5660b99829829c68eaa9660db101fc9c

Sharing

Copy URL Twitter E-mail

General

Target

5660b99829829c68eaa9660db101fc9c
Size

29KB
MD5

5660b99829829c68eaa9660db101fc9c
SHA1

04849ead6cb9d481397109ee9b3377639d496fde
SHA256

e9b4a55f10a35cf429470f4ac84ceab89a5cc4e0e91bac44cfb080c97ef8e3f1
SHA512

83ab308d3de28e6123aad9170be92ebc6f39d1c23f1d0b0e609c1c9248c9a62419694f6305c3044b68d1b00c87d12096e4f646987eb456aa71e57be0b31239b4
SSDEEP

768:p30khdlZckcR8a+BAVubDwcCFJoSSm93dslwVBahFvhPS5K:d1uvRN+i0vF+o8bBWFvhaw

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3561712709/LanTalkServer/师生对话[主机].exe
unpack001/3561712709/LanTalkStudent/师生对话[学生].exe

Files

5660b99829829c68eaa9660db101fc9c
.rar
3561712709/LanTalkServer/Lanchat.ico
3561712709/LanTalkServer/MSSCCPRJ.SCC
3561712709/LanTalkServer/师生对~1.log
3561712709/LanTalkServer/师生对话[主机].exe
.exe windows:4 windows x86 arch:x86

54ea0c920631ab5b042a391a98c5553f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarCmpEq
ord610
ord612
ord617
_CIatan
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3561712709/LanTalkServer/师生对话[主机].frm
.vbs
3561712709/LanTalkServer/师生对话[主机].frx
3561712709/LanTalkServer/师生对话[主机].vbp
3561712709/LanTalkServer/师生对话[主机].vbw
3561712709/LanTalkStudent/LanChat.frm
.vbs
3561712709/LanTalkStudent/LanChat.frx
3561712709/LanTalkStudent/MSSCCPRJ.SCC
3561712709/LanTalkStudent/师生对话[学生].DEP
3561712709/LanTalkStudent/师生对话[学生].exe
.exe windows:4 windows x86 arch:x86

5caa5ae4996f4d2ec3160b8768e8b818

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarTstLe
__vbaExitProc
__vbaVarForInit
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
__vbaVarDup
ord612
ord617
_CIatan
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3561712709/LanTalkStudent/师生对话[学生].vbp
3561712709/LanTalkStudent/师生对话[学生].vbw
3561712709/下载说明.htm
.html .js polyglot
3561712709/说明.txt

Sharing

General

Malware Config

Signatures

Files

54ea0c920631ab5b042a391a98c5553f

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 44KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

5caa5ae4996f4d2ec3160b8768e8b818

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB