a2f731f7bf2928169904149d72ca641c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2f731f7bf2928169904149d72ca641c_JaffaCakes118
Size

4.3MB
MD5

a2f731f7bf2928169904149d72ca641c
SHA1

b3bf5f0e389e4fc97d3bfe2c489dbc91803674e5
SHA256

5a5afdf36da08e761ab938e77d182c310c25c5508b79072838aa94bf84fafead
SHA512

e9576111cea59499d388d42be45c49e70db2145190c8aceb7b06dbc0bb88caf81d4b4191782a19ded4ed0454a689c26cb460651f0a158f002d4833a8adcda7e2
SSDEEP

98304:68PYfDoMk0GtTHHI52LpvcCVrVprZ98rTU/Vw3CSteR5dZXIEwAJOv:68PYfDooGhnI52Lpcarz198y1HXLJc

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ZHANYING/CLAC.exe
unpack001/ZHANYING/NOTEPAD.EXE
unpack001/ZHANYING/ZK.exe

Files

a2f731f7bf2928169904149d72ca641c_JaffaCakes118
.rar
ZHANYING/A3TK.dwg
ZHANYING/A4TK.dwg
ZHANYING/BK.txt
ZHANYING/BMP/+0.BMP
ZHANYING/BMP/+1.BMP
ZHANYING/BMP/+2.BMP
ZHANYING/BMP/+3.BMP
ZHANYING/BMP/+BB.BMP
ZHANYING/BMP/+BE.BMP
ZHANYING/BMP/+BP.BMP
ZHANYING/BMP/+CB.BMP
ZHANYING/BMP/+CC.BMP
ZHANYING/BMP/+CE.BMP
ZHANYING/BMP/+DB.BMP
ZHANYING/BMP/+DBX.BMP
ZHANYING/BMP/+DD.BMP
ZHANYING/BMP/+DE.BMP
ZHANYING/BMP/+DH.BMP
ZHANYING/BMP/+DI.BMP
ZHANYING/BMP/+DP.BMP
ZHANYING/BMP/+DPX.BMP
ZHANYING/BMP/+FO.BMP
ZHANYING/BMP/+HH.BMP
ZHANYING/BMP/+HI.BMP
ZHANYING/BMP/+HP.BMP
ZHANYING/BMP/+OB.BMP
ZHANYING/BMP/+OP.BMP
ZHANYING/BMP/+OPX.BMP
ZHANYING/BMP/+PP.BMP
ZHANYING/BMP/+PPX.BMP
ZHANYING/BMP/+SB.BMP
ZHANYING/BMP/+SP.BMP
ZHANYING/BMP/+SPX.BMP
ZHANYING/BMP/+TE.BMP
ZHANYING/BMP/+UD.BMP
ZHANYING/BMP/+UDX.BMP
ZHANYING/BMP/+UE.BMP
ZHANYING/BMP/+ZK.BMP
ZHANYING/BMP/-0.BMP
ZHANYING/BMP/-1.BMP
ZHANYING/BMP/-2.BMP
ZHANYING/BMP/-3.BMP
ZHANYING/BMP/-BB.BMP
ZHANYING/BMP/-BE.BMP
ZHANYING/BMP/-BP.BMP
ZHANYING/BMP/-CB.BMP
ZHANYING/BMP/-CC.BMP
ZHANYING/BMP/-CE.BMP
ZHANYING/BMP/-DB.BMP
ZHANYING/BMP/-DBX.BMP
ZHANYING/BMP/-DD.BMP
ZHANYING/BMP/-DE.BMP
ZHANYING/BMP/-DH.BMP
ZHANYING/BMP/-DI.BMP
ZHANYING/BMP/-DP.BMP
ZHANYING/BMP/-DPX.BMP
ZHANYING/BMP/-FO.BMP
ZHANYING/BMP/-HH.BMP
ZHANYING/BMP/-HI.BMP
ZHANYING/BMP/-HP.BMP
ZHANYING/BMP/-OB.BMP
ZHANYING/BMP/-OP.BMP
ZHANYING/BMP/-OPX.BMP
ZHANYING/BMP/-PP.BMP
ZHANYING/BMP/-PPX.BMP
ZHANYING/BMP/-SB.BMP
ZHANYING/BMP/-SP.BMP
ZHANYING/BMP/-SPX.BMP
ZHANYING/BMP/-TE.BMP
ZHANYING/BMP/-UD.BMP
ZHANYING/BMP/-UDX.BMP
ZHANYING/BMP/-UE.BMP
ZHANYING/BMP/-ZK.BMP
ZHANYING/BMP/00.BMP
ZHANYING/BMP/11.BMP
ZHANYING/BMP/22.BMP
ZHANYING/BMP/2T1.BMP
ZHANYING/BMP/33.BMP
ZHANYING/BMP/AC.BMP
ZHANYING/BMP/AD.BMP
ZHANYING/BMP/APL.BMP
ZHANYING/BMP/ATC.BMP
ZHANYING/BMP/BB.BMP
ZHANYING/BMP/BC.BMP
ZHANYING/BMP/BD.BMP
ZHANYING/BMP/BE.BMP
ZHANYING/BMP/BJ.BMP
ZHANYING/BMP/BP.BMP
ZHANYING/BMP/BPK.BMP
ZHANYING/BMP/BS.BMP
ZHANYING/BMP/BT.BMP
ZHANYING/BMP/BZ1.BMP
ZHANYING/BMP/CB.BMP
ZHANYING/BMP/CC.BMP
ZHANYING/BMP/CD.BMP
ZHANYING/BMP/CE.BMP
ZHANYING/BMP/CGC.BMP
ZHANYING/BMP/CH1.BMP
ZHANYING/BMP/CH2.BMP
ZHANYING/BMP/CK.BMP
ZHANYING/BMP/CS.BMP
ZHANYING/BMP/CSK.BMP
ZHANYING/BMP/CST.BMP
ZHANYING/BMP/CY.BMP
ZHANYING/BMP/CZ.BMP
ZHANYING/BMP/DB.BMP
ZHANYING/BMP/DBX.BMP
ZHANYING/BMP/DD.BMP
ZHANYING/BMP/DE.bmp
ZHANYING/BMP/DE1.BMP
ZHANYING/BMP/DF.BMP
ZHANYING/BMP/DG.BMP
ZHANYING/BMP/DH.BMP
ZHANYING/BMP/DI.BMP
ZHANYING/BMP/DJ.BMP
ZHANYING/BMP/DJH.BMP
ZHANYING/BMP/DL.BMP
ZHANYING/BMP/DM.BMP
ZHANYING/BMP/DP.BMP
ZHANYING/BMP/DPX.BMP
ZHANYING/BMP/DQ.BMP
ZHANYING/BMP/DX.BMP
ZHANYING/BMP/DZ.BMP
ZHANYING/BMP/DZG.BMP
ZHANYING/BMP/DZP.BMP
ZHANYING/BMP/DZS.BMP
ZHANYING/BMP/FB.BMP
ZHANYING/BMP/FD.BMP
ZHANYING/BMP/FM.BMP
ZHANYING/BMP/FO.BMP
ZHANYING/BMP/FT.BMP
ZHANYING/BMP/FW.BMP
ZHANYING/BMP/FX.BMP
ZHANYING/BMP/FXC.BMP
ZHANYING/BMP/GA.BMP
ZHANYING/BMP/GB.BMP
ZHANYING/BMP/GC.BMP
ZHANYING/BMP/GCL.BMP
ZHANYING/BMP/GCT.BMP
ZHANYING/BMP/GDM.BMP
ZHANYING/BMP/GJ.BMP
ZHANYING/BMP/GK.BMP
ZHANYING/BMP/GKY.BMP
ZHANYING/BMP/GTW.BMP
ZHANYING/BMP/HC.BMP
ZHANYING/BMP/HH.BMP
ZHANYING/BMP/HI.BMP
ZHANYING/BMP/HM.BMP
ZHANYING/BMP/HP.BMP
ZHANYING/BMP/HY.BMP
ZHANYING/BMP/HYK.BMP
ZHANYING/BMP/JDK.BMP
ZHANYING/BMP/JH.BMP
ZHANYING/BMP/JL.BMP
ZHANYING/BMP/KCK.BMP
ZHANYING/BMP/KG.BMP
ZHANYING/BMP/KH.BMP
ZHANYING/BMP/LB.BMP
ZHANYING/BMP/LC.BMP
ZHANYING/BMP/LJK.BMP
ZHANYING/BMP/MB.BMP
ZHANYING/BMP/MD.BMP
ZHANYING/BMP/MXB.BMP
ZHANYING/BMP/MZ.BMP
ZHANYING/BMP/N.BMP
ZHANYING/BMP/OB.BMP
ZHANYING/BMP/OP.BMP
ZHANYING/BMP/OPX.BMP
ZHANYING/BMP/PP.BMP
ZHANYING/BMP/PPX.BMP
ZHANYING/BMP/Q.BMP
ZHANYING/BMP/QA.BMP
ZHANYING/BMP/QB.BMP
ZHANYING/BMP/QC.BMP
ZHANYING/BMP/QD.BMP
ZHANYING/BMP/QH.BMP
ZHANYING/BMP/QJJ.BMP
ZHANYING/BMP/QQ.BMP
ZHANYING/BMP/QW.BMP
ZHANYING/BMP/RC.BMP
ZHANYING/BMP/RG.BMP
ZHANYING/BMP/RQ.BMP
ZHANYING/BMP/RZ.BMP
ZHANYING/BMP/SB.BMP
ZHANYING/BMP/SBK.BMP
ZHANYING/BMP/SF.BMP
ZHANYING/BMP/SJ.BMP
ZHANYING/BMP/SM.BMP
ZHANYING/BMP/SP.BMP
ZHANYING/BMP/SPX.BMP
ZHANYING/BMP/TC.BMP
ZHANYING/BMP/TD.BMP
ZHANYING/BMP/TE.BMP
ZHANYING/BMP/TK.BMP
ZHANYING/BMP/TT.BMP
ZHANYING/BMP/Thumbs.db
ZHANYING/BMP/UD.BMP
ZHANYING/BMP/UDX.BMP
ZHANYING/BMP/UE.BMP
ZHANYING/BMP/W1.BMP
ZHANYING/BMP/W2.BMP
ZHANYING/BMP/W3.BMP
ZHANYING/BMP/WW.BMP
ZHANYING/BMP/XDC.BMP
ZHANYING/BMP/XHQ.BMP
ZHANYING/BMP/XI.BMP
ZHANYING/BMP/XM.BMP
ZHANYING/BMP/XX.BMP
ZHANYING/BMP/XY.BMP
ZHANYING/BMP/XYK.BMP
ZHANYING/BMP/YC.BMP
ZHANYING/BMP/YH.BMP
ZHANYING/BMP/YK.BMP
ZHANYING/BMP/YS.BMP
ZHANYING/BMP/YY.BMP
ZHANYING/BMP/YZ.BMP
ZHANYING/BMP/ZB.BMP
ZHANYING/BMP/ZDB.BMP
ZHANYING/BMP/ZDY.BMP
ZHANYING/BMP/ZG.BMP
ZHANYING/BMP/ZH.BMP
ZHANYING/BMP/ZJ.BMP
ZHANYING/BMP/ZK.BMP
ZHANYING/BMP/ZT.BMP
ZHANYING/BMP/ZX.BMP
ZHANYING/BMP/ZZ.BMP
ZHANYING/BMP/ZZY.BMP
ZHANYING/BS1.DWG
ZHANYING/CK.txt
ZHANYING/CLAC.exe
.exe windows:4 windows x86 arch:x86

