62c9ba1e731f8f1b114de6c12dc60059_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

62c9ba1e731f8f1b114de6c12dc60059_JaffaCakes118
Size

4.2MB
MD5

62c9ba1e731f8f1b114de6c12dc60059
SHA1

4d870c3906ce3aac49b05f873b02093d6c111121
SHA256

94e8d39d46da6aa3285c3339b14098b81b1ed901a9ccceb1a8750150b5527773
SHA512

6a7319b847513132ed95de9e7075b3fceabb64fe8ce170471f99185295cb2049fd5c4b9227ab204cf4b703243742f51f4c0a6c952d49c7d1246555b098b46d7d
SSDEEP

98304:3yHMvqmmAulupdMPInvj0ddP9BcBia/P1nLAwcnvlvq5vAn:CAqBluJvj0ddPUB9VAwcvli5vAn

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VM.exe
unpack001/VPlug/HFHK.dll
unpack001/VPlug/MiniMH.dll
unpack001/VPlug/VSHK.dll
unpack001/VPlug/VSRK.dll
unpack001/VPlug/W3Knight.dll
unpack001/VPlug/abcPlug.exe
unpack001/卡尔改键.exe
unpack001/地卜改键.exe
unpack001/改键游侠.exe

Files

62c9ba1e731f8f1b114de6c12dc60059_JaffaCakes118
.rar
VM.exe
.exe windows:4 windows x86 arch:x86

44dba11e1aedd22066a2361b6c5bd0bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord618

kernel32

GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

�Um��Z�^��²�~+��1�� 6�KD�$qۥ�<>�CI�O��q!�Ӡ@�g��s.��\�=y�6�7��6��!�7�**XPr��B�*h�.SH��d��c�� C�&k�X��Y9L�T�ҭŨ�^��v*�@y��Ue?Y� ��W:��kAZ r�t7f��eD�[^��ØV�Lӷ��+)�t�Kc �s��40UU��v'f�2�y��m3Ђ[B�D�/�\��Y��tiVnT��Ι��LNg�Y� �5 ��¯o�X0��g9�mk׫��ׄ�O '�G�<��ֽ0�*�"x ��Y�}�XW��c*��=8�Dwojt0�qԃ��o=�d��X�<q�[��_�yB�z1�9�s2��rΟ�~��- ��d�3=#)��x�l(��Fz�X��A�L�{|_��Etc�_��d�c_w�bL��W+��[G))^i<wG�z��#�g�P��-�3��~�b{ܲd��c�^+�5KOl(� 6�;E��_#^N��Ⱦ��+�2�S��J�k*�<(�IN�� i�� D��a��'��Y=O��JdF!�Es�֏g�Z�2��ﴮH��|Z��A�>'['��(��7�$��!��W,ED�õ [v��XQq�TUw��*%"e��d��]�?��B��S�<M��f��r��u\��<�#�e �9�J��ꊛ켷��/J�_P{�u@} th��Nr��*}��'3t�fƶ��8�1��B7�ġ<]j��Ķ�t##>q��f}�4ql��/�a 3n}#��Z��3��}��2��'�ɠ��):��R?s �� !�� C�r��ؘ�|#�`�Be`-�F/4jry '�D�QJ]v�³,u=sQ��TI�yz�p�t��́�9/Mi��tpM��-)T�s�ɏs=fI-�8��rF��F�P��[x+fħ�'pb�I�:�ɵ�?v4j��8�u��ɢ�+�� EU�&3{�N�Z'znH��V��0%��$Im�K� 2:Z�EQ�� c��Ŧ��Qm�xOL��Y�`k�и�.\G��2��Q��q�S�ZfI�,e�0�k�ԣ��hڵ� U#��d!P�w�V��J�x��{;��9��3`.��3��q��D��+��#n<R�N��K�^M0rPJ�H�K<&a��[nN&ٸ��@�ƖE��I`��B;?%,��h��6��A�h86-�"��䏩A)�Y�64�M��l<4�XRn��Y��z��Ie��wǗ��N��L��`@��I��W��٫2w�7<�z�w�1�J��[5m>�/�s3Ϥ�zEm��0&rdE\W�� F�ORR��-n�} �:3a?Bx��,�ř��y��L^��9��cw�3��I3�q�vd��<6�v~ E�v��G��Nn~0 �Y��!q��cx�t�,�`T��g λ��E�?�x9�$��v�D�h�|��S�~�_%wb�[Gة�]G+Ќp,ԡ�x�H�f��G�#��Vf�zc5��b}ک.aQ�}��F��C��C��]��F��XI��N`�&e6��@�77oc:D0/ �y�m��gl � �ů��mbc��oIR��R*��v�n�b�O�k㮭[\�s$Q��y�|�}�t�z�W�R�f��V��O^��|��2G�I��s$pϟ2#��qu:��6=CS7v꘹�#*L�A}SA��6�G�݈;��'j5~K*ٳ�f��3ת�PGЮa��Z�%��+�8`�-��,��τ�1��x�vi�Opjn��"t8�'vm��'V�h�Fs>�>��* Z�Tȕ�M�|D��p��*E�w]�|��>W�ԺX�첍��$oL�}�Z��ONhc��rv��-hJ5��M]�0�(��6�6H�@_��WL��v�[pC��)�r l�߰ ��fc`�R~��+ќ��,��j�|�A5J��ֿ�{��c�u�˕��?/��(�b��(�>f�ږ`��oX�#��R9f��Z�h|�C�%�i;��(ߢr��G�z��Ax��ݭ�e�@��`x��G�'hU��Y�M�l?7��Y��v紦U1��m/�VfPz�S�,3^w�3&ZR ��%�O��'�C�t�e��6�� 8�K;$�\]�z��3$�9��a��^&L�,Ng��́;Լ@��B�&1A��P�s�<]�3xʄQ(�֩N(��@'(Oe�D��TxG1V �bm��-7g=5�ܺ��u��O��[1�"�z[�I]u+��)��pBU��.G�9D~��ZM��[pI C��;]��0T2�L��s��0�|4N�ǜ<��= I�͈�i> Li *��9��A�K��J$��v��2ݍog؂3�Z\û �� k��m��1e�o�S�)��w3��2��B�Z�� X��z�`��n)V�~F��β�&q��Nz�R<G=R��s�g�c�?R��I�W6lh�� :�8��_{@��J+M"�ӆ��}]l��̇ .`�1�}�E�.K��+M��RU1P8�4$��0�R�s(�^��SG�im��Ҋ'Ғ�$��H �H�l��.܈��.ԐR��E� Q�b��tI�b��c��u��Pz�+��^7��*�#r"�ٜk��7��?+��Qi<a��,��Pd��g�H6%CMv��n뷦-�S}I��ӭA��N5cY�O�/ X��gܼ\��H��_"��*�G�o|�æ�_O|�(i<�nyV��GBiC�}��ﱑ��c;�^�@c��+�e��XG�>��|��\��y|��Jsj�Nv�&��`�JP�df�,�V�)�|��

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5200
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5201
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VPlug/HFHK.dll
.dll windows:4 windows x86 arch:x86

097a8c8b2cc8670b74a706e76c4bc401

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

SendMessageA
MessageBoxA

Sections

.text
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hfhk0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hfhk1
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.hfhk2
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VPlug/MiniMH.dll
.dll windows:4 windows x86 arch:x86

60b5f3ca8972e405a74b1cd471690ecd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadProcessMemory
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

DrawTextA
MessageBoxA

gdi32

GetStockObject

advapi32

RegQueryValueExA

Sections

.text
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MiniMH0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MiniMH1
Size: - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.MiniMH2
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VPlug/VSHK.dll
.dll windows:4 windows x86 arch:x86

44f79c51358968209b69850dda076b4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

CharLowerA
MessageBoxA

Sections

.text
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VSHK0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VSHK1
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.VSHK2
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VPlug/VSRK.dll
.dll windows:4 windows x86 arch:x86

2c53abea802f4195d94f82dda9b09184

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

FindWindowA
MessageBoxA

Sections

.text
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VSRK0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VSRK1
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.VSRK2
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VPlug/W3Knight.dll
.dll windows:4 windows x86 arch:x86

58951432f2505e76b88f1d573b5e6253

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

FindWindowA
MessageBoxA

ws2_32

shutdown

Sections

.text
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.W3King0
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.W3King1
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.W3King2
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VPlug/abcPlug.exe
.exe windows:4 windows x86 arch:x86

6592bde251a3fff58f99f84f88d99b7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord691
ord697
MethCallEngine
ord621
ord516
ord517
ord518
ord519
ord595
ord598
ord520
ord709
ord631
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord607
ord608
ord531
ord532
ord717
ProcCallEngine
ord535
ord537
ord645
ord570
ord648
ord572
ord681
ord576
ord578
ord685
ord100
ord579
ord616
ord617
ord618
ord619
ord580

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
W3MDX/AncientProtector.mdx
W3MDX/HeroWarden.mdx
W3MDX/heroflamelord.mdx
W3MDX/hp4.blp
W3MDX/hp6.blp
W3MDX/humantower.mdx
W3MDX/mhcrash.mdx
W3MDX/raccoon.mdx
W3MDX/raccoon1.mdx
W3MDX/zhuge.mdx
W3MDX/ziggurat.mdx
卡尔改键.exe
.exe windows:4 windows x86 arch:x86

9f4bed45f0ccee87e4b52d99891c4e57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord696
MethCallEngine
ord516
ord517
ord518
ord519
ord660
ord662
ord557
ord591
ord595
ord598
ord599
ord520
ord631
ord709
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord561
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord606
ord714
ord608
ord717
ProcCallEngine
ord644
ord537
ord573
ord685
ord100
ord616
ord617
ord619
ord546
ord581

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
地卜改键.exe
.exe windows:4 windows x86 arch:x86

9f4bed45f0ccee87e4b52d99891c4e57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord696
MethCallEngine
ord516
ord517
ord518
ord519
ord660
ord662
ord557
ord591
ord595
ord598
ord599
ord520
ord631
ord709
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord561
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord606
ord714
ord608
ord717
ProcCallEngine
ord644
ord537
ord573
ord685
ord100
ord616
ord617
ord619
ord546
ord581

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
当游网_www.3h3.com.URL
必读 - Win7&8系统.txt
改键游侠.exe
.exe windows:4 windows x86 arch:x86

e63fae78eae879512d26b4d09a2fd0ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord588
ord696
MethCallEngine
ord516
ord517
ord518
ord519
ord660
ord662
ord557
ord591
ord595
ord596
ord598
ord599
ord631
ord709
ord632
ord525
ord526
EVENT_SINK_AddRef
ord527
ord528
ord561
DllFunctionCall
ord670
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord607
ord608
ord717
ProcCallEngine
ord644
ord537
ord645
ord681
ord685
ord100
ord616
ord617
ord619
ord546

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
说明.txt

Sharing

General

Malware Config

Signatures

Files

44dba11e1aedd22066a2361b6c5bd0bb

Headers

File Characteristics

Imports

msvbvm60

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 1.5MB

.data Size: - Virtual size: 35KB

5200 Size: - Virtual size: 2.6MB

.tls Size: 4KB - Virtual size: 24B

5201 Size: 2.5MB - Virtual size: 2.5MB

.rsrc Size: 44KB - Virtual size: 40KB

097a8c8b2cc8670b74a706e76c4bc401

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 16KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 12KB

.hfhk0 Size: - Virtual size: 3KB

.hfhk1 Size: - Virtual size: 49KB

.hfhk2 Size: 92KB - Virtual size: 89KB

.reloc Size: 4KB - Virtual size: 192B

60b5f3ca8972e405a74b1cd471690ecd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: - Virtual size: 173KB

.rdata Size: - Virtual size: 17KB

.data Size: - Virtual size: 49KB

.data1 Size: - Virtual size: 2KB

.MiniMH0 Size: - Virtual size: 14KB

.MiniMH1 Size: - Virtual size: 327KB

.MiniMH2 Size: 403KB - Virtual size: 403KB

.reloc Size: 512B - Virtual size: 176B

44f79c51358968209b69850dda076b4d

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 19KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 14KB

.VSHK0 Size: - Virtual size: 3KB

.VSHK1 Size: - Virtual size: 45KB

.VSHK2 Size: 84KB - Virtual size: 83KB

.reloc Size: 512B - Virtual size: 100B

2c53abea802f4195d94f82dda9b09184

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 18KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 14KB

.VSRK0 Size: - Virtual size: 3KB

.VSRK1 Size: - Virtual size: 44KB

.VSRK2 Size: 87KB - Virtual size: 87KB

.reloc Size: 512B - Virtual size: 148B

58951432f2505e76b88f1d573b5e6253

.text
Size: - Virtual size: 1.5MB

.data
Size: - Virtual size: 35KB

5200
Size: - Virtual size: 2.6MB

.tls
Size: 4KB - Virtual size: 24B

5201
Size: 2.5MB - Virtual size: 2.5MB

.rsrc
Size: 44KB - Virtual size: 40KB

.text
Size: - Virtual size: 16KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 12KB

.hfhk0
Size: - Virtual size: 3KB

.hfhk1
Size: - Virtual size: 49KB

.hfhk2
Size: 92KB - Virtual size: 89KB

.reloc
Size: 4KB - Virtual size: 192B

.text
Size: - Virtual size: 173KB

.rdata
Size: - Virtual size: 17KB

.data
Size: - Virtual size: 49KB

.data1
Size: - Virtual size: 2KB

.MiniMH0
Size: - Virtual size: 14KB

.MiniMH1
Size: - Virtual size: 327KB

.MiniMH2
Size: 403KB - Virtual size: 403KB

.reloc
Size: 512B - Virtual size: 176B

.text
Size: - Virtual size: 19KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 14KB

.VSHK0
Size: - Virtual size: 3KB

.VSHK1
Size: - Virtual size: 45KB

.VSHK2
Size: 84KB - Virtual size: 83KB

.reloc
Size: 512B - Virtual size: 100B

.text
Size: - Virtual size: 18KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 14KB

.VSRK0
Size: - Virtual size: 3KB

.VSRK1
Size: - Virtual size: 44KB

.VSRK2
Size: 87KB - Virtual size: 87KB

.reloc
Size: 512B - Virtual size: 148B

.text
Size: - Virtual size: 133KB

.rdata
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 53KB

.rsrc
Size: 1024B - Virtual size: 1024B

.W3King0
Size: - Virtual size: 15KB

.W3King1
Size: - Virtual size: 432KB

.W3King2
Size: 456KB - Virtual size: 456KB

.reloc
Size: 512B - Virtual size: 160B

.text
Size: 104KB - Virtual size: 101KB

.data
Size: - Virtual size: 8KB

.rsrc
Size: 24KB - Virtual size: 22KB

.text
Size: 164KB - Virtual size: 162KB

.data
Size: - Virtual size: 11KB

.rsrc
Size: 48KB - Virtual size: 46KB

.text
Size: 136KB - Virtual size: 132KB

.data
Size: - Virtual size: 11KB

.rsrc
Size: 48KB - Virtual size: 46KB

.text
Size: 316KB - Virtual size: 315KB

.data
Size: - Virtual size: 15KB

.rsrc
Size: 24KB - Virtual size: 21KB