66f29a0480c29c2d9580776ba4dfa405_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

66f29a0480c29c2d9580776ba4dfa405_JaffaCakes118
Size

2.5MB
MD5

66f29a0480c29c2d9580776ba4dfa405
SHA1

db702db947a1ec18a4e59960612d257a317e8fac
SHA256

2a7394932582e1af38c54dfccfc3ed428fc1733550ba4b6f4815d0c1dab19839
SHA512

85a4a44ce38e34c7aad9bb1d98f3169062484cb0ae38a655917acf82a8afc52398b7bdc1e88a3557562a61019cd9c0a9e0ed0617744d5ebf499bc6356ac39251
SSDEEP

49152:J6fXaKHH/vzaepLuNexJHUSX8ahvUbqIsFZx2SAvmIx2fPu+xX6b+PvS7RFQdj:JQaKHHHzaepLWx5ahvgdsFDE9xuPN/PD

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/950592246/安装包/Setup.exe
unpack001/950592246/源文件/BookSystem.exe
unpack001/950592246/源文件/welcome.exe
unpack001/950592246/源文件/控件/Command.ocx
unpack001/950592246/源文件/控件/CommandSCE.ocx
unpack001/950592246/源文件/控件/VsNetMenu.ocx
unpack001/950592246/源文件/控件/XPHScroll.ocx
unpack001/950592246/源文件/控件/XPVScroll.ocx
unpack001/950592246/源文件/控件/kcyXpControls.ocx
unpack001/950592246/源文件/控件/拖鞋树REALONE风格垂直滚动条.ocx
unpack001/950592246/源文件/控件/拖鞋树REALONE风格水平滚动条.ocx
unpack001/950592246/源文件/控件/拖鞋树XPForm.ocx

Files

66f29a0480c29c2d9580776ba4dfa405_JaffaCakes118
.rar
950592246/下载说明.htm
.html .js polyglot
950592246/安装包/Setup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 410KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
950592246/源文件/AEditBookId.frm
950592246/源文件/AEditBookId.frx
950592246/源文件/Aboutfrm.frm
950592246/源文件/Aboutfrm.frx
950592246/源文件/AddEditBookId.frm
.vbs
950592246/源文件/AddEditBookId.frx
950592246/源文件/AddNewBook.frm
.vbs
950592246/源文件/AddNewBook.frx
950592246/源文件/BookSystem.PDM
950592246/源文件/BookSystem.exe
.exe windows:4 windows x86 arch:x86

cf2c287379e0daa4a178d9c1634596ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
ord660
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaVarForInit
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
__vbaFpR8
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaPutOwner4
__vbaObjVar
__vbaI2I4
__vbaCastObjVar
__vbaStrR4
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
ord610
__vbaVarAdd
__vbaVarDup
__vbaFpI2
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 544KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
950592246/源文件/BookSystem.vbp
950592246/源文件/BookSystem.vbw
950592246/源文件/Data.mdb
950592246/源文件/DataBase/Data.mdb
950592246/源文件/DataBase/Set.Dat
950592246/源文件/DataBase/Thumbs.db
950592246/源文件/EditBook.frm
.vbs
950592246/源文件/EditBook.frx
950592246/源文件/EditBookId.frm
.vbs
950592246/源文件/EditBookId.frx
950592246/源文件/Findfrm.frm
.vbs
950592246/源文件/Findfrm.frx
950592246/源文件/LentLogin.frm
.vbs
950592246/源文件/LentLogin.frx
950592246/源文件/Lentfrm.frm
.vbs
950592246/源文件/Lentfrm.frx
950592246/源文件/LoginSys.frm
.vbs
950592246/源文件/LoginSys.frx
950592246/源文件/MSSCCPRJ.SCC
950592246/源文件/Main.frm
.vbs
950592246/源文件/Main.frx
950592246/源文件/Module1.bas
950592246/源文件/SearchId.frm
.vbs
950592246/源文件/SearchId.frx
950592246/源文件/SearchNum.frm
.vbs
950592246/源文件/SearchNum.frx
950592246/源文件/SetPer.frm
.vbs
950592246/源文件/SetPer.frx
950592246/源文件/SetType.frm
.vbs
950592246/源文件/SetType.frx
950592246/源文件/Setfrm.frx
950592246/源文件/Thumbs.db
950592246/源文件/VB10E.tmp
.vbs
950592246/源文件/pass.txt
950592246/源文件/setfrm.frm
950592246/源文件/welcome.exe
.exe windows:4 windows x86 arch:x86

54e0079691529009a3561bd00e922670

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
950592246/源文件/welcome.frm
950592246/源文件/welcome.frx
950592246/源文件/welcome.vbp
950592246/源文件/welcome.vbw
950592246/源文件/控件/Command.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

9c37d3a9448c3699ad996f7b540eb577

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVerifyVarObj
__vbaFpI2
__vbaFpI4
ord616
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
ord618
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
950592246/源文件/控件/CommandSCE.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

2629c6552814802a02a44565f882745a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVerifyVarObj
__vbaFpI2
ord616
__vbaFpI4
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
ord618
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
950592246/源文件/控件/VsNetMenu.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

4d6bb0a9d0116146606a0451f5ad0d1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
MethCallEngine
EVENT_SINK_Invoke
ord516
ord556
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord593
ord594
ord595
ord520
ord525
ord632
EVENT_SINK_AddRef
ord528
ord562
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord607
ord608
ord717
ord319
ProcCallEngine
ord644
ord573
EVENT_SINK2_AddRef
ord681
ord685
ord101
ord102
ord103
ord689
ord104
ord610
ord105
ord320
ord321
ord614
ord616
ord617
ord619
ord652
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
950592246/源文件/控件/XPHScroll.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

db4b42fd7e126f2e029581bcb6630b53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarCmpGe
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR4
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
__vbaR4Var
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaVarCmpLe
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaFpI2
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
950592246/源文件/控件/XPVScroll.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

db4b42fd7e126f2e029581bcb6630b53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarCmpGe
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR4
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
__vbaR4Var
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaVarCmpLe
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaFpI2
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
950592246/源文件/控件/kcyXpControls.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

521bf9b9de6e65deecf375da71a89852

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaAptOffset
__vbaVarIdiv
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaStrCat
__vbaForEachCollAd
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
ord592
__vbaExitProc
ord300
ord301
ord595
__vbaObjSet
__vbaOnError
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord305
__vbaFpR4
ord599
ord306
ord520
__vbaBoolVar
ord307
ord309
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
__vbaErase
ord632
__vbaVarCmpGt
__vbaLateMemStAd
__vbaChkstk
__vbaCyVar
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaExitEachColl
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner3
__vbaPrintObj
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaR4Cy
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord313
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
ord608
__vbaVarCmpLe
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaVar2Vec
ord648
__vbaInStr
__vbaNew2
__vbaCyMulI2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaI4Str
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord610
ord105
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVerifyVarObj
__vbaFpI2
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
__vbaRecDestructAnsi
__vbaR8IntI2
ord617
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
ord619
__vbaR8IntI4
__vbaStrVarCopy
ord650
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
950592246/源文件/控件/拖鞋树REALONE风格垂直滚动条.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

45f6859b566a457788930044e8ac1471

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR4
__vbaBoolVar
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord681
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaFpI4
__vbaVarCopy
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
950592246/源文件/控件/拖鞋树REALONE风格水平滚动条.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

45f6859b566a457788930044e8ac1471

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR4
__vbaBoolVar
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord681
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaFpI4
__vbaVarCopy
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
950592246/源文件/控件/拖鞋树XPForm.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

57ac2cb9ff53618955bf6b0bc304b298

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord588
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
__vbaVarLateMemSt
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
ord681
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaLateMemCall
__vbaVarCopy
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
950592246/源文件/注册.bat

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 410KB - Virtual size: 1.1MB

DATA Size: 5KB - Virtual size: 16KB

BSS Size: - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 76KB

.rsrc Size: 32KB - Virtual size: 128KB

.aspack Size: 13KB - Virtual size: 16KB

.rsrc Size: - Virtual size: 4KB

cf2c287379e0daa4a178d9c1634596ac

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 544KB - Virtual size: 540KB

.data Size: 4KB - Virtual size: 30KB

.rsrc Size: 32KB - Virtual size: 30KB

54e0079691529009a3561bd00e922670

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 252KB - Virtual size: 250KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 32KB - Virtual size: 30KB

9c37d3a9448c3699ad996f7b540eb577

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 7KB

2629c6552814802a02a44565f882745a

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 104KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

4d6bb0a9d0116146606a0451f5ad0d1e

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 158KB

.data Size: - Virtual size: 11KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 12KB - Virtual size: 8KB

db4b42fd7e126f2e029581bcb6630b53

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

CODE
Size: 410KB - Virtual size: 1.1MB

DATA
Size: 5KB - Virtual size: 16KB

BSS
Size: - Virtual size: 12KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 76KB

.rsrc
Size: 32KB - Virtual size: 128KB

.aspack
Size: 13KB - Virtual size: 16KB

.rsrc
Size: - Virtual size: 4KB

.text
Size: 544KB - Virtual size: 540KB

.data
Size: 4KB - Virtual size: 30KB

.rsrc
Size: 32KB - Virtual size: 30KB

.text
Size: 252KB - Virtual size: 250KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 32KB - Virtual size: 30KB

.text
Size: 116KB - Virtual size: 113KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 108KB - Virtual size: 104KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 160KB - Virtual size: 158KB

.data
Size: - Virtual size: 11KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 36KB - Virtual size: 34KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 4KB - Virtual size: 49KB

.rsrc
Size: 196KB - Virtual size: 194KB

.reloc
Size: 64KB - Virtual size: 60KB

.text
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 124KB - Virtual size: 122KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 4KB