11649e225022e86f9adbebe5b5766305

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
ord583
__vbaStrI2
ord584
_CIcos
_adj_fptan
ord585
__vbaVarMove
ord586
ord587
__vbaFreeVar
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaI2Abs
__vbaStrCat
__vbaVarCmpNe
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarCmpGe
__vbaExitProc
ord593
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFPFix
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
ord561
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaStrR4
_adj_fpatan
__vbaStrR8
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaStrUI1
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord714
__vbaVarDiv
__vbaI2Str
__vbaR8ErrVar
ord608
__vbaVarCmpLe
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
ord575
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord100
__vbaVarCmpEq
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord614
ord617
_CIatan
__vbaStrMove
__vbaUI1Str
ord619
ord650
_allmul
_CItan
__vbaFPInt
__vbaFpCSngR8
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZHANYING/DATA/A/0350x0250.dwg
ZHANYING/DATA/A/0450x0250.dwg
ZHANYING/DATA/A/0450x0350.dwg
ZHANYING/DATA/A/0550x0300.dwg
ZHANYING/DATA/A/0550x0400.dwg
ZHANYING/DATA/A/0600x0450.dwg
ZHANYING/DATA/A/0700x0300.dwg
ZHANYING/DATA/A/0700x0400.dwg
ZHANYING/DATA/A/0700x0500.dwg
ZHANYING/DATA/A/0800x0350.dwg
ZHANYING/DATA/A/0800x0500.dwg
ZHANYING/DATA/A/0800x0600.dwg
ZHANYING/DATA/A/0900x0350.dwg
ZHANYING/DATA/A/0900x0500.dwg
ZHANYING/DATA/A/0900x0650.dwg
ZHANYING/DATA/A/1000x0350.dwg
ZHANYING/DATA/A/1000x0550.dwg
ZHANYING/DATA/A/1000x0700.dwg
ZHANYING/DATA/A/1160X0900.dwg
ZHANYING/DATA/A/1160X1000.dwg
ZHANYING/DATA/A/1160x0350.dwg
ZHANYING/DATA/A/1160x0550.dwg
ZHANYING/DATA/A/1160x0700.dwg
ZHANYING/DATA/A/1460X0900.dwg
ZHANYING/DATA/A/1460X1000.dwg
ZHANYING/DATA/A/1460x0350.dwg
ZHANYING/DATA/A/1460x0550.dwg
ZHANYING/DATA/A/1460x0700.dwg
ZHANYING/DATA/A/1760X0900.dwg
ZHANYING/DATA/A/1760X1000.dwg
ZHANYING/DATA/A/1760x0350.dwg
ZHANYING/DATA/A/1760x0550.dwg
ZHANYING/DATA/A/1760x0700.dwg
ZHANYING/DATA/B/0350x0250.dwg
ZHANYING/DATA/B/0450x0250.dwg
ZHANYING/DATA/B/0450x0350.dwg
ZHANYING/DATA/B/0550x0300.dwg
ZHANYING/DATA/B/0550x0400.dwg
ZHANYING/DATA/B/0600x0450.dwg
ZHANYING/DATA/B/0700x0300.dwg
ZHANYING/DATA/B/0700x0400.dwg
ZHANYING/DATA/B/0700x0500.dwg
ZHANYING/DATA/BB/100x100.dwg
ZHANYING/DATA/BB/100x125.dwg
ZHANYING/DATA/BB/100x150.dwg
ZHANYING/DATA/BB/100x80.dwg
ZHANYING/DATA/BB/125x100.dwg
ZHANYING/DATA/BB/125x125.dwg
