789d87e4e8d5c9e657018fabd64f51ee

Sharing

Copy URL Twitter E-mail

General

Target

789d87e4e8d5c9e657018fabd64f51ee
Size

113KB
MD5

789d87e4e8d5c9e657018fabd64f51ee
SHA1

fc96e4722e9b6786d1dc9ac00d5220ceacc8b209
SHA256

c86e91603c4847ed2ceaf37ad834cda6da0751554a733943c07a485da8b99039
SHA512

e67c7d704db9803be5dc461f7f8a21a07fde9ea0841c0d83523a5cf2a1d7d63b90d57ace323e302c4d592ed2c24b83a8b1d2c1626c4549d02be32694e8651a04
SSDEEP

3072:BmWASUFgEGN/F7EeDDSPZ/74pIKcd+jWvArU4M/4:VUuEGNNdDEmHcdwnrr9

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/20050318QQCrack/20050318QQCrack/QQPwd.exe
unpack002/20050318QQCrack/20050318QQCrack/QQPwdFinality.exe
unpack002/20050318QQCrack/20050318QQCrack/qqmd5.dll

Files

789d87e4e8d5c9e657018fabd64f51ee
.rar
20073803521931.rar
.zip
20050318QQCrack/20050318QQCrack/ASM/QQmd5.asm
20050318QQCrack/20050318QQCrack/ASM/QQmd5.def
20050318QQCrack/20050318QQCrack/ASM/globals.inc
20050318QQCrack/20050318QQCrack/ASM/make.bat
20050318QQCrack/20050318QQCrack/ASM/md5.asm
20050318QQCrack/20050318QQCrack/ASM/md5.inc
20050318QQCrack/20050318QQCrack/ASM/뷽.txt
20050318QQCrack/20050318QQCrack/EWH.db
20050318QQCrack/20050318QQCrack/QQ 2005¼㷨Դ.doc
.doc windows office2003
20050318QQCrack/20050318QQCrack/QQPwd.exe
.exe windows:4 windows x86 arch:x86

c10117bc1c73faf16d1855f0b4e64c81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

qqmd5

MD5Version
QQMD5

kernel32

RtlUnwind
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
SetStdHandle
GetProcAddress
WriteFile
MultiByteToWideChar
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
ReadFile
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLastError
FlushFileBuffers
SetFilePointer
LCMapStringA
LCMapStringW
CloseHandle

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
20050318QQCrack/20050318QQCrack/QQPwdFinality.exe
.exe windows:4 windows x86 arch:x86

2dea4e59e20c3e426f722c50760c21d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
__vbaFreeObjList
__vbaLineInputVar
__vbaGetFxStr4
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaStrFixstr
__vbaBoolVar
__vbaRefVarAry
_CIsin
ord631
ord632
__vbaChkstk
__vbaCyVar
__vbaFileClose
EVENT_SINK_AddRef
ord528
ord529
__vbaStrCmp
__vbaGet4
__vbaAryConstruct2
__vbaPutOwner3
__vbaVarTstEq
ord561
DllFunctionCall
__vbaVarOr
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaLateIdCallLd
__vbaR8Cy
__vbaRedim
__vbaStrR8
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord714
__vbaVarDiv
ord607
ord608
__vbaFPException
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
ord644
ord645
_CIlog
__vbaFileOpen
__vbaInStr
__vbaVar2Vec
ord648
__vbaNew2
ord570
__vbaCyMulI2
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
ord616
__vbaFpI4
ord617
__vbaRecDestructAnsi
_CIatan
__vbaCastObj
__vbaUI1Str
__vbaStrMove
ord619
__vbaR8IntI4
__vbaI4Cy
_allmul
__vbaLateIdSt
_CItan
__vbaUI1Var
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
20050318QQCrack/20050318QQCrack/VB/EWH.db
20050318QQCrack/20050318QQCrack/VB/MSSCCPRJ.SCC
20050318QQCrack/20050318QQCrack/VB/QQPwd.vbp
20050318QQCrack/20050318QQCrack/VB/QQPwd.vbw
20050318QQCrack/20050318QQCrack/VB/frmMD5Test.frm
.vbs
20050318QQCrack/20050318QQCrack/VB/frmQQPwd.frm
.vbs
20050318QQCrack/20050318QQCrack/VB/frmQQPwd.frx
20050318QQCrack/20050318QQCrack/VB/modAccessFinality.bas
.vbs
20050318QQCrack/20050318QQCrack/VB/modMD5.bas
.vbs
20050318QQCrack/20050318QQCrack/VB/modQQPwd.bas
.vbs
20050318QQCrack/20050318QQCrack/logo.gif
.gif
20050318QQCrack/20050318QQCrack/qqmd5.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

MD5
MD5Finalize
MD5Init
MD5Pad
MD5Translate
MD5Version
QQMD5

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 181B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 433B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 42B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

c10117bc1c73faf16d1855f0b4e64c81

Headers

File Characteristics

Imports

qqmd5

kernel32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 7KB

2dea4e59e20c3e426f722c50760c21d2

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 60KB - Virtual size: 57KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 181B

.data Size: 512B - Virtual size: 433B

.reloc Size: 512B - Virtual size: 42B

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 7KB

.text
Size: 60KB - Virtual size: 57KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 181B

.data
Size: 512B - Virtual size: 433B

.reloc
Size: 512B - Virtual size: 42B