0f04639158966ec4c68757442f770d23_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0f04639158966ec4c68757442f770d23_JaffaCakes118
Size

1.7MB
MD5

0f04639158966ec4c68757442f770d23
SHA1

179977c41c1cb2f74792d2a148dbce1c64bb7e1c
SHA256

54019b92f51554c750f85be8d5c89989d10b83d8bf6e8bec24462655f40e4d2d
SHA512

1cc47ed7cd3bc6965eabcda491a7400693e111fee2f69bebd7b26d12892c9f6eca13e68158f341050a1b26a8edc553e025d80e4a1e7b75e75cb3fe120a273478
SSDEEP

49152:ZG1loF/XMYv2RbOSKdmOdsGrco3bSPtNXoMzFvzzhQBAJ:OlMfMtOHdyGVOPQSFvxr

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/K3_RISE_V12.3_KEYGEN/R123KeyGen(VIP)V1.2.exe
unpack001/K3_RISE_V12.3_KEYGEN/先运行我!.exe
unpack001/K3_RISE_V12.3_KEYGEN/替换文件/KdSvrmgr.dll
unpack001/K3_RISE_V12.3_KEYGEN/替换文件/kdmain.exe

Files

0f04639158966ec4c68757442f770d23_JaffaCakes118
.rar
K3_RISE_V12.3_KEYGEN/R123KeyGen(VIP)V1.2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 291KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 68KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 709KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
K3_RISE_V12.3_KEYGEN/使用说明.txt
K3_RISE_V12.3_KEYGEN/先运行我!.exe
.exe windows:4 windows x86 arch:x86

3d3d967282b1619854edf6348ebd96b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
CreateSemaphoreA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
InterlockedIncrement

user32

OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
GetClipboardData
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
CloseClipboard
wsprintfA
EqualRect
GetWindowRect
SetForegroundWindow
IsWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
UnregisterClassA
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture

gdi32

SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
CreateRectRgnIndirect
SetBkColor
CreatePen
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleUninitialize
CLSIDFromString
OleInitialize

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

comctl32

ImageList_Destroy
ord17

ws2_32

recv
getpeername
accept
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket
WSACleanup
inet_ntoa

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Sections

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
K3_RISE_V12.3_KEYGEN/替换文件/KdSvrmgr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6b73ddaf64a3f6fd535b8e5ba0a92bc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
__vbaR8FixI4
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
ord693
__vbaAryMove
__vbaFreeVar
ord695
__vbaStrVarMove
__vbaLenBstr
__vbaAptOffset
__vbaVarIdiv
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaVarIndexLoadRef
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord626
ord519
__vbaI2Abs
__vbaResume
__vbaCopyBytes
__vbaForEachCollAd
ord629
__vbaVarCmpNe
__vbaStrCat
__vbaError
ord660
__vbaLsetFixstr
ord553
__vbaRecDestruct
__vbaStrDate
ord661
__vbaSetSystemError
ord662
__vbaLenBstrB
__vbaHresultCheckObj
ord556
ord557
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaVarXor
__vbaAryDestruct
__vbaLateMemSt
__vbaVarIndexLoadRefLock
EVENT_SINK2_Release
ord592
ord593
__vbaForEachCollObj
__vbaVarForInit
__vbaExitProc
ord300
__vbaI4Abs
ord594
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord306
__vbaStrFixstr
ord520
__vbaBoolVar
ord521
ord309
ord523
__vbaVarTstLt
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
ord631
ord709
__vbaErase
ord525
__vbaVarZero
__vbaNextEachCollObj
__vbaVarCmpGt
ord632
__vbaVargVarMove
__vbaChkstk
ord633
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaVarAbs
ord528
__vbaGenerateBoundsError
ord529
__vbaExitEachColl
__vbaGet3
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
ord560
ord561
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord563
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
ord601
_CIsqrt
__vbaRedimVar
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaUI1I4
ord710
__vbaVarMul
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord605
__vbaDateStr
ord606
ord713
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord607
ord608
__vbaVarCmpLe
ord716
__vbaFPException
__vbaInStrVar
ord717
__vbaStrCompVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaCheckType
__vbaLsetFixstrFree
ord536
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaInStr
ord648
__vbaVar2Vec
__vbaNew2
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord685
ord579
__vbaVarTstNe
ord101
__vbaVarSetVar
ord102
__vbaI4Var
ord103
ord689
__vbaVarCmpEq
ord104
ord105
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaFreeVarg
__vbaStrToAnsi
__vbaStrComp
__vbaVarDup
__vbaVerifyVarObj
ord614
__vbaFpI2
__vbaAryVarVarg
__vbaVarMod
__vbaFpI4
ord616
__vbaVarLateMemCallLd
__vbaVarTstGe
__vbaVarCopy
__vbaRecDestructAnsi
__vbaR8IntI2
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
_CIatan
ord540
__vbaI2ErrVar
__vbaAryCopy
__vbaStrMove
ord618
__vbaCastObj
__vbaR8IntI4
__vbaForEachVar
__vbaStrVarCopy
ord619
ord542
ord650
_allmul
__vbaLenVarB
ord545
_CItan
__vbaNextEachCollAd
ord653
ord546
__vbaFPInt
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
ord580
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 664KB - Virtual size: 662KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
K3_RISE_V12.3_KEYGEN/替换文件/kdmain.exe
.exe windows:4 windows x86 arch:x86

73eb1595ee87a2e305db3ec5f946eb72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
ord588
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
__vbaVarIndexLoadRef
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord626
ord519
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
__vbaVarTextTstEq
ord660
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
ord556
__vbaLenVar
__vbaVargVarCopy
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord669
__vbaLateMemSt
EVENT_SINK2_Release
ord592
__vbaVarForInit
ord593
__vbaForEachCollObj
__vbaExitProc
ord300
ord301
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord305
__vbaFpR4
ord306
__vbaStrFixstr
__vbaBoolVar
ord520
ord307
ord521
__vbaStrTextCmp
ord309
__vbaFpR8
__vbaVarTstLt
__vbaRefVarAry
__vbaBoolVarNull
ord523
_CIsin
ord631
ord709
__vbaErase
__vbaNextEachCollObj
__vbaVargVarMove
__vbaVarZero
ord632
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord528
__vbaExitEachColl
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
ord560
ord561
__vbaObjVar
__vbaI2I4
ord562
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
ord670
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaVarTextTstNe
ord600
ord601
_CIsqrt
__vbaLateIdCallSt
__vbaVarAnd
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord711
ord313
__vbaPrintFile
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
__vbaStrCompVar
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
ord648
__vbaR8Str
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVerifyVarObj
__vbaAryVarVarg
__vbaCheckTypeVar
__vbaUnkVar
__vbaFpI4
ord616
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
_CIatan
ord618
__vbaCastObj
__vbaAryCopy
__vbaStrMove
__vbaR8IntI4
ord619
__vbaStrVarCopy
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
ord546
ord653
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 1012KB - Virtual size: 1010KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 388KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: 291KB - Virtual size: 648KB

Size: 4KB - Virtual size: 8KB

Size: - Virtual size: 4KB

Size: - Virtual size: 12KB

Size: - Virtual size: 4KB

Size: - Virtual size: 4KB

Size: - Virtual size: 44KB

Size: 68KB - Virtual size: 104KB

.rsrc Size: 21KB - Virtual size: 24KB

Size: 1024B - Virtual size: 3.5MB

.data Size: 709KB - Virtual size: 712KB

3d3d967282b1619854edf6348ebd96b7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: 408KB - Virtual size: 406KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 60KB - Virtual size: 121KB

.vmp0 Size: 40KB - Virtual size: 37KB

.rsrc Size: 24KB - Virtual size: 23KB

6b73ddaf64a3f6fd535b8e5ba0a92bc7

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 664KB - Virtual size: 662KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 48KB - Virtual size: 46KB

.reloc Size: 68KB - Virtual size: 67KB

73eb1595ee87a2e305db3ec5f946eb72

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 1012KB - Virtual size: 1010KB

.data Size: 4KB - Virtual size: 23KB

.rsrc Size: 388KB - Virtual size: 385KB

.rsrc
Size: 21KB - Virtual size: 24KB

.data
Size: 709KB - Virtual size: 712KB

.text
Size: 408KB - Virtual size: 406KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 60KB - Virtual size: 121KB

.vmp0
Size: 40KB - Virtual size: 37KB

.rsrc
Size: 24KB - Virtual size: 23KB

.text
Size: 664KB - Virtual size: 662KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 48KB - Virtual size: 46KB

.reloc
Size: 68KB - Virtual size: 67KB

.text
Size: 1012KB - Virtual size: 1010KB

.data
Size: 4KB - Virtual size: 23KB

.rsrc
Size: 388KB - Virtual size: 385KB