589689db4e014b8018c38b93604ab4bd

Sharing

Copy URL Twitter E-mail

General

Target

589689db4e014b8018c38b93604ab4bd
Size

1.6MB
MD5

589689db4e014b8018c38b93604ab4bd
SHA1

fbfa91a72e973e3fe6743bcf8ba9a73d2b21fd0f
SHA256

316647f47fa3ea50dbbc175413417ba49c347f172ef8757c57569ad1576ff5be
SHA512

0ed17910ebfe11b34f82b37d2d12e73e5799f72377c0a8e1f0224e517c689efe9510e41c774f2b6537046933adde39b0e15004d3ac513b7883b30dcf98d7fbcb
SSDEEP

24576:3KVsqY2dJV+yak0oZ0CYwxihg97qR+cnUGqZDPhH8g9cMlS8G7b2riWu9:3AKJ0xihg4+OqxB8gjlShoPE

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack003/代码转换.exe
unpack004/测试.exe

Files

589689db4e014b8018c38b93604ab4bd
.rar
月色怡人/admin.swf
月色怡人/book.swf
月色怡人/book/conn.asp
.vbs
月色怡人/book/del.asp
.vbs
月色怡人/book/send.asp
.vbs
月色怡人/book/show.asp
.vbs
月色怡人/book/str.asp
.vbs
月色怡人/dangan.swf
月色怡人/date/%^%$&fdsafa546fFDSDF#$%#$%#$.mdb
月色怡人/download/1.rar
.rar
flash右键生成脚本.swf
月色怡人/download/2.rar
.rar
代码转换.exe
.exe windows:4 windows x86 arch:x86

3276698e5ec07594486f6b9c9b084e8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
月色怡人/download/3.rar
.rar
测试.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

test
Size: - Virtual size: 988KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 625KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
月色怡人/index.asp
.html
月色怡人/index.swf
月色怡人/link.swf
月色怡人/photo.swf
月色怡人/piaofu.swf
月色怡人/player.swf
月色怡人/share.swf
月色怡人/xml/add.asp
.html
月色怡人/xml/conn.asp
.vbs
月色怡人/xml/dangan.asp
月色怡人/xml/del.asp
.vbs
月色怡人/xml/download.asp
.xml
月色怡人/xml/echo.asp
.vbs
月色怡人/xml/link.asp
.vbs
月色怡人/xml/mp3_list.asp
.vbs
月色怡人/xml/news.asp
.vbs
月色怡人/xml/show.asp
.vbs
月色怡人/xml/新建文本文档.txt
月色怡人/新云软件.url
.url
月色怡人/读我.txt

Sharing

General

Malware Config

Signatures

Files

3276698e5ec07594486f6b9c9b084e8c

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 10KB

Headers

File Characteristics

Sections

test Size: - Virtual size: 988KB

data Size: 625KB - Virtual size: 628KB

.rsrc Size: 6KB - Virtual size: 8KB

.text
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 10KB

test
Size: - Virtual size: 988KB

data
Size: 625KB - Virtual size: 628KB

.rsrc
Size: 6KB - Virtual size: 8KB