9acea3823d40cd95ad26bc5b877df28e89128c2cadff7967a07574323c085f16

Sharing

Copy URL Twitter E-mail

General

Target

9acea3823d40cd95ad26bc5b877df28e89128c2cadff7967a07574323c085f16
Size

1.3MB
MD5

83e955e80de3c8f9d1dc09e05c1d29f3
SHA1

b1fc16fc9286f1c49e331b43df2fef1c3c06f1d9
SHA256

9acea3823d40cd95ad26bc5b877df28e89128c2cadff7967a07574323c085f16
SHA512

72ebdfa1f71b5641948d5afd17482dbdd81d1b7528051c3c2484c87c3fe93db0f641d503ae85892d86c8759be0241fff266c1c5b736b589be80dd498ce3765ae
SSDEEP

24576:8OXDNjQJ/erUH2CqkKkSpOHTnB+j7LrnTG1lZXQ6l2rLj:8OzNjkero2ClqpwU7L+1bXpwv

Score

1^/10

Malware Config

Signatures

Files

9acea3823d40cd95ad26bc5b877df28e89128c2cadff7967a07574323c085f16
.zip
__MACOSX/._互亿无线-语音通知接口文档
__MACOSX/互亿无线-语音通知接口文档/._.DS_Store
__MACOSX/互亿无线-语音通知接口文档/._DEMO
__MACOSX/互亿无线-语音通知接口文档/._互亿无线-语音通知-使用指南.docx
__MACOSX/互亿无线-语音通知接口文档/._互亿无线-语音通知接口文档v2.5.docx
__MACOSX/互亿无线-语音通知接口文档/DEMO/._.DS_Store
__MACOSX/互亿无线-语音通知接口文档/DEMO/._ASP
__MACOSX/互亿无线-语音通知接口文档/DEMO/._ASP.NET(C#)
__MACOSX/互亿无线-语音通知接口文档/DEMO/._C
__MACOSX/互亿无线-语音通知接口文档/DEMO/._C++
__MACOSX/互亿无线-语音通知接口文档/DEMO/._GO
__MACOSX/互亿无线-语音通知接口文档/DEMO/._JSP
__MACOSX/互亿无线-语音通知接口文档/DEMO/._PHP
__MACOSX/互亿无线-语音通知接口文档/DEMO/._VB6
__MACOSX/互亿无线-语音通知接口文档/DEMO/._java
__MACOSX/互亿无线-语音通知接口文档/DEMO/._python
__MACOSX/互亿无线-语音通知接口文档/DEMO/._shell
__MACOSX/互亿无线-语音通知接口文档/DEMO/ASP.NET(C#)/._Post.aspx
__MACOSX/互亿无线-语音通知接口文档/DEMO/ASP.NET(C#)/._Post.aspx.cs
__MACOSX/互亿无线-语音通知接口文档/DEMO/ASP.NET(C#)/._Web.Config
__MACOSX/互亿无线-语音通知接口文档/DEMO/ASP/._voice.asp
__MACOSX/互亿无线-语音通知接口文档/DEMO/C++/._voice.cpp
__MACOSX/互亿无线-语音通知接口文档/DEMO/C/._voice.c
__MACOSX/互亿无线-语音通知接口文档/DEMO/GO/._voice.go
__MACOSX/互亿无线-语音通知接口文档/DEMO/JSP/._voice.jsp
__MACOSX/互亿无线-语音通知接口文档/DEMO/PHP/._voice.php
__MACOSX/互亿无线-语音通知接口文档/DEMO/VB6/._Form1.frm
__MACOSX/互亿无线-语音通知接口文档/DEMO/VB6/._Form1.log
__MACOSX/互亿无线-语音通知接口文档/DEMO/VB6/._Mswinsck.OCX
__MACOSX/互亿无线-语音通知接口文档/DEMO/VB6/._uft8.bas
__MACOSX/互亿无线-语音通知接口文档/DEMO/VB6/._工程1.vbp
__MACOSX/互亿无线-语音通知接口文档/DEMO/VB6/._工程1.vbw
__MACOSX/互亿无线-语音通知接口文档/DEMO/VB6/._注册ocx.bat
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/._http_post
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/._.classpath
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/._.project
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/._.settings
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/._bin
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/._lib
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/._src
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/.settings/._org.eclipse.jdt.core.prefs
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/bin/._sendvoice.class
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/bin/._util
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/bin/util/._StringUtil.class
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/lib/._commons-codec-1.3.jar
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/lib/._commons-httpclient-3.0-rc4.jar
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/lib/._commons-logging-1.0.4.jar
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/lib/._dom4j-1.6.1.jar
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/src/._sendvoice.java
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/src/._util
__MACOSX/互亿无线-语音通知接口文档/DEMO/java/http_post/src/util/._StringUtil.java
__MACOSX/互亿无线-语音通知接口文档/DEMO/python/._test.v3.requests.vm.py
__MACOSX/互亿无线-语音通知接口文档/DEMO/python/._voice.py
__MACOSX/互亿无线-语音通知接口文档/DEMO/shell/._voice.sh
互亿无线-语音通知接口文档/.DS_Store
互亿无线-语音通知接口文档/DEMO/.DS_Store
互亿无线-语音通知接口文档/DEMO/ASP.NET(C#)/Post.aspx
互亿无线-语音通知接口文档/DEMO/ASP.NET(C#)/Post.aspx.cs
互亿无线-语音通知接口文档/DEMO/ASP.NET(C#)/Web.Config
.xml
互亿无线-语音通知接口文档/DEMO/ASP/voice.asp
.asp .vbs polyglot
互亿无线-语音通知接口文档/DEMO/C++/voice.cpp
互亿无线-语音通知接口文档/DEMO/C/voice.c
互亿无线-语音通知接口文档/DEMO/GO/voice.go
互亿无线-语音通知接口文档/DEMO/JSP/voice.jsp
.asp .js polyglot
互亿无线-语音通知接口文档/DEMO/PHP/voice.php
互亿无线-语音通知接口文档/DEMO/VB6/Form1.frm
.vbs
互亿无线-语音通知接口文档/DEMO/VB6/Form1.log
互亿无线-语音通知接口文档/DEMO/VB6/Mswinsck.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

