04a23592b8a510bf9bf05f12c21574c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04a23592b8a510bf9bf05f12c21574c0_JaffaCakes118
Size

776KB
MD5

04a23592b8a510bf9bf05f12c21574c0
SHA1

78bd08158c9d170c78301741a4a3db958701f32a
SHA256

dc70dda93f9c9aad8d8a1591e8c44c2191b719bdf4128280925350d2a7a557dc
SHA512

88a74cbb8f38c3d207b660fc488fdea1bf46bad97156001dd632ef3d2f09d9884e1af78038d6648d6ef62d4099aa01058df515bd8ced5ae3d4ef1dd07f8a0e1f
SSDEEP

24576:bPQIhHlMoOORwMF8199kEAD0COLBGt+3B+E/:tDMoOnuw99kEADBOLBGt+3B+E/

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/备案批量查询系统_3.9/备案信息批量查询.exe
unpack001/备案批量查询系统_3.9/更新模块.exe

Files

04a23592b8a510bf9bf05f12c21574c0_JaffaCakes118
.rar
备案批量查询系统_3.9/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

b22bd7d6f2b83c193c4c7e9c0a2de8b2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
GlobalFree
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
备案批量查询系统_3.9/MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

d940cf5b3d0dfb340396c0608ef1a0c5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:cb:1c:af:c1:a1:9a:a8:ba:91:ac:e1:6b:ab:e7:b6:18:25:e9:91
Signer

Actual PE Digest

8a:cb:1c:af:c1:a1:9a:a8:ba:91:ac:e1:6b:ab:e7:b6:18:25:e9:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetProcAddress
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
GetDlgItem
MoveWindow
GetWindow
GetActiveWindow
IsWindowVisible
TranslateMessage
GetParent
OffsetRect
EqualRect
DispatchMessageA
GetWindowThreadProcessId
ShowWindow
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
ClientToScreen
GetWindowRect
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
IntersectRect
SetWindowRgn
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
备案批量查询系统_3.9/data.db
备案批量查询系统_3.9/ieset.jpg
.jpg
备案批量查询系统_3.9/mswinsck.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

5270274b4ff20c6f050b9c66331e50cb

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetProcAddress
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetLocaleInfoA
LoadLibraryA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetFileAttributesA
GetWindowsDirectoryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
备案批量查询系统_3.9/systemcfg.ini
备案批量查询系统_3.9/作者主页.url
备案批量查询系统_3.9/使用必读V3.9(很重要).doc
.doc windows office2003
备案批量查询系统_3.9/域名导入示例.txt
备案批量查询系统_3.9/备案信息批量查询.exe
.exe windows:4 windows x86 arch:x86

d0946a8d0b9d96d22164787f2a9dd81d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaStrCat
__vbaVarCmpNe
__vbaError
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
ord662
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaBoolStr
__vbaExitProc
__vbaVarForInit
__vbaVarPow
ord300
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord306
ord520
__vbaBoolVar
__vbaVargVar
__vbaBoolVarNull
__vbaFpR8
__vbaVarTstLt
_CIsin
__vbaErase
ord631
ord632
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaCastObjVar
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
ord569
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaStrUI1
__vbaVarMul
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaInputFile
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaVarDiv
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
ord536
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaR8Str
__vbaVarLateMemCallLdRf
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaFreeStrList
__vbaVarCmpLt
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord612
ord613
__vbaFpI2
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
ord616
ord617
__vbaVarSetObjAddref
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
ord618
__vbaAryCopy
__vbaCastObj
ord619
__vbaStrVarCopy
ord650
_allmul
__vbaLenVarB
__vbaVarLateMemCallSt
__vbaLateIdSt
_CItan
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
备案批量查询系统_3.9/控件注册_如果运行出错，请先安装我.BAT
备案批量查询系统_3.9/新云软件.url
.url
备案批量查询系统_3.9/更新模块.exe
.exe windows:4 windows x86 arch:x86

ac277b40dc0d7868866f93c0a7ad0e28

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
__vbaBoolVarNull
_CIsin
ord631
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
__vbaInputFile
ord712
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord716
__vbaFPException
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord536
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaInStr
ord571
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaVarLateMemCallLd
ord617
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
__vbaI4ErrVar
ord581

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
备案批量查询系统_3.9/软件注册.url

Sharing

General

Malware Config

Signatures

Files

b22bd7d6f2b83c193c4c7e9c0a2de8b2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 688KB - Virtual size: 687KB

.data Size: 32KB - Virtual size: 28KB

.rsrc Size: 280KB - Virtual size: 279KB

.reloc Size: 40KB - Virtual size: 38KB

d940cf5b3d0dfb340396c0608ef1a0c5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:0e:7d:a7:00:00:00:00:00:48Certificate

Extended Key Usages

Key Usages

8a:cb:1c:af:c1:a1:9a:a8:ba:91:ac:e1:6b:ab:e7:b6:18:25:e9:91Signer

Headers

File Characteristics

Imports

wininet

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 66KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 36KB - Virtual size: 32KB

.reloc Size: 8KB - Virtual size: 4KB

5270274b4ff20c6f050b9c66331e50cb

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

.text
Size: 688KB - Virtual size: 687KB

.data
Size: 32KB - Virtual size: 28KB

.rsrc
Size: 280KB - Virtual size: 279KB

.reloc
Size: 40KB - Virtual size: 38KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

8a:cb:1c:af:c1:a1:9a:a8:ba:91:ac:e1:6b:ab:e7:b6:18:25:e9:91
Signer

.text
Size: 68KB - Virtual size: 66KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 36KB - Virtual size: 32KB

.reloc
Size: 8KB - Virtual size: 4KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 66KB - Virtual size: 66KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 328KB - Virtual size: 325KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB