73d9a8877d6fe443196dbe451d68e59b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

73d9a8877d6fe443196dbe451d68e59b_JaffaCakes118
Size

2.4MB
MD5

73d9a8877d6fe443196dbe451d68e59b
SHA1

8053bc1823435f03060068037ac671c28c87d146
SHA256

68300b25e7f3215eda0f0a956e85a5aa2c8ad82a8acc396d0b2e99b33f354815
SHA512

9bbd6f76ae36ad3006f885caf34cfaa7c76a0e58cd9ff88244ad143c9a24d60085bdc5f6e995f554fe3e0f9e2bd9a9416cee25d24561793481b7cd54856cc87d
SSDEEP

49152:OYPAb9zCmKnUuskZZUqdvI3uq6OzUzVTrZjMeCb+tmUBI4RYa:Te9zCZ3PZZUqdv6v6NTrZjM9b6BI4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Actbar2.oca
unpack001/GxswPrn.exe
unpack001/NOTEPAD.EXE
unpack001/printver.exe
unpack001/zt97i.exe

Files

73d9a8877d6fe443196dbe451d68e59b_JaffaCakes118
.rar
Actbar2.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Actbar2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

9e059facbda6a0cff185ded2cea7d4f7

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

13:71:11:27:e1:95:e8:a9:4d:4f:66:ef:c5:5f:73:22
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

25/07/2001, 00:00

Not After

25/07/2002, 23:59

Subject

CN=Data Dynamics\, Ltd.,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VeriSign\, Inc.,L=Internet+L=Columbus,ST=Ohio,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
UnhandledExceptionFilter
HeapSize
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
InterlockedDecrement
WideCharToMultiByte
lstrlenW
lstrlenA
GetTickCount
MultiByteToWideChar
GetCurrentThreadId
Sleep
HeapAlloc
CreateEventA
CloseHandle
WaitForSingleObject
GetLocalTime
SetEvent
HeapFree
HeapReAlloc
lstrcpyA
lstrcmpA
MulDiv
lstrcmpiA
lstrcatA
FreeResource
LockResource
LoadResource
FindResourceA
lstrcpynA
InitializeCriticalSection
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
GetCurrentProcess
TerminateProcess
ExitProcess
RaiseException
ExitThread
TlsSetValue
CreateThread
RtlUnwind
GetCommandLineA
GetModuleHandleA
GetDateFormatA
GetTimeFormatA
SetFilePointer
SetLastError
WaitForMultipleObjects
GetVersionExA
GetVersion
HeapDestroy
HeapCreate
GetTempPathA
GetTempFileNameA
DeleteFileA
CopyFileA
GlobalSize
GetLastError
FormatMessageA
LocalFree
GetWindowsDirectoryA
GetProfileIntA
SizeofResource
FlushFileBuffers
GetModuleFileNameA
CreateFileA
GetProcessHeap
GlobalFree
WriteFile
ReadFile
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
LeaveCriticalSection
LoadLibraryA
GetProcAddress
EnterCriticalSection
InterlockedIncrement

user32

SetForegroundWindow
DrawTextW
GetKeyNameTextA
MapVirtualKeyA
LoadStringA
DestroyIcon
CreateIconIndirect
GetMenuItemInfoA
GetSystemMenu
DrawIconEx
GetClassLongA
ChildWindowFromPoint
DefFrameProcA
SetMenu
EndDeferWindowPos
LoadImageA
CopyIcon
DestroyCursor
RegisterWindowMessageA
RegisterClipboardFormatA
MoveWindow
DialogBoxIndirectParamA
DialogBoxParamA
GetCursor
GetForegroundWindow
TranslateMessage
DeferWindowPos
LoadMenuA
GetSubMenu
DestroyMenu
TrackPopupMenu
GetDesktopWindow
DrawFocusRect
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextA
EndDialog
GetDlgItemTextA
MessageBeep
GetClassInfoA
GetDlgItem
GetWindowDC
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
SendDlgItemMessageA
GetWindow
GetWindowTextA
LoadIconA
GetIconInfo
GetClassNameA
wsprintfA
LoadBitmapA
CreateAcceleratorTableA
TileWindows
CascadeWindows
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
GetFocus
IsChild
IntersectRect
EqualRect
SetWindowRgn
BeginPaint
EndPaint
SetFocus
CreateWindowExA
SetParent
SetWindowLongA
DefWindowProcA
RegisterClassA
MapWindowPoints
ShowWindow
GetSystemMetrics
GetActiveWindow
DestroyAcceleratorTable
MessageBoxA
IsRectEmpty
EnableWindow
IsClipboardFormatAvailable
IsWindowVisible
IsWindowEnabled
VkKeyScanA
CharLowerA
CharUpperA
PeekMessageA
GetKeyboardLayout
WindowFromPoint
GetParent
GetDoubleClickTime
PostMessageA
DrawTextA
AdjustWindowRectEx
DrawCaption
SetActiveWindow
BeginDeferWindowPos
CallWindowProcA
GetTopWindow
SetRectEmpty
DestroyWindow
IsWindow
SetRect
OffsetRect
SendMessageA
GetWindowRect
SetWindowTextA
ReleaseDC
GetDC
GetWindowLongA
InflateRect
SetTimer
GetKeyState
SetCursor
SetCapture
LoadCursorA
GetCapture
GetMessageA
ReleaseCapture
DispatchMessageA
GetCursorPos
PtInRect
KillTimer
ClientToScreen
GetClientRect
InvalidateRect
ScreenToClient
SetWindowPos
UpdateWindow
FillRect
SystemParametersInfoA
GetSysColor
DrawEdge
DrawFrameControl

gdi32

RectVisible
SetBrushOrgEx
UnrealizeObject
PatBlt
CreateFontIndirectA
Rectangle
GetTextMetricsA
DeleteDC
SetMapMode
SetWindowOrgEx
LPtoDP
SetViewportOrgEx
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
CreatePatternBrush
GetClipBox
TextOutA
GetTextExtentPoint32W
GetTextExtentPoint32A
CreateBitmap
RealizePalette
SelectPalette
SetViewportExtEx
GetObjectA
StretchDIBits
SetStretchBltMode
CreatePalette
CreateDIBitmap
CreateHalftonePalette
GetDIBits
PtInRegion
CreatePolygonRgn
RoundRect
GetPixel
StretchBlt
GetPaletteEntries
SetRectRgn
SetMetaFileBitsEx
GetMetaFileBitsEx
IntersectClipRect
ExtTextOutW
CreateDCA
SetPixel
GetBrushOrgEx
ExtSelectClipRgn
GetTextColor
GetNearestColor
SetBkMode
SetTextColor
CreatePen
SetROP2
SelectObject
MoveToEx
LineTo
SetBkColor
ExtTextOutA
CreateSolidBrush
DeleteObject
BitBlt
CreateRectRgn
GetClipRgn
CreateRectRgnIndirect
CombineRgn
SetWindowExtEx
SelectClipRgn

advapi32

ReportEventA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegSetValueExA
RegEnumKeyExA
RegisterEventSourceA
RegCloseKey
DeregisterEventSource
RegDeleteKeyA
RegCreateKeyExA

shell32

DragQueryPoint
DragQueryFileA
DragAcceptFiles
ShellExecuteA

ole32

OleLoadFromStream
OleSaveToStream
WriteClassStm
GetHGlobalFromStream
StringFromGUID2
CreateBindCtx
CreateStreamOnHGlobal
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

OleTranslateColor
VariantInit
VariantClear
SysFreeString
VariantCopy
SysAllocString
SafeArrayUnaccessData
SafeArrayDestroyDescriptor
SafeArrayAccessData
SafeArrayCreate
VariantChangeType
OleCreatePropertyFrame
LoadRegTypeLi
SysAllocStringByteLen
OleCreateFontIndirect
SafeArrayAllocData
SafeArrayAllocDescriptor
RegisterTypeLi
LoadTypeLi
OleCreatePictureIndirect
OleLoadPicture
SetErrorInfo
CreateErrorInfo
SysAllocStringLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound

comctl32

CreatePropertySheetPageA
ImageList_Destroy
PropertySheetA
ord17

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GXSW.MDB
GXSWCONFIG.INI
GxswPrn.exe
.exe windows:4 windows x86 arch:x86

f4cb0bb9eb1df585cb768973e45e5a0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaResume
__vbaStrCat
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord599
ord520
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarAbs
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
ord560
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCastObjVar
ord566
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
ord310
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
ord573
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord689
__vbaVarCmpEq
ord610
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaVarCopy
__vbaFpI4
__vbaLateMemCallLd
ord617
_CIatan
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
ord650
_allmul
__vbaLateIdSt
__vbaLateMemCallSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MSSCCPRJ.SCC
Module1.bas
.vbs
NOTEPAD.EXE
.exe windows:1 windows x86 arch:x86

dc2c6adc3fa4ce31b0b70e2647dde75e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryFileA
ShellAboutA

kernel32

LocalLock
IsDBCSLeadByte
LocalReAlloc
LocalUnlock
_lclose
DeleteFileA
lstrcpynA
LocalAlloc
lstrlenA
GetProfileStringA
lstrcmpA
_llseek
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpiA
FindFirstFileA
FindClose
lstrcatA
GetLastError
CreateFileA
lstrcpyA
GetLocaleInfoA
GlobalFree
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
ExitProcess
_lopen
_lwrite
_lcreat
_lread