5270274b4ff20c6f050b9c66331e50cb

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetProcAddress
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetLocaleInfoA
LoadLibraryA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetFileAttributesA
GetWindowsDirectoryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
互亿无线-语音通知接口文档/DEMO/VB6/uft8.bas
.vbs
互亿无线-语音通知接口文档/DEMO/VB6/工程1.vbp
互亿无线-语音通知接口文档/DEMO/VB6/工程1.vbw
互亿无线-语音通知接口文档/DEMO/VB6/注册ocx.bat
互亿无线-语音通知接口文档/DEMO/java/http_post/.classpath
.xml
互亿无线-语音通知接口文档/DEMO/java/http_post/.project
.xml
互亿无线-语音通知接口文档/DEMO/java/http_post/.settings/org.eclipse.jdt.core.prefs
互亿无线-语音通知接口文档/DEMO/java/http_post/bin/sendvoice.class
互亿无线-语音通知接口文档/DEMO/java/http_post/bin/util/StringUtil.class
互亿无线-语音通知接口文档/DEMO/java/http_post/lib/commons-codec-1.3.jar
.jar
互亿无线-语音通知接口文档/DEMO/java/http_post/lib/commons-httpclient-3.0-rc4.jar
.jar
互亿无线-语音通知接口文档/DEMO/java/http_post/lib/commons-logging-1.0.4.jar
.jar
互亿无线-语音通知接口文档/DEMO/java/http_post/lib/dom4j-1.6.1.jar
.jar
互亿无线-语音通知接口文档/DEMO/java/http_post/src/sendvoice.java
.java .js
互亿无线-语音通知接口文档/DEMO/java/http_post/src/util/StringUtil.java
.java .js
互亿无线-语音通知接口文档/DEMO/python/test.v3.requests.vm.py
互亿无线-语音通知接口文档/DEMO/python/voice.py
互亿无线-语音通知接口文档/DEMO/shell/voice.sh
互亿无线-语音通知接口文档/互亿无线-语音通知-使用指南.docx
.docx office2007
互亿无线-语音通知接口文档/互亿无线-语音通知接口文档v2.5.docx
.docx office2007

Sharing

General

Malware Config

Signatures

Files

5270274b4ff20c6f050b9c66331e50cb

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

wsock32

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 66KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 5KB - Virtual size: 4KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 66KB - Virtual size: 66KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 5KB - Virtual size: 4KB