
lstrcpyA
lstrcmpiA
IsBadReadPtr

user32

DestroyMenu
SetMenu
ReuseDDElParam
UnpackDDElParam
CreateDialogIndirectParamA
EndDialog
PostQuitMessage
ShowOwnedPopups
TranslateMessage
GetMessageA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
DestroyIcon
CharUpperA
wvsprintfA
MapDialogRect
IsZoomed
SetRect
FillRect
WindowFromPoint
SetParent
IsRectEmpty
AppendMenuA
GetSystemMenu
GetSysColorBrush
GetClassNameA
FindWindowA
GetTabbedTextExtentA
GetDCEx
LockWindowUpdate
InvertRect
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
SetActiveWindow
SetFocus
DeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetTopWindow
WinHelpA
GetClassInfoA
RegisterClassA
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
DestroyWindow
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
LoadAcceleratorsA
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetScrollPos
SetScrollPos
GetKeyState
SetCursor
LoadCursorA
DestroyCursor
BeginDeferWindowPos
EndDeferWindowPos
EqualRect
IsIconic
IsWindowVisible
SetCursorPos
PtInRect
OffsetRect
GetDlgCtrlID
IsChild
GetActiveWindow
GetMenuItemID
AdjustWindowRectEx
RedrawWindow
SetWindowPos
GetWindowLongA
SetWindowLongA
IsWindow
DefMDIChildProcA
DrawMenuBar
TranslateAcceleratorA
TranslateMDISysAccel
DefFrameProcA
CreateWindowExA
BringWindowToTop
GetMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDesktopWindow
InflateRect
DrawTextA
PostMessageA
CharNextA
MessageBeep
ClientToScreen
KillTimer
ReleaseCapture
SetCapture
SetTimer
GetWindowRect
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
GetClientRect
EnableWindow
UpdateWindow
InvalidateRect
SetForegroundWindow
GetMenuItemCount
GetCapture
GetSysColor
CopyRect
GetFocus
DrawFocusRect
LoadMenuA
GetSubMenu
GetCursorPos
ScreenToClient
GetAsyncKeyState
ValidateRect
LoadStringA
GetParent
DrawIcon
GetDialogBaseUnits
GetDC
SetRectEmpty
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetWindow
IsWindowEnabled
ReleaseDC
LoadIconA
SendMessageA
MessageBoxA
GetMenuStringA
DeleteMenu
wsprintfA
InsertMenuA
SetWindowsHookExA

gdi32

ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
DeleteObject
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePen
CreateSolidBrush
SetViewportExtEx
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetRectRgn
CombineRgn
CreateRectRgnIndirect
CreateFontIndirectA
DPtoLP
Rectangle
GetViewportOrgEx
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
CreateDCA
StretchDIBits
GetCharWidthA
LPtoDP
EnumFontFamiliesExA
GetBkColor
GetNearestColor
GetTextColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextFaceA
GetWindowOrgEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
GetStockObject
RestoreDC
SaveDC
StartDocA
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
GetClipBox
SelectObject
PatBlt
SetTextColor
CreateCompatibleDC
CreateFontA
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
GetTextMetricsA
CreateDIBitmap
GetTextExtentPointA
GetTextExtentPoint32A

comdlg32

PrintDlgA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
GetFileTitleA
ChooseFontA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

SetFileSecurityA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
GetFileSecurityA
IsTextUnicode
RegSetValueA

shell32

DragAcceptFiles
DragQueryFileA
DragFinish
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHGetFileInfoA
ExtractIconA

comctl32

ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy

Sections

.text
Size: 376KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WordLearn2009/resources/alarm_clock.wav
WordLearn2009/resources/changeDF.reg
WordLearn2009/sound/china_jp.wav
WordLearn2009/sound/sound.ini
WordLearn2009/如程序无法运行请点击下载.NET.url
WordLearn2009/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 160KB - Virtual size: 157KB

.rsrc Size: 4KB - Virtual size: 872B

.reloc Size: 4KB - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 380KB - Virtual size: 376KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 12B

e16f5ff12771801871c24c6c7f7c88e7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 376KB - Virtual size: 372KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 20KB - Virtual size: 40KB

.rsrc Size: 56KB - Virtual size: 52KB

.text
Size: 160KB - Virtual size: 157KB

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 380KB - Virtual size: 376KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 376KB - Virtual size: 372KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 20KB - Virtual size: 40KB

.rsrc
Size: 56KB - Virtual size: 52KB