user32

TranslateAcceleratorA
GetWindowTextA
GetMessageA
SetWindowTextA
CheckMenuItem
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetSubMenu
GetMenu
LoadStringA
LoadAcceleratorsA
GetSystemMenu
RegisterWindowMessageA
SetWindowLongA
CreateWindowExA
LoadCursorA
RegisterClassExA
GetSystemMetrics
SetCursor
UpdateWindow
CharPrevA
GetClientRect
PeekMessageA
SetDlgItemTextA
TabbedTextOutA
CreateDialogParamA
EnableWindow
TranslateMessage
ReleaseDC
GetDC
SendDlgItemMessageA
GetDlgCtrlID
ChildWindowFromPoint
ScreenToClient
GetCursorPos
GetDlgItemTextA
wsprintfA
IsIconic
DestroyWindow
MessageBeep
MessageBoxA
DefWindowProcA
EnableMenuItem
GetLastActivePopup
ShowWindow
EndDialog
SetForegroundWindow
WinHelpA
LoadIconA
SendMessageA
GetFocus
PostMessageA
SetFocus
InvalidateRect
MoveWindow
CharNextA
DispatchMessageA
PostQuitMessage
IsDialogMessageA

gdi32

CreateDCA
SelectObject
DeleteObject
GetStockObject
DeleteDC
AbortDoc
EndPage
StartPage
StartDocA
SetAbortProc
GetTextExtentPointA
GetDeviceCaps
CreateFontA
GetTextMetricsA
SetBkMode
SetMapMode
LPtoDP
SetWindowExtEx
SetViewportExtEx
EndDoc
GetTextCharset

comdlg32

GetSaveFileNameA
PageSetupDlgA
FindTextA
GetOpenFileNameA
GetFileTitleA
CommDlgExtendedError

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PRNDB.mdb
Software.dll
Zt97Tmp.mdb
flzl.xlt
.xls .xlt windows office2003
frmAbout.frm
.vbs
frmAbout.frx
frmfl.frm
frmfl.frx
frmfp.frm
.vbs
frmmain.frx
frmns.frm
frmns.frx
frmoption.frx
frmqy.frm
.vbs
frmqy.frx
frmqyxx.frm
.vbs
frmqyxx.frx
frmregedit.frm
frmsysyb.frm
.vbs
frmsysyb.frx
frmyjzzs.frm
.vbs
frmyjzzs.frx
frmzcgy.frm
.vbs
frmzcgy.frx
frmzcsy.frm
.vbs
frmzcsy.frx
gong01.xlt
.xls .xlt windows office2003
gong02.xlt
.xls .xlt windows office2003
gongsyb.frm
.vbs
gongsyb.frx
gxswback.bmp
gxswback11.bmp
gxswback11.jpg
.jpg
kyfp.xlt
.xls .xlt windows office2003
nssb.xlt
.xls .xlt windows office2003
printver.exe
.exe windows:4 windows x86 arch:x86

09dfaa7e94a731fa87f00dae494e23e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaResume
__vbaStrCat
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord599
ord520
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarAbs
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
ord560
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCastObjVar
ord566
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
ord310
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
ord573
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord689
__vbaVarCmpEq
ord610
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaVarCopy
__vbaFpI4
__vbaLateMemCallLd
ord617
_CIatan
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
ord650
_allmul
__vbaLateIdSt
__vbaLateMemCallSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
shang01.xlt
.xls .xlt windows office2003
shang02.xlt
.xls .xlt windows office2003
yjzzs.xlt
.xls .xlt windows office2003
zt97i.exe
.exe windows:4 windows x86 arch:x86

c4ecc20029197637ab5327ef4b7469e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
ord690
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaVarCat
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord689
__vbaVarDup
__vbaFreeVarg
ord617
_CIatan
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
下载说明.htm
.html .js polyglot
代理版报表打印.PDM
代理版报表打印.vbp
代理版报表打印.vbw
安装说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 98KB - Virtual size: 100KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

9e059facbda6a0cff185ded2cea7d4f7

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

13:71:11:27:e1:95:e8:a9:4d:4f:66:ef:c5:5f:73:22Certificate

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: 564KB - Virtual size: 563KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 20KB - Virtual size: 27KB

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 39KB - Virtual size: 39KB

f4cb0bb9eb1df585cb768973e45e5a0c

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 4KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 1KB

dc2c6adc3fa4ce31b0b70e2647dde75e

Headers

File Characteristics

Imports

shell32

kernel32

user32

gdi32

comdlg32

Sections

.text Size: 15KB - Virtual size: 14KB

.bss Size: - Virtual size: 1KB

.data Size: 1024B - Virtual size: 530B

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 52KB - Virtual size: 68KB

09dfaa7e94a731fa87f00dae494e23e2

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 4KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 1KB

c4ecc20029197637ab5327ef4b7469e2

Headers

File Characteristics

Imports

msvbvm60

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 98KB - Virtual size: 100KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

13:71:11:27:e1:95:e8:a9:4d:4f:66:ef:c5:5f:73:22
Certificate

.text
Size: 564KB - Virtual size: 563KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 20KB - Virtual size: 27KB

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 39KB - Virtual size: 39KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 4KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 530B

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 52KB - Virtual size: 68KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 4KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 52KB - Virtual size: 68KB