ad7afb325638dcb90672549220a3c3c9

Sharing

Copy URL Twitter E-mail

General

Target

ad7afb325638dcb90672549220a3c3c9
Size

448KB
MD5

ad7afb325638dcb90672549220a3c3c9
SHA1

6466184517d966161221a99d1c958ae6a687e3ec
SHA256

114810bffb6cf4e057d0573e17f68fe0594a80f09aae46e59dab860a527c0232
SHA512

a4cbb2c526bfd5c98fc8035806a4c026e162de3fefccb92e703dc978ece73b9edcf321fa506bcd1bb4846d3cd1001f6a3bfb263a65786236fa3672737de2a6bf
SSDEEP

12288:cBzQX+O9wwsiz3GqQa2XURT9mu+mUQ376JQmhie1SfRx:IzQO8sCMa2kR4nmUQLGbg68

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/阿甘表达式计算器 V2.1/CSExpressionCalculator.dll
unpack001/阿甘表达式计算器 V2.1/SkinH_EL.dll

Files

ad7afb325638dcb90672549220a3c3c9
.rar
阿甘表达式计算器 V2.1/CSExpressionCalculator.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f5fbc2a4851131ee57551c79962975e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
ord582
ord583
__vbaStrI2
ord584
_CIcos
_adj_fptan
__vbaVarMove
ord585
ord586
__vbaFreeVar
ord587
ord588
__vbaStrVarMove
__vbaLenBstr
ord589
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
__vbaR8Sgn
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaStrCat
__vbaVarCmpNe
ord552
ord660
ord553
ord661
ord662
__vbaHresultCheckObj
ord663
ord664
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarCmpGe
__vbaVarXor
__vbaVarPow
ord593
__vbaExitProc
__vbaVarForInit
__vbaOnError
ord595
__vbaObjSet
ord596
_adj_fdiv_m16i
ord702
_adj_fdivr_m16i
ord703
ord704
ord520
ord705
__vbaBoolVar
ord706
ord522
ord707
__vbaFPFix
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord709
ord524
ord632
__vbaVarCmpGt
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaVarTstEq
__vbaDateR8
ord561
__vbaI2I4
__vbaVarLikeVar
__vbaVarOr
ord671
ord672
ord673
__vbaRedimPreserve
_adj_fpatan
ord674
ord675
ord676
__vbaRedim
ord677
ord678
EVENT_SINK_Release
ord679
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord712
ord713
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
ord714
ord607
__vbaVarDiv
ord608
__vbaVarCmpLe
__vbaFPException
__vbaInStrVar
__vbaStrCompVar
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
ord535
__vbaI2Var
ord538
_CIlog
__vbaErrorOverflow
ord539
__vbaInStr
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord680
ord573
ord682
__vbaFreeStrList
ord575
__vbaVarCmpLt
__vbaVarNot
ord683
_adj_fdivr_m32
__vbaR8Var
ord684
__vbaPowerR8
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord610
ord105
__vbaAryLock
__vbaVarAdd
ord612
__vbaVarDup
ord613
__vbaFpI2
ord614
__vbaVarMod
__vbaFpI4
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
__vbaI2ErrVar
ord540
__vbaStrVarCopy
ord619
ord541
ord542
ord543
_allmul
ord544
ord545
_CItan
ord546
__vbaAryUnlock
ord547
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
阿甘表达式计算器 V2.1/SkinH_EL.dll
.dll windows:4 windows x86 arch:x86

5b234a1aba7588c195b2279c948d550c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetConsoleCtrlHandler
VirtualAlloc
HeapReAlloc
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
SetUnhandledExceptionFilter
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
InterlockedIncrement
LoadLibraryA
GetProcAddress
OutputDebugStringA
InterlockedDecrement
WriteFile
GetStdHandle
DebugBreak
HeapValidate
IsBadReadPtr
IsBadWritePtr
FatalAppExitA
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineA
RtlUnwind
IsBadCodePtr
UnhandledExceptionFilter
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetFilePointer
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
MulDiv
VirtualProtect
FlushInstructionCache
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
GetModuleFileNameA
GetVersion
GetCurrentThreadId
GetModuleHandleA
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetLastError
VirtualQuery

user32

UnhookWindowsHookEx
SetWindowsHookExA
EnumChildWindows
LoadCursorA
SetCursor
EnumThreadWindows
TrackPopupMenu
GetMenuItemID
IsIconic
IsZoomed
GetWindowRgn
IsMenu
GetSubMenu
GetMenuBarInfo
GetMenu
SetWindowRgn
GetSystemMenu
MessageBoxA
GetClassNameA
CallNextHookEx
ScreenToClient
SetCapture
EqualRect
ReleaseCapture
SetWindowPos
KillTimer
SetTimer
MenuItemFromPoint
GetMenuItemRect
GetMenuItemCount
GetMenuItemInfoA
GetMenuStringA
GetMenuState
SetMenuItemInfoA
SetRect
GetActiveWindow
LockWindowUpdate
IsWindowVisible
GetSystemMetrics
ShowScrollBar
FillRect
GetSysColorBrush
EnableScrollBar
GetScrollBarInfo
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
GetWindowDC
GetDCEx
GetDC
MoveWindow
FindWindowExA
GetCursorPos
PtInRect
SetRectEmpty
ClientToScreen
ReleaseDC
GetSysColor
InflateRect
GetParent
GetClassLongA
GetWindowRect
GetComboBoxInfo
OffsetRect
IsRectEmpty
InvalidateRect
GetClientRect
GetWindowTextA
SendMessageA
IsWindowEnabled
GetFocus
GetIconInfo
DrawIconEx
DrawTextA
TrackMouseEvent
BeginPaint
EndPaint
RemovePropA
GetPropA
CallWindowProcA
DefWindowProcA
GetWindowLongA
SetWindowLongA
SetPropA

gdi32

SetPixel
SetBkColor
TextOutA
GetTextExtentPointA
SetMapMode
CreatePen
CreateSolidBrush
GetStockObject
RoundRect
BeginPath
Rectangle
EndPath
SelectClipPath
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
StretchBlt
GetObjectA
DeleteObject
BitBlt
DeleteDC
SetTextColor
CreateDIBitmap
CreateFontA
CreatePatternBrush
SelectClipRgn
CombineRgn
CreateRectRgn
EqualRgn
OffsetRgn
ExtCreateRegion
CreateDIBSection
GetPixel
PatBlt
SelectObject
Polygon

comctl32

ImageList_Draw
ImageList_GetImageInfo

msimg32

TransparentBlt

Exports

Exports

SkinH_Attach
SkinH_Attach_Ex

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
阿甘表达式计算器 V2.1/skin/compact.she
阿甘表达式计算器 V2.1/skin/darkroyale.she
阿甘表达式计算器 V2.1/skin/dogmax.she
阿甘表达式计算器 V2.1/skin/longhorn.she
阿甘表达式计算器 V2.1/skin/qq2008.she
阿甘表达式计算器 V2.1/skin/skinh.she
阿甘表达式计算器 V2.1/skin/storm.she
阿甘表达式计算器 V2.1/公式/计算电流.txt
阿甘表达式计算器 V2.1/新云软件.url
.url
阿甘表达式计算器 V2.1/配置.ini

Sharing

General

Malware Config

Signatures

Files

f5fbc2a4851131ee57551c79962975e2

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 161KB

.data Size: 4KB - Virtual size: 860B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 11KB

5b234a1aba7588c195b2279c948d550c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

msimg32

Exports

Exports

Sections

.text Size: 608KB - Virtual size: 607KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 24KB - Virtual size: 35KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 164KB - Virtual size: 161KB

.data
Size: 4KB - Virtual size: 860B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 608KB - Virtual size: 607KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 24KB - Virtual size: 35KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB