ca406afe9bc33e30ff3c5e3479cb7eef

Sharing

Copy URL Twitter E-mail

General

Target

ca406afe9bc33e30ff3c5e3479cb7eef
Size

553KB
MD5

ca406afe9bc33e30ff3c5e3479cb7eef
SHA1

b7d3f0a71cf413c094e76831ae777b456795664d
SHA256

c50f48e22001cff7352738b9fe34a384aa204902a9b618187a75613443a0194e
SHA512

7845edfd5efef4e8b9109784dd4e508ef25fb6e0cdb873e233aa1dd82a477bdddd6730999ab041e708ad5df9f805f7c4f5b3bf5ffdd517bd58a43a1fcd4c1e1e
SSDEEP

12288:+s19h4wPQWVaSzAtqq/9bx3/s7heoaVBRXLhg14ox:th4wPQWVaP9bxQINhK

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/test/LyfUpload.dll
unpack001/test/WordOcxFinalProj1.ocx
unpack001/test/签章制作.exe

Files

ca406afe9bc33e30ff3c5e3479cb7eef
.rar
test/List.asp
.vbs
test/LyfUpload.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5b498544543d112033c55ad8f1e51186

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
__vbaFreeObjList
__vbaVarIndexLoadRef
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaPutOwner3
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
__vbaStrVarVal
__vbaGetOwner3
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaVar2Vec
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
__vbaVarSetVar
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaLateMemCall
__vbaVarDup
__vbaStrComp
__vbaStrToAnsi
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaCastObj
ord619
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
test/WordOcxFinalProj1.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
test/index.asp
test/main.asp
.html
test/new.mdb
test/ocxdemo.asp
.asp .vbs polyglot
test/othertest.asp
.vbs
test/readme.txt
test/test.asp
test/test.htm
.html
test/下载说明.htm
.html .js polyglot
test/章.Ety
test/签章制作.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

5b498544543d112033c55ad8f1e51186

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 980B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 850KB - Virtual size: 850KB

DATA Size: 13KB - Virtual size: 13KB

BSS Size: - Virtual size: 4KB

.idata Size: 12KB - Virtual size: 11KB

.edata Size: 512B - Virtual size: 174B

.reloc Size: 60KB - Virtual size: 60KB

.rsrc Size: 197KB - Virtual size: 197KB

Headers

File Characteristics

Sections

CODE Size: 387KB - Virtual size: 386KB

DATA Size: 9KB - Virtual size: 9KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 28KB - Virtual size: 28KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 980B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

CODE
Size: 850KB - Virtual size: 850KB

DATA
Size: 13KB - Virtual size: 13KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 12KB - Virtual size: 11KB

.edata
Size: 512B - Virtual size: 174B

.reloc
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 197KB - Virtual size: 197KB

CODE
Size: 387KB - Virtual size: 386KB

DATA
Size: 9KB - Virtual size: 9KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 24KB - Virtual size: 24KB