c58c8d355b1478707e856a2740c35668

Sharing

Copy URL Twitter E-mail

General

Target

c58c8d355b1478707e856a2740c35668
Size

861KB
MD5

c58c8d355b1478707e856a2740c35668
SHA1

76929a5db899decefd214c122a6ed230b0700d7f
SHA256

bd3995bc540f7922f12b892d303860402d624f543d1aeecb8ba9a6e4c5d184af
SHA512

2f2f66791372fd0655bb4f65bf16cad968d9e0e3d8bd75dbf1bb6ec07ba4c2429facad5c5f56702a0b998eb749e77472bb3ba32da2b28e88feb493e035f58ec4
SSDEEP

12288:8lnItsdX2ed+tJ8uRgn1dgWhbfaWaFcT+DeA3oPXUjVHtFcWosJ+YouvK6f+ZndB:QesRuWlhbfanYkh7cWosJNozzZtRT

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4142420/OCX/Command.ocx
unpack001/4142420/OCX/CommandSCE.ocx
unpack001/4142420/OCX/DBGRID32.OCX
unpack001/4142420/OCX/MageanButtonV1_2_0.oca
unpack001/4142420/OCX/MageanButtonV1_2_0.ocx
unpack001/4142420/OCX/MageanXPFormV103.ocx
unpack001/4142420/OCX/MsSuperMenuXP.ocx
unpack001/4142420/进销存系统V1.0.exe

Files

c58c8d355b1478707e856a2740c35668
.rar
4142420/DATA.MDB
4142420/ICO/070.ICO
4142420/ICO/1.ICO
4142420/ICO/241.ICO
4142420/ICO/3.ICO
4142420/ICO/306.ICO
4142420/ICO/43.ICO
4142420/ICO/CLOSE.ICO
4142420/ICO/Computer.ico
4142420/ICO/Delete.ico
4142420/ICO/DisconnectSmall.ico
4142420/ICO/EARTH.ICO
4142420/ICO/Exit.ico
4142420/ICO/Left.ico
4142420/ICO/Patient.ico
4142420/ICO/Print.ico
4142420/ICO/Right.ico
4142420/ICO/Save.ico
4142420/ICO/TITLE.ICO
4142420/JPG/ERP.JPG
.jpg
4142420/OCX/COMCTL32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

c8cebbf034d8c6304701e5ec3fae70a4

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_SetOverlayImage
ImageList_DrawEx
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
ImageList_AddMasked
ord16
ord17
ImageList_Draw
ImageList_Create
ImageList_Destroy
ImageList_Remove

kernel32

lstrcmpA
GetProcAddress
GlobalSize
CloseHandle
GetFileSize
ReadFile
lstrcmpiA
IsDBCSLeadByte
lstrcmpiW
LockResource
FindResourceA
LoadResource
GetWindowsDirectoryA
GetLastError
GetLocaleInfoA
OpenFile
MultiByteToWideChar
lstrcatA
DisableThreadLibraryCalls
GetVersion
GetProcessHeap
GetDateFormatA
GetLocalTime
GetTimeFormatA
GetModuleFileNameA
GetCurrentThreadId
LoadLibraryA
GlobalUnlock
GlobalAlloc
GlobalLock
CompareStringA
GlobalFree
GetVersionExA
lstrlenA
lstrcpyA
IsBadReadPtr
HeapReAlloc
lstrcpynA
IsBadWritePtr
InterlockedDecrement
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
InterlockedIncrement
HeapAlloc
lstrlenW
LeaveCriticalSection
EnterCriticalSection

user32

IsWindowVisible
EndPaint
BeginPaint
MoveWindow
CharUpperA
IntersectRect
MessageBeep
SetCursor
EndDialog
RedrawWindow
GetMessagePos
CreateAcceleratorTableA
VkKeyScanA
PeekMessageA
PeekMessageW
SetWindowRgn
RegisterWindowMessageA
RegisterClipboardFormatA
SetCursorPos
OffsetRect
EqualRect
IsChild
GetWindowTextA
SetCapture
GetCursorPos
ScreenToClient
PostMessageA
DrawEdge
GetSysColor
wsprintfA
FillRect
InflateRect
DrawTextA
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetParent
GetAsyncKeyState
SetWindowLongA
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetActiveWindow
CreateDialogIndirectParamA
IsDialogMessageA
GetNextDlgTabItem
GetWindow
CharNextA
SetParent
InvalidateRect
UpdateWindow
UnregisterClassA
MessageBoxA
SetWindowsHookExA
SetTimer
KillTimer
CheckRadioButton
CallNextHookEx
SetActiveWindow
DestroyIcon
SetFocus
DrawIcon
UnionRect
DialogBoxParamA
PtInRect
LoadCursorA
GetWindowDC
SetRect
IsRectEmpty
GetDC
ReleaseDC
GetClipboardFormatNameA
ClientToScreen
PostMessageW
FrameRect
GetClientRect
CallWindowProcA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
LoadIconA
GetSystemMetrics
CopyImage
MapDialogRect
GetWindowLongA
SetWindowPos
GetFocus
EnableWindow
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
SetDlgItemInt
GetDlgItemInt
IsDlgButtonChecked
SendDlgItemMessageA
CheckDlgButton
LoadStringA
DefWindowProcA
SendMessageA
ShowWindow
WinHelpA
UnhookWindowsHookEx

ole32

CreateStreamOnHGlobal
RevokeDragDrop
CreateOleAdviseHolder
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
DoDragDrop
ReleaseStgMedium
OleLoadFromStream
OleSaveToStream

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA
RegCloseKey

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SafeArrayRedim
SafeArrayGetUBound
SafeArrayCreate
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
VariantCopy
GetErrorInfo
OleCreateFontIndirect
CreateErrorInfo
SetErrorInfo
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
LoadRegTypeLi
RegisterTypeLi
OleLoadPicture
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
OleCreatePictureIndirect
VariantCopyInd
OleTranslateColor
VariantChangeType
SysFreeString
SysStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

GetNearestColor
CreatePalette
LPtoDP
GetWindowExtEx
GetBitmapBits
TextOutA
CreateDIBitmap
RealizePalette
GetViewportExtEx
SelectPalette
GetPaletteEntries
GetDIBits
CopyEnhMetaFileA
CreateICA
CopyMetaFileA
StretchBlt
Rectangle
GetObjectA
SetBkColor
CreateDCA
CreateRectRgn
SetViewportOrgEx
SetWindowOrgEx
DeleteObject
SetWindowExtEx
SetMapMode
SetViewportExtEx
CreateSolidBrush
GetDeviceCaps
SelectObject
ExcludeClipRect
GetClipRgn
SelectClipRgn
GetClipBox
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
PatBlt
CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateBitmap
GetStockObject
GetTextExtentPoint32A

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4142420/OCX/Command.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

9c37d3a9448c3699ad996f7b540eb577

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVerifyVarObj
__vbaFpI2
__vbaFpI4
ord616
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
ord618
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4142420/OCX/CommandSCE.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

2629c6552814802a02a44565f882745a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVerifyVarObj
__vbaFpI2
ord616
__vbaFpI4
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
ord618
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4142420/OCX/DBGRID32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

6a64e5b2d788fc5ccfe5529f5f992734

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadWritePtr
GetLastError
SetFilePointer
lstrlenA
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
CloseHandle
EnterCriticalSection
GetModuleFileNameA
LoadLibraryA
GetLocaleInfoA
GetEnvironmentStringsW
SetUnhandledExceptionFilter
WriteFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetCPInfo
GetOEMCP
GetACP
GetFileType
GetStartupInfoA
GetStdHandle
HeapCreate
SetHandleCount
HeapDestroy
HeapSize
GetStringTypeW
GetStringTypeA
TerminateProcess
HeapReAlloc
GetCurrentProcess
GetModuleHandleA
ExitProcess
GetVersion
HeapAlloc
GetProcAddress
GetCommandLineA
GlobalAlloc
HeapFree
RtlUnwind
GlobalFree
GlobalLock
GlobalUnlock
FreeLibrary
MulDiv
DeleteCriticalSection
WideCharToMultiByte
GetPrivateProfileIntA
InitializeCriticalSection
LockResource
FindResourceA
LoadResource
GetWindowsDirectoryA
FreeResource
lstrcmpA
LCMapStringA
CompareStringA
LCMapStringW
SetStdHandle
lstrcpyA
GetFileAttributesA
ReadFile
SetEndOfFile
CreateFileA
GetLocaleInfoW
CompareStringW
LeaveCriticalSection
IsDBCSLeadByte
GetTickCount
SizeofResource
GetUserDefaultLCID
OutputDebugStringA

ole32

CreateDataAdviseHolder
CoCreateInstance
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleCreateDefaultHandler
StgCreateDocfileOnILockBytes
CoGetMalloc
StgCreateDocfile
CoTaskMemAlloc
StringFromIID
CreateOleAdviseHolder

oleaut32

VariantClear
VariantInit
SysStringByteLen
GetErrorInfo
OleCreatePropertyFrame
SysAllocStringByteLen
SafeArrayAccessData
SafeArrayUnaccessData
DispGetIDsOfNames
SafeArrayCreate
SysAllocString
VariantChangeType
SysStringLen
VariantCopyInd
SysFreeString
VariantCopy
OleTranslateColor
SafeArrayPutElement
SafeArrayGetLBound
LoadRegTypeLi
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetDim
OleCreateFontIndirect
OleCreatePictureIndirect
SafeArrayDestroy

gdi32

CloseMetaFile
SetWindowOrgEx
SetMapMode
SetWindowExtEx
StretchBlt
SetViewportOrgEx
CreateMetaFileA
SetViewportExtEx
CreateCompatibleBitmap
GetStockObject
SaveDC
LPtoDP
RestoreDC
GetTextMetricsA
CreateFontIndirectA
GetTextExtentPointA
MoveToEx
IntersectClipRect
LineTo
GetViewportOrgEx
CreatePen
SetBkMode
CreateHatchBrush
SetROP2
Rectangle
PatBlt
GetROP2
GetDeviceCaps
CreateCompatibleDC
CreateDCA
SelectObject
DeleteDC
BitBlt
SetBkColor
CreateSolidBrush
GetObjectA
DeleteObject
GetBkMode
SetTextColor
GetTextFaceA
GetNearestColor
GetTextColor
GetBkColor
SetBrushOrgEx
CreateBitmapIndirect
GetTextExtentPoint32A
ExtTextOutA
UnrealizeObject

user32

ClientToScreen
AppendMenuA
CreatePopupMenu
SetWindowTextA
EnableWindow
InvalidateRect
SendDlgItemMessageA
RegisterClipboardFormatA
FrameRect
GetKeyState
GetFocus
SetFocus
CreateWindowExA
GetClassLongA
SetWindowLongA
GetSystemMetrics
SendMessageA
CallWindowProcA
PostMessageA
MessageBeep
MessageBoxA
PeekMessageA
DispatchMessageA
GetDC
ReleaseDC
SetDlgItemTextA
LoadBitmapA
GetDlgItem
GetWindowRect
ScreenToClient
EndDialog
DefWindowProcA
DialogBoxParamA
LoadStringA
wsprintfA
CharNextA
TrackPopupMenu
DestroyCursor
RegisterClassA
SetCursor
IsDlgButtonChecked
RegisterWindowMessageA
DestroyMenu
LoadCursorA
EnableMenuItem
wvsprintfA
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
DestroyWindow
ShowWindow
MoveWindow
IsWindow
CopyRect
IntersectRect
SetScrollPos
SetWindowPos
GetWindowLongA
InflateRect
GetParent
GetClassInfoA
GetClassNameA
GetDialogBaseUnits
CreateDialogIndirectParamA
IsDialogMessageA
GetWindow
CheckDlgButton
GetWindowTextLengthA
ClipCursor
GetClipCursor
GetCursorPos
UnregisterClassA
GetSysColor
GetScrollRange
GetClientRect
PtInRect
GetScrollPos
ScrollWindowEx
SetScrollRange
FillRect
IsWindowVisible
EndPaint
BeginPaint
SetCapture
GetDesktopWindow
ShowCaret
DrawFocusRect
HideCaret
DrawTextA
IsRectEmpty
ShowScrollBar
GetUpdateRect
SubtractRect
SetCursorPos
ReleaseCapture

advapi32

RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyA
RegSetValueA
RegCloseKey

Exports

Exports

??0BufferComparator@@QAE@ABV0@@Z
??0BufferComparator@@QAE@XZ
??4BufferComparator@@QAEAAV0@ABV0@@Z
??_7BufferComparator@@6B@
?compareBuffers@BufferComparator@@UAEHPBXH0H@Z
DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
__preptrap@4
_ex_atraise@4
_ex_clear@0
_ex_code@0
_ex_disable@0
_ex_enable@4
_ex_message@0
_ex_mraise@8
_ex_msystem@4
_ex_name@4
_ex_prop@0
_ex_raise@4
_ex_system@0
_ex_trapf@12
_msgi_lookup@12

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4142420/OCX/MageanButtonV1_2_0.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4142420/OCX/MageanButtonV1_2_0.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

cee1da8163d9436cc65e0e265ba86868

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
ord588
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
ord516
_adj_fprem1
__vbaVarCmpNe
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
__vbaBoolVar
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaFpI2
ord614
__vbaFpI4
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4142420/OCX/MageanXPFormV103.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

a86819ccedd2167e0a74bbe95ea7004c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaFreeVar
__vbaAptOffset
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
__vbaBoolVar
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 340KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4142420/OCX/MsSuperMenuXP.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

085ba5d352876f391b60e56dc5b3f937

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord519
ord660
ord556
ord665
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord595
ord598
ord520
ord631
ord632
ord526
EVENT_SINK_AddRef
ord527
ord529
ord562
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord607
ord608
ord717
ord319
ProcCallEngine
ord535
ord537
ord644
ord645
ord570
ord648
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord578
ord685
ord101
ord102
ord103
ord104
ord105
ord320
ord321
ord616
ord617
ord619
ord652
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4142420/OCX/PICCLP32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

ad0e1ca092759137521ddb1f91aa1604

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CompareStringA
LoadResource
lstrcmpA
CompareStringW
FindResourceA
lstrcmpiA
LockResource
GetLastError
InterlockedIncrement
HeapReAlloc
InterlockedDecrement
LoadLibraryA
GetProcAddress
GetLocaleInfoA
MultiByteToWideChar
GetWindowsDirectoryA
lstrcpyA
lstrlenA
GetModuleFileNameA
lstrcatA
GetVersion
lstrcpynA
GetFileAttributesA
GlobalAlloc
HeapAlloc
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
GlobalUnlock
GlobalLock
DisableThreadLibraryCalls
GlobalFree

user32

SetWindowLongA
CharNextA
UnregisterClassA
EndPaint
EqualRect
CreateWindowExA
IsWindowVisible
ClientToScreen
BeginPaint
GetWindowRect
GetWindow
MoveWindow
SetFocus
GetWindowLongA
InvalidateRect
CreateDialogIndirectParamA
GetKeyState
IsChild
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
SetParent
ShowWindow
OffsetRect
GetParent
SetWindowPos
GetClientRect
DestroyWindow
GetSystemMetrics
wsprintfA
RegisterClipboardFormatA
GetDlgItemInt
SetDlgItemInt
GetDesktopWindow
GetDC
ReleaseDC
GetActiveWindow
SendMessageA
EndDialog
DialogBoxParamA
DefWindowProcA
LoadCursorA
RegisterClassA
LoadStringA
WinHelpA
IsDialogMessageA
IntersectRect
SetWindowRgn
PtInRect

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SetErrorInfo
LoadRegTypeLi
OleCreatePropertyFrame
SysAllocStringLen
LoadTypeLibEx
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
VariantInit
VariantChangeType
VariantClear
OleTranslateColor
OleCreatePictureIndirect
SysStringLen
SysFreeString
OleLoadPicture
CreateErrorInfo
SysAllocString

gdi32

SetMapMode
GetWindowExtEx
GetViewportExtEx
LPtoDP
SetViewportExtEx
CreateRectRgnIndirect
CreateICA
CreateDCA
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateSolidBrush
SelectObject
Rectangle
RealizePalette
SelectPalette
CreatePen
DeleteDC
StretchBlt
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetPaletteEntries
GetObjectA
GetDeviceCaps
CreatePalette

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4142420/下载说明.htm
.html .js polyglot
4142420/进销存系统V1.0.exe
.exe windows:4 windows x86 arch:x86

93da6aa6b82eee4cec6ed25ff6ae67c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
ord560
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
ord612
__vbaVarDup
__vbaVarCopy
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8cebbf034d8c6304701e5ec3fae70a4

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

version

comctl32

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 331KB - Virtual size: 330KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 224KB - Virtual size: 224KB

.reloc Size: 24KB - Virtual size: 23KB

9c37d3a9448c3699ad996f7b540eb577

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 7KB

2629c6552814802a02a44565f882745a

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 104KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

6a64e5b2d788fc5ccfe5529f5f992734

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

gdi32

user32

advapi32

Exports

Exports

Sections

.text Size: 356KB - Virtual size: 355KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 11KB - Virtual size: 22KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 21KB - Virtual size: 20KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 331KB - Virtual size: 330KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 224KB - Virtual size: 224KB

.reloc
Size: 24KB - Virtual size: 23KB

.text
Size: 116KB - Virtual size: 113KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 108KB - Virtual size: 104KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 11KB - Virtual size: 22KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 21KB - Virtual size: 20KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 29KB - Virtual size: 32KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 184KB - Virtual size: 183KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 340KB - Virtual size: 338KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 268KB - Virtual size: 264KB

.data
Size: - Virtual size: 20KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 51KB - Virtual size: 50KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 475KB - Virtual size: 475KB

.data
Size: 512B - Virtual size: 19KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB