ab27b748113b9ded8d2ac9fed6cf9568

Sharing

Copy URL Twitter E-mail

General

Target

ab27b748113b9ded8d2ac9fed6cf9568
Size

2.3MB
MD5

ab27b748113b9ded8d2ac9fed6cf9568
SHA1

67a510bc4327b26ead3444c157f785c943c6f28d
SHA256

af8744eab6b276f10420c8a9f9c9720c28e1ddb9e6b2b78a93ea58f48d7ba3bb
SHA512

aa74bcc89a46d43d222dc6a102e0495e979f9592e0d3ba27cdbcc1764cefad420e526d0a4565646dfda991f337a01b6c92799379b418d66ad7272375496a915c
SSDEEP

49152:KrXcLRO8vtZ3k2xWcCVXRvcTFAl5MzgRLQ837Q4CdLmM5:KrUTtZ3k2xWT6FFg5QcE44ik

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SSubTmr6.dll
unpack001/fldrvw71.ocx
unpack001/shlobj71.ocx
unpack001/srck.exe
unpack001/srieh.exe
unpack001/vbalExpBar6.ocx
unpack001/vbalIml6.ocx

Files

ab27b748113b9ded8d2ac9fed6cf9568
.rar
!)卸载.bat
!)绿化.bat
SSubTmr6.dll
.dll regsvr32 windows:4 windows x86 arch:x86

eddcb3d633deafc33cd6cdf5d519f2e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
ord310
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fldrvw71.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

fa348d423e3784d355fd54087c8cd402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
LCMapStringA
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
Sleep
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
HeapReAlloc
HeapSize
TerminateProcess
ExitProcess
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
WritePrivateProfileStringA
FindResourceExA
GetFileTime
GetFileSize
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
CloseHandle
GetCurrentThread
CopyFileA
GetUserDefaultLCID
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleFileNameA
GlobalReAlloc
FormatMessageA
LocalFree
GetProfileIntA
lstrcpynA
lstrlenW
IsDBCSLeadByte
lstrcmpA
SetLastError
lstrlenA
InterlockedDecrement
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
InterlockedIncrement
FindResourceA
SizeofResource
LoadResource
LockResource
GetTickCount
FindAtomA
AddAtomA
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
lstrcpyA
WideCharToMultiByte
GlobalAlloc
GlobalSize
MulDiv
CreateDirectoryA
GetFileAttributesA
GetLastError
GlobalLock
GlobalUnlock
GlobalFree

user32

GetDialogBaseUnits
UnregisterClassA
GetMessageA
TranslateMessage
PostQuitMessage
IsClipboardFormatAvailable
LockWindowUpdate
EnumChildWindows
SetRectEmpty
CreateMenu
GetDesktopWindow
ValidateRect
DrawEdge
SetRect
IsRectEmpty
SetCapture
ReleaseCapture
InflateRect
PtInRect
GetClassNameA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
wvsprintfA
LoadStringA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
PostMessageA
UpdateWindow
GetSysColorBrush
MapWindowPoints
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
EqualRect
IsWindowVisible
GetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CharUpperA
GetTabbedTextExtentA
GetDCEx
SendDlgItemMessageA
GetNextDlgTabItem
EndDialog
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetDlgItem
IsWindowEnabled
InsertMenuItemA
SetMenuDefaultItem
GetMenuItemInfoA
SetMenuItemInfoA
InsertMenuA
GetSubMenu
RemoveMenu
LoadCursorA
SetCursor
GetMenuDefaultItem
GetMenuItemID
CopyRect
SetWindowPos
LoadImageA
GetDC
ReleaseDC
FillRect
CreateWindowExA
SetParent
GetActiveWindow
GetWindowLongA
SetWindowLongA
LoadIconA
CopyImage
GetSysColor
LoadBitmapA
DestroyIcon
SetTimer
KillTimer
GetClientRect
GetCursorPos
ScreenToClient
ClientToScreen
GetAsyncKeyState
CreatePopupMenu
GetMenuItemCount
AppendMenuA
TrackPopupMenu
GetMenuStringA
DestroyMenu
GetKeyState
RegisterClipboardFormatA
InvalidateRect
SendMessageA
EnableWindow
PeekMessageA

gdi32

CopyMetaFileA
CreateDCA
GetTextExtentPoint32A
GetTextMetricsA
GetTextAlign
EnumFontFamiliesExA
UnrealizeObject
Rectangle
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
LPtoDP
CombineRgn
SetRectRgn
Escape
ExtTextOutA
MoveToEx
TextOutA
RectVisible
PtVisible
CreatePatternBrush
CreatePen
CreateRectRgn
GetCurrentPositionEx
CreateBitmap
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetMapMode
SetROP2
SetBkMode
SelectPalette
RestoreDC
SaveDC
CreateRectRgnIndirect
PatBlt
SetBkColor
SetTextColor
GetClipBox
CreateFontIndirectA
GetStockObject
SelectObject
SetViewportOrgEx
CreateSolidBrush
DeleteDC
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
RealizePalette
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegCreateKeyA
RegSetValueExA
CryptAcquireContextA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptDestroyKey
CryptVerifySignatureA
CryptImportKey
RegOpenKeyExA
RegEnumKeyA
RegOpenKeyA
RegSetValueA
RegDeleteKeyA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

ExtractIconA
DragQueryFileA
ShellExecuteA
SHChangeNotify
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoA

comctl32

ImageList_Create
ImageList_GetIconSize
ImageList_Duplicate
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_AddMasked
ImageList_SetOverlayImage
ImageList_SetImageCount
InitializeFlatSB
ImageList_SetBkColor
ImageList_GetBkColor
ord17
ImageList_Destroy

ole32

ReadFmtUserTypeStg
OleDuplicateData
ReadClassStm
CreateOleAdviseHolder
CreateDataAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRevokeClassObject
CoRegisterClassObject
CreateDataCache
StringFromCLSID
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
OleSaveToStream
CoDisconnectObject
StringFromGUID2
ReleaseStgMedium
CoCreateInstance
OleGetClipboard
OleLoadFromStream
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
DoDragDrop
CreateStreamOnHGlobal

olepro32

ord252
ord251
ord253
ord250
ord254

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysStringLen
RegisterTypeLi
LoadTypeLi
SafeArrayGetLBound
SysAllocStringLen
SysAllocString
VariantChangeType
VariantClear
VariantCopy
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
SysFreeString
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
help.chm
.chm
shlobj71.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

2a3635438005b443f8b86eb59ec56b48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

GradientFill

kernel32

HeapSize
HeapReAlloc
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
TerminateProcess
ExitProcess
GetProcAddress
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
GetProfileIntA
GetFileTime
GetFileSize
GetFileAttributesA
WritePrivateProfileStringA
CopyFileA
GlobalSize
GetOEMCP
GetCPInfo
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GlobalFlags
GetProcessVersion
GetLastError
FindResourceExA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
CloseHandle
GetUserDefaultLCID
IsDBCSLeadByte
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
MulDiv
SetLastError
GlobalAlloc
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalLock
GlobalUnlock
InterlockedDecrement
GetModuleFileNameA
lstrcpyA
lstrlenA
lstrlenW
WideCharToMultiByte
GlobalFree
lstrcmpiA
InterlockedIncrement
Sleep
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetCurrentThreadId
FindResourceA
SizeofResource
LoadResource
LockResource
GetTickCount
FindAtomA
AddAtomA
lstrcpynA
MultiByteToWideChar
FreeLibrary
GetModuleHandleA
LoadLibraryA
GetEnvironmentStrings

user32

GetDCEx
RegisterClipboardFormatA
CreateMenu
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ValidateRect
DrawEdge
wvsprintfA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
SetFocus
AdjustWindowRectEx
EqualRect
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
IsIconic
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
GetTabbedTextExtentA
IsWindowEnabled
wsprintfA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetTopWindow
LockWindowUpdate
IsWindowVisible
GetDlgCtrlID
MessageBoxA
GetParent
GetFocus
IsChild
GrayStringA
TabbedTextOutA
ClientToScreen
ScreenToClient
GetClientRect
LoadIconA
TrackPopupMenu
PostMessageA
FindWindowA
EnumChildWindows
GetClassNameA
RedrawWindow
SetActiveWindow
SetForegroundWindow
GetWindowPlacement
DrawAnimatedRects
DefWindowProcA
CreatePopupMenu
InsertMenuItemA
SetMenuDefaultItem
GetMenuItemInfoA
SetMenuItemInfoA
GetMenuStringA
InsertMenuA
AppendMenuA
GetSubMenu
RemoveMenu
DestroyMenu
GetMenuItemCount
UpdateWindow
GetMonitorInfoA
GetForegroundWindow
PtInRect
GetWindow
KillTimer
MonitorFromWindow
SetWindowPos
GetCapture
SetCapture
GetCursorPos
SetRect
OffsetRect
ReleaseCapture
CallWindowProcA
CopyRect
SetTimer
CharUpperA
GetSysColorBrush
GetDialogBaseUnits
UnregisterClassA
GetMessageA
TranslateMessage
PostQuitMessage
GetDlgItem
LoadStringA
IsWindow
SetParent
MoveWindow
GetWindowRect
ShowWindow
RegisterWindowMessageA
MonitorFromPoint
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowLongA
DestroyWindow
CreateWindowExA
SetWindowLongA
FrameRect
DrawIconEx
DestroyIcon
SendMessageA
LoadCursorA
SetCursor
LoadBitmapA
GetKeyState
SystemParametersInfoA
GetSystemMetrics
SetRectEmpty
InflateRect
IsRectEmpty
LoadImageA
CopyImage
CreateIconIndirect
FillRect
DrawTextA
IntersectRect
GetDesktopWindow
InvalidateRect
EnableWindow
GetSysColor
ModifyMenuA

gdi32

CreateSolidBrush
SetRectRgn
CreateRectRgnIndirect
DPtoLP
GetTextExtentPoint32A
GetTextMetricsA
EnumFontFamiliesExA
CopyMetaFileA
CreateDCA
GetTextAlign
UnrealizeObject
Rectangle
SetROP2
RestoreDC
SaveDC
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
SetMapMode
GetCurrentPositionEx
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
LPtoDP
GetDeviceCaps
GetClipBox
Escape
TextOutA
RectVisible
PtVisible
PatBlt
CreateFontIndirectA
GetStockObject
CreateBitmap
CreateCompatibleBitmap
SetStretchBltMode
DeleteDC
CreatePen
SelectObject
CreatePatternBrush
MoveToEx
LineTo
CreateHatchBrush
SetBkColor
ExtTextOutA
CreateRectRgn
CombineRgn
DeleteObject
BitBlt
StretchBlt
SetBkMode
SetTextColor
GetObjectA
CreateCompatibleDC
SetViewportOrgEx

comdlg32

GetFileTitleA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CryptImportKey
RegQueryValueExA
RegCreateKeyExA
RegQueryValueA
RegDeleteKeyA
RegSetValueA
RegOpenKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey
CryptVerifySignatureA
CryptDestroyKey
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextA
RegSetValueExA
RegCreateKeyA

shell32

ExtractIconA
Shell_NotifyIconA
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHAppBarMessage
ShellExecuteA

comctl32

_TrackMouseEvent
ord17

ole32

OleDuplicateData
ReadFmtUserTypeStg
StringFromCLSID
CoDisconnectObject
CreateOleAdviseHolder
CoTaskMemFree
ReleaseStgMedium
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleSaveToStream
ReadClassStm
CoTaskMemAlloc
CreateDataCache
CoRevokeClassObject
CoRegisterClassObject
PropVariantClear
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleLoadFromStream
CreateDataAdviseHolder

olepro32

ord254
ord251
ord252
ord250
ord253

oleaut32

VariantInit
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
SysAllocString
VariantChangeType
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysFreeString
VariantClear
VariantCopy
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srck.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 894KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 98KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
srieh.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 706KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vbalExpBar6.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

8ac94e19973622da9cfb236dbba85547

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord588
MethCallEngine
EVENT_SINK_Invoke
ord518
Zombie_GetTypeInfo
ord591
EVENT_SINK2_Release
ord592
ord593
ord300
ord594
ord301
ord303
ord305
ord306
ord307
ord309
ord632
EVENT_SINK_AddRef
ord528
ord561
DllFunctionCall
ord563
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord313
ord607
ord717
ord319
ProcCallEngine
ord535
ord644
ord645
EVENT_SINK2_AddRef
ord681
ord685
ord101
ord102
ord103
ord104
ord105
ord320
ord321
ord616
ord617

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vbalIml6.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

4762f9bedcf7dcd7ab0927a4256f5a09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

MethCallEngine
ord516
ord519
ord558
ord592
ord595
ord631
EVENT_SINK_AddRef
ord527
ord529
ord561
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord607
ProcCallEngine
ord644
ord537
ord570
ord648
ord681
ord685
ord101
ord102
ord103
ord104
ord105
ord616
ord618
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

eddcb3d633deafc33cd6cdf5d519f2e0

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 1KB

fa348d423e3784d355fd54087c8cd402

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 232KB - Virtual size: 231KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 24KB - Virtual size: 36KB

.rsrc Size: 60KB - Virtual size: 56KB

.reloc Size: 36KB - Virtual size: 32KB

2a3635438005b443f8b86eb59ec56b48

Headers

File Characteristics

Imports

msimg32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 245KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 84KB - Virtual size: 81KB

.reloc Size: 36KB - Virtual size: 33KB

Headers

File Characteristics

Sections

Size: 894KB - Virtual size: 4.4MB

Size: - Virtual size: 59KB

.rsrc Size: 28KB - Virtual size: 28KB

.data Size: 98KB - Virtual size: 100KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

Size: 706KB - Virtual size: 2.9MB

Size: - Virtual size: 45KB

.rsrc Size: 28KB - Virtual size: 28KB

.data Size: 97KB - Virtual size: 100KB

.adata Size: - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 232KB - Virtual size: 231KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 24KB - Virtual size: 36KB

.rsrc
Size: 60KB - Virtual size: 56KB

.reloc
Size: 36KB - Virtual size: 32KB

.text
Size: 248KB - Virtual size: 245KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 84KB - Virtual size: 81KB

.reloc
Size: 36KB - Virtual size: 33KB

.rsrc
Size: 28KB - Virtual size: 28KB

.data
Size: 98KB - Virtual size: 100KB

.adata
Size: - Virtual size: 4KB

.rsrc
Size: 28KB - Virtual size: 28KB

.data
Size: 97KB - Virtual size: 100KB

.adata
Size: - Virtual size: 4KB

.text
Size: 148KB - Virtual size: 145KB

.data
Size: - Virtual size: 7KB

.rsrc
Size: 32KB - Virtual size: 30KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 68KB - Virtual size: 64KB

.data
Size: - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 4KB