3418a9bc48af38ddd5c03a2d9a97e113_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3418a9bc48af38ddd5c03a2d9a97e113_JaffaCakes118
Size

350KB
MD5

3418a9bc48af38ddd5c03a2d9a97e113
SHA1

493eed45388de18c9d97313bfe28f3b88a8d5f74
SHA256

5c964935153ae8c6da1af29cd49d3abcc4345684b44927411b1ec4c815385516
SHA512

81a4f5418658f941d63edb855dbe06855bf53154e1f39b96e1fc0822126273dee7cb713655039f103221fb7e1663c489509a69aa9ccbd17aaed99fc862895ceb
SSDEEP

6144:W3vaOJ9N71nLfkP2bHAFKl6EovpLjecFFx0MKRbcATPdSFZzA9/9dEhehUJ151:AvaaN71nrgkHykRe5je00M8bLFSFJAjc

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack002/vb/59r.com_CD播放器.exe
unpack002/vb/pro1/死机/死机1.exe
unpack002/vb/qqq.com程序注册表编辑器/AddEasy.exe
unpack002/vb/qqq.com程序注册表编辑器/AddEasy1.exe
unpack002/vb/vqqq.com五子棋____联系电话 0774--7682617,联系email [email protected] 联系QQ：6439358/五子棋.exe
unpack002/vb/vqqq.com屏幕捕捉器/vqqq.com屏幕捕捉器.exe
unpack002/vb/vqqq.com系统信息查寻器，可以查出当前系统/Project1.exe
unpack002/vb/vqqq自动取款机 (A.T.M.).exe
unpack002/vb/vqqq雪夜屏保器.exe
unpack002/vb/关机rejing/BigChina.exe
unpack002/vb/扫雷.EXE
unpack002/vb/标ti/工程1.exe
unpack002/vb/热建.exe
unpack001/052512691/复件 vb/mp3/mp3.exe
unpack001/052512691/复件 vb/paint/87q.com画图之王.exe
unpack001/052512691/复件 vb/paint/vqqq.comPaint.exe

Files

3418a9bc48af38ddd5c03a2d9a97e113_JaffaCakes118
.rar
052512691/tool.rar
.rar
vb/59r.com_CD播放器.exe
.exe windows:4 windows x86 arch:x86

ffc3b524e4f59b41f002ea0ebcec1ea3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
ord617
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/code/59r.com cd.vbp
vb/code/59r.com cd.vbw
vb/code/MSSCCPRJ.SCC
vb/code/SNOW.VBP
vb/code/SNOW.vbw
vb/code/vqqq自动取款机 (A.T.M.).VBP
vb/code/vqqq自动取款机 (A.T.M.).exe
vb/code/vqqq自动取款机 (A.T.M.).frx
vb/code/vqqq自动取款机 (A.T.M.).vbw
vb/code/扫雷/扫雷.vbp
vb/code/扫雷/扫雷.vbw
vb/code1/Form mov.vbp
vb/code1/Form mov.vbw
vb/code1/MSSCCPRJ.SCC
vb/pro1/死机/死机1.exe
.exe windows:4 windows x86 arch:x86

19d05037b2c50ae34239b7edca8ea5b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaStrToAnsi
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/pro1/死机/死机1.vbp
vb/pro1/死机/死机1.vbw
vb/qqq.com程序注册表编辑器/AddEasy.exe
.exe windows:4 windows x86 arch:x86

c7d78d07b836f55bcc9b44b4fae23e8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord595
ord520
ord632
EVENT_SINK_AddRef
ord528
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord608
ord645
ord648
ord100
ord616
ord617
ord619
ord581

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/qqq.com程序注册表编辑器/AddEasy.ini
vb/qqq.com程序注册表编辑器/AddEasy1.exe
.exe windows:4 windows x86 arch:x86

c7d78d07b836f55bcc9b44b4fae23e8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord595
ord520
ord632
EVENT_SINK_AddRef
ord528
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord608
ord645
ord648
ord100
ord616
ord617
ord619
ord581

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/qqq.com程序注册表编辑器/AddMune.vbp
vb/qqq.com程序注册表编辑器/AddMune.vbw
vb/qqq.com程序注册表编辑器/MSSCCPRJ.SCC
vb/qqq.com程序注册表编辑器/Project1.vbw
vb/vqqq.com五子棋____联系电话 0774--7682617,联系email [email protected] 联系QQ：6439358/MSSCCPRJ.SCC
vb/vqqq.com五子棋____联系电话 0774--7682617,联系email [email protected] 联系QQ：6439358/五子棋.exe
.exe windows:4 windows x86 arch:x86

d45ea5a01f9fc42faee7ca99b9ada635

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
__vbaVarCmpNe
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaVarForInit
ord300
__vbaOnError
__vbaObjSet
ord595
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord306
ord520
ord309
__vbaBoolVarNull
__vbaVarTstLt
__vbaFpR8
_CIsin
ord632
__vbaVarCmpGt
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarAbs
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
ord310
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord312
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaVarDiv
__vbaFPException
__vbaStrVarVal
ord534
__vbaI2Var
ord536
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaStrToAnsi
ord612
__vbaVarDup
__vbaFpI2
__vbaVarMod
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
ord650
_allmul
__vbaLateIdSt
_CItan
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/vqqq.com五子棋____联系电话 0774--7682617,联系email [email protected] 联系QQ：6439358/五子棋.vbp
vb/vqqq.com五子棋____联系电话 0774--7682617,联系email [email protected] 联系QQ：6439358/五子棋.vbw
vb/vqqq.com屏幕捕捉器/vqqq.com屏幕捕捉器.exe
.exe windows:4 windows x86 arch:x86

7234a08fa2999206c04335c37bf7eede

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord661
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaDateVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
__vbaFpI4
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
ord546
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/vqqq.com屏幕捕捉器/vqqq.com屏幕捕捉器t1.vbp
vb/vqqq.com屏幕捕捉器/vqqq.com屏幕捕捉器t1.vbw
vb/vqqq.com系统信息查寻器，可以查出当前系统/Project1.exe
.exe windows:4 windows x86 arch:x86

e6edbeac01162b048977bf769a9da874

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaForEachCollVar
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaNextEachCollVar
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/vqqq.com系统信息查寻器，可以查出当前系统/Project1.vbp
vb/vqqq.com系统信息查寻器，可以查出当前系统/Project1.vbw
vb/vqqq自动取款机 (A.T.M.).exe
.exe windows:4 windows x86 arch:x86

815c27a79d0fda256603d6047d803241

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord595
ord598
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord717
ProcCallEngine
ord681
ord100
ord581

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/vqqq雪夜屏保器.exe
.exe windows:4 windows x86 arch:x86

a45af6108748e41b0ef07d8f8a8eaa10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
ord588
ord589
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
ord593
ord594
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
_adj_fpatan
__vbaR4Var
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaI2Var
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
__vbaVarCopy
_CIatan
_allmul
_CItan
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/关机rejing/BigChina.exe
.exe windows:4 windows x86 arch:x86

5188e3c95e2e9332f59020f192fc33d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
ord690
ord691
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaBoolStr
__vbaForEachCollObj
__vbaExitProc
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
__vbaBoolVarNull
_CIsin
ord632
__vbaNextEachCollObj
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
ord689
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaRecDestructAnsi
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/关机rejing/BigChina.vbp
vb/关机rejing/BigChina.vbw
vb/扫雷.EXE
.exe windows:4 windows x86 arch:x86

8dc1eabd2c774f191d1a35a6f53633db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
ord589
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
ord593
ord300
ord594
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord306
__vbaForEachCollVar
__vbaBoolVarNull
_CIsin
__vbaErase
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaI2I4
__vbaNextEachCollVar
__vbaPrintObj
__vbaObjVar
__vbaVarLateMemSt
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaFpI2
__vbaFpI4
__vbaVarLateMemCallLd
__vbaLateMemCallLd
__vbaR8IntI2
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
_CItan
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/标ti/工程1.exe
.exe windows:4 windows x86 arch:x86

6091ea533f36b7eee5e0af90fee32bb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaStrToAnsi
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeStr

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/标ti/工程1.vbp
vb/标ti/工程1.vbw
vb/热建.exe
.exe windows:4 windows x86 arch:x86

f162f82f6f780a83beeff8b5c18ad2d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vb/热建.vbp
vb/热建.vbw
vb/程序说明.txt
052512691/下载说明.htm
.html .js polyglot
052512691/复件 vb/mp3/mp3.exe
.exe windows:4 windows x86 arch:x86

10cd661ada6ab69898aa5a7ed80d41b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
052512691/复件 vb/mp3/mp3.vbp
052512691/复件 vb/mp3/mp3.vbw
052512691/复件 vb/mp3/vqqq.com.txt
052512691/复件 vb/paint/87q.com画图之王.exe
.exe windows:4 windows x86 arch:x86

8c43a31cce25df7e3c4d38cc61942c01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
__vbaStrI2
ord583
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
ord585
__vbaVarVargNofree
__vbaFreeVar
__vbaLateIdCall
ord588
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
__vbaVarIdiv
_adj_fdiv_m64
__vbaFreeObjList
ord517
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
ord593
__vbaI4Abs
__vbaObjSet
__vbaOnError
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaAryConstruct2
__vbaR4Str
__vbaI2I4
ord561
__vbaPrintObj
DllFunctionCall
ord670
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
ord579
__vbaI4Var
__vbaVarDup
__vbaFpI2
ord614
__vbaVarMod
__vbaFpI4
__vbaR8IntI2
_CIatan
__vbaStrMove
ord618
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
052512691/复件 vb/paint/MSSCCPRJ.SCC
052512691/复件 vb/paint/SEKPaint.vbp
052512691/复件 vb/paint/SEKPaint.vbw
052512691/复件 vb/paint/vqqq.com.txt
052512691/复件 vb/paint/vqqq.comPaint.exe
.exe windows:4 windows x86 arch:x86

48b2be7d1e3c910a703eb9831240c7c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
__vbaStrI2
ord583
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
ord585
__vbaVarVargNofree
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaVarIdiv
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord517
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
ord593
__vbaI4Abs
__vbaObjSet
__vbaOnError
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaAryConstruct2
__vbaR4Str
__vbaI2I4
ord561
__vbaPrintObj
DllFunctionCall
ord670
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
ord579
__vbaI4Var
__vbaVarDup
__vbaFpI2
ord614
__vbaVarMod
__vbaFpI4
__vbaR8IntI2
_CIatan
__vbaStrMove
ord618
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffc3b524e4f59b41f002ea0ebcec1ea3

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

19d05037b2c50ae34239b7edca8ea5b8

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

c7d78d07b836f55bcc9b44b4fae23e8d

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 44KB - Virtual size: 40KB

.data Size: - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

c7d78d07b836f55bcc9b44b4fae23e8d

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 44KB - Virtual size: 40KB

.data Size: - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

d45ea5a01f9fc42faee7ca99b9ada635

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 128KB - Virtual size: 125KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1KB

7234a08fa2999206c04335c37bf7eede

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

e6edbeac01162b048977bf769a9da874

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

815c27a79d0fda256603d6047d803241

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: - Virtual size: 8KB

.rsrc Size: 204KB - Virtual size: 200KB

a45af6108748e41b0ef07d8f8a8eaa10

Headers

File Characteristics

.text
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 40KB

.data
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 40KB

.data
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 128KB - Virtual size: 125KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 23KB

.data
Size: - Virtual size: 8KB

.rsrc
Size: 204KB - Virtual size: 200KB

.text
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 72KB - Virtual size: 71KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 304KB - Virtual size: 301KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 120KB - Virtual size: 119KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 2KB