628dfc1a67183ec55fe4c56401eceeb0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

628dfc1a67183ec55fe4c56401eceeb0_JaffaCakes118
Size

3.6MB
MD5

628dfc1a67183ec55fe4c56401eceeb0
SHA1

18bb6fc2098464d6aecd58088a2e9939110c38c7
SHA256

2523a3e0cb5cdb5044c7d31436f2063155c6d4f05c3903fbdfbeff18ffc5f274
SHA512

317166b1026542c4e52bd38e4a200fbde53f582cc387a738ba5d619b78134c0c998585fb89c279f60e1c2c7080803a181e2bf4ea98aa53769104523cfbf16633
SSDEEP

98304:Vv/jwViwlfCi1cbfjTet2qvcfyDJ+Q11wtxg0:VTobz1WjTeM1fk11wD

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cvery.comvb9144523534524/wjl/ColXpProgressBar/XpProgressBar.oca
unpack001/cvery.comvb9144523534524/wjl/actskin4.oca
unpack001/cvery.comvb9144523534524/wjl/actskin4.ocx
unpack001/cvery.comvb9144523534524/wjl/pictureCase.ocx
unpack001/cvery.comvb9144523534524/wjl/工程2.oca
unpack001/cvery.comvb9144523534524/wjl/工程2.ocx

Files

628dfc1a67183ec55fe4c56401eceeb0_JaffaCakes118
.rar
cvery.comvb9144523534524/server/123.txt
cvery.comvb9144523534524/server/FrmServer.frm
.vbs
cvery.comvb9144523534524/server/GETDAY.mdb
cvery.comvb9144523534524/server/服务器.vbp
cvery.comvb9144523534524/server/服务器.vbw
cvery.comvb9144523534524/wjl/1.jpg
.jpg
cvery.comvb9144523534524/wjl/123.txt
cvery.comvb9144523534524/wjl/B-Studio.skn
cvery.comvb9144523534524/wjl/ColXpProgressBar/DOLPHIN.ICO
cvery.comvb9144523534524/wjl/ColXpProgressBar/Form1.frm
.vbs
cvery.comvb9144523534524/wjl/ColXpProgressBar/Form1.frx
cvery.comvb9144523534524/wjl/ColXpProgressBar/Form1.log
cvery.comvb9144523534524/wjl/ColXpProgressBar/Hearts.ico
cvery.comvb9144523534524/wjl/ColXpProgressBar/MSSCCPRJ.SCC
cvery.comvb9144523534524/wjl/ColXpProgressBar/PPBZ048.gif
.gif
cvery.comvb9144523534524/wjl/ColXpProgressBar/Project1.vbp
cvery.comvb9144523534524/wjl/ColXpProgressBar/Project1.vbw
cvery.comvb9144523534524/wjl/ColXpProgressBar/UserControl1.ctl
.vbs
cvery.comvb9144523534524/wjl/ColXpProgressBar/UserControl1.ctx
cvery.comvb9144523534524/wjl/ColXpProgressBar/XpProgressBar Info.txt
cvery.comvb9144523534524/wjl/ColXpProgressBar/XpProgressBar.exp
cvery.comvb9144523534524/wjl/ColXpProgressBar/XpProgressBar.lib
cvery.comvb9144523534524/wjl/ColXpProgressBar/XpProgressBar.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cvery.comvb9144523534524/wjl/ColXpProgressBar/XpProgressBar.vbw
cvery.comvb9144523534524/wjl/FRMGUA~1.log
cvery.comvb9144523534524/wjl/Flash.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

1cd3d89be41dd651b02dd66afd312a7f

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

03-12-2001 00:00

Not After

02-12-2011 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

43:40:6a:a9:b8:2d:e8:7e:57:2c:9c:12:f9:52:c2:c1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

02-06-2004 00:00

Not After

17-06-2005 23:59

Subject

CN=Macromedia\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Macromedia\, Inc.,L=San Francisco,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

waveInStop
waveInClose
waveInUnprepareHeader
waveInReset
timeSetEvent
waveInPrepareHeader
waveInOpen
waveInGetDevCapsA
waveOutOpen
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveOutGetDevCapsA
timeKillEvent
timeGetTime
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
waveInAddBuffer
waveInStart
waveInGetNumDevs
waveOutGetNumDevs
waveOutWrite
waveOutPrepareHeader

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetUserDefaultLangID
GetSystemDefaultLangID
DeleteFileA
CreateFileA
GetSystemDirectoryA
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
GetFileAttributesA
MoveFileA
RemoveDirectoryA
CreateDirectoryA
ReadFile
WriteFile
GetTempFileNameA
GetTempPathA
SetFilePointer
GetFileSize
FindFirstFileA
FindNextFileA
FindClose
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTickCount
WaitForSingleObject
IsDBCSLeadByteEx
GetProcessTimes
SetThreadPriority
CreateThread
ExitThread
CreateEventA
SetEvent
ResetEvent
WaitForMultipleObjects
GetThreadPriority
GetCurrentThread
CreateProcessA
GetLocaleInfoA
SetErrorMode
GetCurrentProcess
FlushInstructionCache
GlobalLock
GlobalUnlock
GetCurrentThreadId
MulDiv
LockResource
Sleep
LoadLibraryA
GetProcAddress
lstrcatA
lstrcpyA
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
DebugBreak
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalAlloc
GlobalFree
GetVersionExA
MultiByteToWideChar
GetCPInfo
GetACP
IsDBCSLeadByte
GetLastError
lstrlenA
InterlockedIncrement
WideCharToMultiByte
lstrlenW
InterlockedDecrement
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
CreateMutexA
DisableThreadLibraryCalls
HeapCreate
HeapDestroy
CloseHandle

user32

MapVirtualKeyA
GetKeyState
UpdateWindow
SetCapture
ReleaseCapture
GetFocus
PtInRect
IsChild
GetParent
GetSystemMetrics
InsertMenuItemA
GetMenuItemInfoA
GetMenuItemCount
WaitForInputIdle
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
SetClipboardData
EmptyClipboard
GetDesktopWindow
PostThreadMessageA
GetQueueStatus
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
DispatchMessageA
GetCapture
LoadMenuA
GetSubMenu
GetMenuItemID
DeleteMenu
ClientToScreen
TrackPopupMenu
DestroyMenu
SystemParametersInfoA
SetCursor
GetCursorPos
ScreenToClient
KillTimer
SetTimer
FillRect
MessageBoxA
CheckMenuItem
SetFocus
GetWindowRect
GetKeyboardLayout
CreateWindowExA
CallWindowProcA
GetWindowLongA
DefWindowProcA
SetWindowLongA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
InvalidateRect
LoadCursorA
wsprintfA
RegisterClassExA
BeginPaint
GetClientRect
EndPaint
CreateDialogParamA
LoadStringA
IsDialogMessageA
MoveWindow
ShowWindow
GetDialogBaseUnits
IsWindow
DestroyWindow
SendDlgItemMessageA
SetDlgItemTextW
CheckDlgButton
GetWindowTextLengthA
GetWindowTextA
IsDlgButtonChecked
GetDlgItem
GetClassInfoExA
UnregisterClassA
CharNextA
GetTopWindow
GetDoubleClickTime
GetDC
ReleaseDC
WindowFromPoint
WinHelpA
EnableMenuItem

gdi32

GetCurrentObject
GetTextExtentPoint32W
GetTextExtentPoint32A
DPtoLP
GetTextColor
GetBkMode
GetTextAlign
CreateRectRgn
GetClipRgn
CreatePen
SetBkColor
GetBkColor
CreatePalette
StartDocA
EndDoc
StrokePath
ExtCreatePen
SetTextColor
ExtTextOutW
ExtTextOutA
SelectClipRgn
IntersectClipRect
SetTextAlign
SetBkMode
EnumFontFamiliesA
GetObjectType
GetClipBox
GetSystemPaletteEntries
FillPath
Rectangle
LPtoDP
SetViewportOrgEx
BitBlt
CreateSolidBrush
CreateMetaFileA
SetWindowOrgEx
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPointA
SelectPalette
RealizePalette
CreateCompatibleDC
GetDeviceCaps
CreateDIBSection
DeleteDC
GetObjectA
SaveDC
RestoreDC
PolyBezierTo
BeginPath
SetPolyFillMode
MoveToEx
LineTo
EndPath
SelectClipPath
CreateCompatibleBitmap
GdiFlush
SetDIBitsToDevice
StretchDIBits
SelectObject
DeleteObject
StartPage
EndPage
GetStockObject

comdlg32

PrintDlgA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegCreateKeyA

ole32

CoFreeUnusedLibraries
CoUninitialize
CoInitialize
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CreateBindCtx

oleaut32

SysFreeString
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
SysAllocString
SysStringLen
LoadRegTypeLi
VariantClear
OleCreatePropertyFrame
VariantInit
SafeArrayUnlock
SafeArrayLock
SafeArrayCreateVector
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi

wsock32

setsockopt
gethostbyname
ioctlsocket
htons
htonl

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile

urlmon

RegisterBindStatusCallback
HlinkSimpleNavigateToMoniker
CreateURLMoniker

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 712KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 835KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cvery.comvb9144523534524/wjl/Form1.frm
.vbs
cvery.comvb9144523534524/wjl/Form1.frx
cvery.comvb9144523534524/wjl/Form1.log
cvery.comvb9144523534524/wjl/Form2.frm
.vbs
cvery.comvb9144523534524/wjl/Form2.log
cvery.comvb9144523534524/wjl/FrmAddorReSet.frm
cvery.comvb9144523534524/wjl/FrmFind.frm
.vbs
cvery.comvb9144523534524/wjl/FrmFind.frx
cvery.comvb9144523534524/wjl/FrmFind.log
cvery.comvb9144523534524/wjl/FrmFindEND.frm
.vbs
cvery.comvb9144523534524/wjl/FrmFindEND.frx
cvery.comvb9144523534524/wjl/FrmFindEND.log
cvery.comvb9144523534524/wjl/FrmFlash.frm
cvery.comvb9144523534524/wjl/FrmMain.frm
.vbs
cvery.comvb9144523534524/wjl/FrmMain.frx
cvery.comvb9144523534524/wjl/FrmMain.log
cvery.comvb9144523534524/wjl/FrmTem.frx
cvery.comvb9144523534524/wjl/FrmWish.frm
.vbs
cvery.comvb9144523534524/wjl/FrmWish.frx
cvery.comvb9144523534524/wjl/FrmWish.log
cvery.comvb9144523534524/wjl/Frmshan.frm
cvery.comvb9144523534524/wjl/Frmshan.frx
cvery.comvb9144523534524/wjl/GETDAY.mdb
cvery.comvb9144523534524/wjl/MSSCCPRJ.SCC
cvery.comvb9144523534524/wjl/ModAddOrRemake.bas
cvery.comvb9144523534524/wjl/ModDay.bas
.vbs
cvery.comvb9144523534524/wjl/ModOponDB.bas
.vbs
cvery.comvb9144523534524/wjl/Module1.bas
cvery.comvb9144523534524/wjl/Thumbs.db
cvery.comvb9144523534524/wjl/TipOfDay.txt
cvery.comvb9144523534524/wjl/UserControl1.ctl
cvery.comvb9144523534524/wjl/actskin4.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cvery.comvb9144523534524/wjl/actskin4.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

15100362091594109428136cc0ce5508

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

kernel32

WaitForSingleObject
CreateThread
GetVersion
GetModuleHandleA
SetFilePointer
WriteFile
DebugBreak
HeapReAlloc
HeapFree
ExitProcess
QueryPerformanceCounter
Sleep
HeapSize
QueryPerformanceFrequency
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStdHandle
GetTickCount
GetWindowsDirectoryA
CreateFileA
GetFileSize
ReadFile
CloseHandle
DeleteFileA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
RtlUnwind
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetProcAddress
lstrcatA
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
HeapCreate
GetSystemInfo
HeapAlloc
DisableThreadLibraryCalls
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetShortPathNameA
TerminateProcess
lstrlenA
MultiByteToWideChar
lstrlenW
GetStringTypeA
LCMapStringA
GetStringTypeW

user32

DestroyCaret
GetScrollInfo
TrackPopupMenu
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetMenuItemCount
GetMenuStringA
SetMenuItemInfoA
WindowFromDC
LoadImageA
GetWindowDC
PostMessageA
EnumThreadWindows
PeekMessageA
GetMessageA
DispatchMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadBitmapA
ShowWindow
SetFocus
GetDC
SetScrollInfo
SetWindowTextA
EnableWindow
GetSysColor
GetWindow
GetParent
CreateWindowExA
GetDesktopWindow
DrawTextA
SystemParametersInfoA
ClientToScreen
GetUpdateRgn
GetClassNameA
SendMessageA
GetCursorPos
GetWindowRect
GetWindowRgn
SetCapture
ReleaseCapture
GetWindowLongA
SetWindowLongA
RedrawWindow
BeginPaint
GetClientRect
EndPaint
ReleaseDC
IsWindowEnabled
InvalidateRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
IsWindow
DestroyWindow
GetFocus
IsChild
UnionRect
PtInRect
GetKeyState
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
IsRectEmpty
EnableMenuItem
SetMenu
GetMenuItemID
GetSubMenu
GetMenuState
GetActiveWindow
AdjustWindowRect
GetMenu
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
GetSystemMenu
UpdateWindow
GetIconInfo
CallWindowProcA
DrawIconEx
DefWindowProcA
LoadStringA
CharNextA
GetMenuItemInfoA

gdi32

RestoreDC
DeleteDC
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCA
BitBlt
SelectObject
CreateCompatibleDC
GetDeviceCaps
SelectClipRgn
GetCurrentObject
CreateFontIndirectA
GetClipBox
CreateDIBSection
ExtCreateRegion
GetRegionData
SetBkMode
GetStockObject
SetViewportOrgEx
SetTextColor
SetBkColor
CreateSolidBrush
RectInRegion
CombineRgn
OffsetRgn
CreateRectRgn
PtInRegion
DeleteObject
GetObjectA
CreateRectRgnIndirect

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteExA

ole32

OleLoadFromStream
OleSaveToStream
WriteClassStm
CreateOleAdviseHolder
OleRegGetMiscStatus
StringFromCLSID
ProgIDFromCLSID
OleRegGetUserType
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
StgCreateDocfile
StgOpenStorage
OleRegEnumVerbs

oleaut32

VariantChangeType
OleCreateFontIndirect
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
SysStringLen
SysAllocStringLen
VariantClear
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr
OleCreatePropertyFrame

comctl32

ImageList_Draw

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cvery.comvb9144523534524/wjl/frmAbout.frm
.vbs
cvery.comvb9144523534524/wjl/frmAbout.frx
cvery.comvb9144523534524/wjl/frmAbout.log
cvery.comvb9144523534524/wjl/frmAdd.frm
.vbs
cvery.comvb9144523534524/wjl/frmAdd.frx
cvery.comvb9144523534524/wjl/frmAdd.log
cvery.comvb9144523534524/wjl/frmTem.frm
cvery.comvb9144523534524/wjl/frmTip.frm
.vbs
cvery.comvb9144523534524/wjl/frmTip.frx
cvery.comvb9144523534524/wjl/frmTip.log
cvery.comvb9144523534524/wjl/frmguanyu.frm
cvery.comvb9144523534524/wjl/frmguanyu.frx
cvery.comvb9144523534524/wjl/frmguanyu.log
cvery.comvb9144523534524/wjl/green.skn
cvery.comvb9144523534524/wjl/guanggao.swf
cvery.comvb9144523534524/wjl/pictureCase.exp
cvery.comvb9144523534524/wjl/pictureCase.lib
cvery.comvb9144523534524/wjl/pictureCase.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

5cc573ef06b82a21b444056dcf849e7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaAptOffset
__vbaLateIdCall
__vbaStrVarMove
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cvery.comvb9144523534524/wjl/shuijingzhilian.skn
cvery.comvb9144523534524/wjl/t.xls
.xls windows office2003
cvery.comvb9144523534524/wjl/thth.bmp
cvery.comvb9144523534524/wjl/thth2.bmp
cvery.comvb9144523534524/wjl/ththqueren.bmp
cvery.comvb9144523534524/wjl/ththtishi.bmp
cvery.comvb9144523534524/wjl/ththwen.bmp
cvery.comvb9144523534524/wjl/wqd.jpg
.jpg
cvery.comvb9144523534524/wjl/关于.jpg
.jpg
cvery.comvb9144523534524/wjl/工程1.PDM
cvery.comvb9144523534524/wjl/工程1.vbp
cvery.comvb9144523534524/wjl/工程1.vbw
cvery.comvb9144523534524/wjl/工程2.exp
cvery.comvb9144523534524/wjl/工程2.lib
cvery.comvb9144523534524/wjl/工程2.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cvery.comvb9144523534524/wjl/工程2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

5cc573ef06b82a21b444056dcf849e7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaAptOffset
__vbaLateIdCall
__vbaStrVarMove
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cvery.comvb9144523534524/wjl/工程2.vbp
cvery.comvb9144523534524/wjl/工程2.vbw
cvery.comvb9144523534524/wjl/帮助/0108.gif
.gif
cvery.comvb9144523534524/wjl/帮助/1.htm
.html
cvery.comvb9144523534524/wjl/帮助/1.jpg
.jpg
cvery.comvb9144523534524/wjl/帮助/2.jpg
.jpg
cvery.comvb9144523534524/wjl/帮助/3.jpg
.jpg
cvery.comvb9144523534524/wjl/帮助/4.jpg
.jpg
cvery.comvb9144523534524/wjl/帮助/5.jpg
.jpg
cvery.comvb9144523534524/wjl/帮助/Form1.frm
cvery.comvb9144523534524/wjl/帮助/Hearts.ico
cvery.comvb9144523534524/wjl/帮助/MSSCCPRJ.SCC
cvery.comvb9144523534524/wjl/帮助/UntitledFrameset-10.htm
.html
cvery.comvb9144523534524/wjl/帮助/kaishi.htm
.js
cvery.comvb9144523534524/wjl/帮助/sdc.gif
.gif
cvery.comvb9144523534524/wjl/帮助/xi10.ani
cvery.comvb9144523534524/wjl/帮助/修改.htm
.html
cvery.comvb9144523534524/wjl/帮助/助手.htm
.html
cvery.comvb9144523534524/wjl/帮助/十分感.htm
.html
cvery.comvb9144523534524/wjl/帮助/工程1.vbp
cvery.comvb9144523534524/wjl/帮助/工程1.vbw
cvery.comvb9144523534524/wjl/帮助/更新.htm
.html
cvery.comvb9144523534524/wjl/帮助/未命名.bmp
cvery.comvb9144523534524/wjl/帮助/未命名.jpg
.jpg
cvery.comvb9144523534524/wjl/帮助/未标题-1 拷贝.jpg
.jpg
cvery.comvb9144523534524/wjl/帮助/查询.htm
.html
cvery.comvb9144523534524/wjl/帮助/添加.htm
.html
cvery.comvb9144523534524/wjl/帮助/皮肤.htm
.html
cvery.comvb9144523534524/wjl/组1.vbg
cvery.comvb9144523534524/wjl/闪屏.jpg
.jpg
cvery.comvb9144523534524/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 17KB - Virtual size: 20KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

1cd3d89be41dd651b02dd66afd312a7f

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

43:40:6a:a9:b8:2d:e8:7e:57:2c:9c:12:f9:52:c2:c1Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

winmm

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

wsock32

wininet

urlmon

Exports

Exports

Sections

.text Size: 712KB - Virtual size: 708KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 56KB - Virtual size: 835KB

.data1 Size: 4KB - Virtual size: 1KB

.CRT Size: 4KB - Virtual size: 4B

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 28KB - Virtual size: 24KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 95KB - Virtual size: 96KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

15100362091594109428136cc0ce5508

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 202KB

.rdata Size: 24KB - Virtual size: 22KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 17KB - Virtual size: 20KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

43:40:6a:a9:b8:2d:e8:7e:57:2c:9c:12:f9:52:c2:c1
Certificate

.text
Size: 712KB - Virtual size: 708KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 56KB - Virtual size: 835KB

.data1
Size: 4KB - Virtual size: 1KB

.CRT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 28KB - Virtual size: 24KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 95KB - Virtual size: 96KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 204KB - Virtual size: 202KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 32KB - Virtual size: 30KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 592B

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 14KB - Virtual size: 16KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 592B