ZHANYING/DATA/BB/125x80.dwg
ZHANYING/DATA/BB/150x100.dwg
ZHANYING/DATA/BB/150x125.dwg
ZHANYING/DATA/BB/150x150.dwg
ZHANYING/DATA/BB/150x180.dwg
ZHANYING/DATA/BB/180x125.dwg
ZHANYING/DATA/BB/180x150.dwg
ZHANYING/DATA/BB/180x180.dwg
ZHANYING/DATA/BB/210x100.dwg
ZHANYING/DATA/BB/210x125.dwg
ZHANYING/DATA/BB/210x150.dwg
ZHANYING/DATA/BB/210x180.dwg
ZHANYING/DATA/BB/210x210.dwg
ZHANYING/DATA/BB/250x125.dwg
ZHANYING/DATA/BB/250x150.dwg
ZHANYING/DATA/BB/250x180.dwg
ZHANYING/DATA/BB/250x210.dwg
ZHANYING/DATA/BB/250x250.dwg
ZHANYING/DATA/BB/60x60.dwg
ZHANYING/DATA/BB/80x100.dwg
ZHANYING/DATA/BB/80x60.dwg
ZHANYING/DATA/BB/80x80.dwg
ZHANYING/DATA/C/0350x0250.dwg
ZHANYING/DATA/C/0450x0250.dwg
ZHANYING/DATA/C/0450x0350.dwg
ZHANYING/DATA/C/0550x0300.dwg
ZHANYING/DATA/C/0550x0400.dwg
ZHANYING/DATA/C/0600x0450.dwg
ZHANYING/DATA/C/0700x0300.dwg
ZHANYING/DATA/C/0700x0400.dwg
ZHANYING/DATA/C/0700x0500.dwg
ZHANYING/DATA/C/0800x0350.dwg
ZHANYING/DATA/C/0800x0500.dwg
ZHANYING/DATA/C/0800x0600.dwg
ZHANYING/DATA/C/0900x0350.dwg
ZHANYING/DATA/C/0900x0500.dwg
ZHANYING/DATA/C/0900x0650.dwg
ZHANYING/DATA/C/1000x0350.dwg
ZHANYING/DATA/C/1000x0550.dwg
ZHANYING/DATA/C/1000x0700.dwg
ZHANYING/DATA/C/1160X0350.dwg
ZHANYING/DATA/C/1160X0550.dwg
ZHANYING/DATA/C/1160X0700.dwg
ZHANYING/DATA/C/1160X0900.dwg
ZHANYING/DATA/C/1160X1000.dwg
ZHANYING/DATA/C/1460X0350.dwg
ZHANYING/DATA/C/1460X0550.dwg
ZHANYING/DATA/C/1460X0700.dwg
ZHANYING/DATA/C/1460X0900.dwg
ZHANYING/DATA/C/1460X1000.dwg
ZHANYING/DATA/C/1760X0350.dwg
ZHANYING/DATA/C/1760X0550.dwg
ZHANYING/DATA/C/1760X0700.dwg
ZHANYING/DATA/C/1760X0900.dwg
ZHANYING/DATA/C/1760X1000.dwg
ZHANYING/DATA/DCJT/110T.dwg
ZHANYING/DATA/DCJT/150T.dwg
ZHANYING/DATA/DCJT/160T.dwg
ZHANYING/DATA/DCJT/200T.dwg
ZHANYING/DATA/DCJT/250T.dwg
ZHANYING/DATA/DCJT/300T.dwg
ZHANYING/DATA/DCJT/35T.dwg
ZHANYING/DATA/DCJT/400T.dwg
ZHANYING/DATA/DCJT/45T.dwg
ZHANYING/DATA/DCJT/60T.dwg
ZHANYING/DATA/DCJT/80T.dwg
ZHANYING/DATA/KJZM/CK-A.dwg
ZHANYING/DATA/KJZM/CK-B.dwg
ZHANYING/DATA/KJZM/CK-C.dwg
ZHANYING/DATA/KJZM/DZ-A.dwg
ZHANYING/DATA/KJZM/FH-A.dwg
ZHANYING/DATA/KJZM/FH-B.dwg
ZHANYING/DATA/KJZM/FHLS-A.dwg
ZHANYING/DATA/KJZM/GJM-A.dwg
ZHANYING/DATA/KJZM/MY-A.dwg
ZHANYING/DATA/KJZM/UZ-A.dwg
ZHANYING/DATA/KJZM/VZ-A.dwg
ZHANYING/DATA/KJZM/VZ-B.dwg
ZHANYING/LJWZ.dwg
ZHANYING/M10ZDPK.dwg
ZHANYING/M12ZDPK.dwg
ZHANYING/M14ZDPK.dwg
ZHANYING/M16ZDPK.dwg
ZHANYING/M18ZDPK.dwg
ZHANYING/M20ZDPK.dwg
ZHANYING/M22ZDPK.dwg
ZHANYING/M8ZDPK.dwg
ZHANYING/MBQD.dwg
ZHANYING/NOTEPAD.EXE
.exe windows:5 windows x86 arch:x86

419c3fe8c1eefea9336b96f74f0951dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

notepad.pdb

Imports

comdlg32

PageSetupDlgW
FindTextW
PrintDlgExW
ChooseFontW
GetFileTitleW
GetOpenFileNameW
ReplaceTextW
CommDlgExtendedError
GetSaveFileNameW

shell32

DragFinish
DragQueryFileW
DragAcceptFiles
ShellAboutW

winspool.drv

GetPrinterDriverW
ClosePrinter
OpenPrinterW

comctl32

CreateStatusWindowW

msvcrt

_XcptFilter
_exit
_c_exit
time
localtime
_cexit
iswctype
_except_handler3
_wtol
wcsncmp
_snwprintf
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
wcsncpy

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyW
IsTextUnicode
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocalTime
GetUserDefaultLCID
GetDateFormatW
GetTimeFormatW
GlobalLock
GlobalUnlock
GetFileInformationByHandle
CreateFileMappingW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GlobalFree
GetLocaleInfoW
LocalFree
LocalAlloc
lstrlenW
LocalUnlock
CompareStringW
LocalLock
FoldStringW
CloseHandle
lstrcpyW
ReadFile
CreateFileW
lstrcmpiW
GetCurrentProcessId
GetProcAddress
GetCommandLineW
lstrcatW
FindClose
FindFirstFileW
GetFileAttributesW
lstrcmpW
MulDiv
lstrcpynW
LocalSize
GetLastError
WriteFile
SetLastError
WideCharToMultiByte
LocalReAlloc
FormatMessageW
GetUserDefaultUILanguage
SetEndOfFile
DeleteFileW
GetACP
UnmapViewOfFile
MultiByteToWideChar
MapViewOfFile
UnhandledExceptionFilter

gdi32

EndPage
AbortDoc
EndDoc
DeleteDC
StartPage
GetTextExtentPoint32W
CreateDCW
SetAbortProc
GetTextFaceW
TextOutW
StartDocW
EnumFontsW
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
GetTextMetricsW
SetBkMode
LPtoDP
SetWindowExtEx
SetViewportExtEx
SetMapMode
SelectObject

user32

GetClientRect
SetCursor
ReleaseDC
GetDC
DialogBoxParamW
SetActiveWindow
GetKeyboardLayout
DefWindowProcW
DestroyWindow
MessageBeep
ShowWindow
GetForegroundWindow
IsIconic
GetWindowPlacement
CharUpperW
LoadStringW
LoadAcceleratorsW
GetSystemMenu
RegisterClassExW
LoadImageW
LoadCursorW
SetWindowPlacement
CreateWindowExW
GetDesktopWindow
GetFocus
LoadIconW
SetWindowTextW
PostQuitMessage
RegisterWindowMessageW
UpdateWindow
SetScrollPos
CharLowerW
PeekMessageW
EnableWindow
DrawTextExW
CreateDialogParamW
GetWindowTextW
GetSystemMetrics
MoveWindow
InvalidateRect
WinHelpW
GetDlgCtrlID
ChildWindowFromPoint
ScreenToClient
GetCursorPos
SendDlgItemMessageW
SendMessageW
CharNextW
CheckMenuItem
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetMenuState
EnableMenuItem
GetSubMenu
GetMenu
MessageBoxW
SetWindowLongW
GetWindowLongW
GetDlgItem
SetFocus
SetDlgItemTextW
wsprintfW
GetDlgItemTextW
EndDialog
GetParent
UnhookWinEvent
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
PostMessageW
GetMessageW
SetWinEventHook

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZHANYING/OS.txt
ZHANYING/PJQD.dwg
ZHANYING/PLOT1.TXT
ZHANYING/PLOT2.TXT
ZHANYING/QDWZ.dwg
ZHANYING/RZ.txt
ZHANYING/SLD/AX.sld
ZHANYING/SLD/BB.sld
ZHANYING/SLD/BX.sld
ZHANYING/SLD/CK-A.sld
ZHANYING/SLD/CK-B.sld
ZHANYING/SLD/CK-C.sld
ZHANYING/SLD/CX.sld
ZHANYING/SLD/CYJS.SLD
ZHANYING/SLD/DZ-A.sld
ZHANYING/SLD/FH-A.sld
ZHANYING/SLD/FH-B.sld
ZHANYING/SLD/FHLS-A.sld
ZHANYING/SLD/GJM-A.sld
ZHANYING/SLD/JDJX.SLD
ZHANYING/SLD/JXJX.sld
ZHANYING/SLD/MY-A.sld
ZHANYING/SLD/UZ-A.sld
ZHANYING/SLD/VZ-A.sld
ZHANYING/SLD/VZ-B.sld
ZHANYING/SLD/cyp.SLD
ZHANYING/SLD/jyp.SLD
ZHANYING/SLD/tpgz.sld
ZHANYING/SLD/zdkx.sld
ZHANYING/TKJ/1.txt
ZHANYING/TKJ/10.txt
ZHANYING/TKJ/11.txt
ZHANYING/TKJ/12.txt
ZHANYING/TKJ/13.txt
ZHANYING/TKJ/14.txt
ZHANYING/TKJ/15.txt
ZHANYING/TKJ/16.txt
ZHANYING/TKJ/2.txt
ZHANYING/TKJ/3.txt
ZHANYING/TKJ/4.txt
ZHANYING/TKJ/5.txt
ZHANYING/TKJ/6.txt
ZHANYING/TKJ/7.txt
ZHANYING/TKJ/8.txt
ZHANYING/TKJ/9.txt
ZHANYING/TKJ/ZY1.dwg
ZHANYING/TKJ/ZY1.sld
ZHANYING/TKJ/ZY10.dwg
ZHANYING/TKJ/ZY10.sld
ZHANYING/TKJ/ZY11.dwg
ZHANYING/TKJ/ZY11.sld
ZHANYING/TKJ/ZY12.dwg
ZHANYING/TKJ/ZY12.sld
ZHANYING/TKJ/ZY13.dwg
ZHANYING/TKJ/ZY13.sld
ZHANYING/TKJ/ZY14.dwg
ZHANYING/TKJ/ZY14.sld
ZHANYING/TKJ/ZY15.dwg
ZHANYING/TKJ/ZY15.sld
ZHANYING/TKJ/ZY16.dwg
ZHANYING/TKJ/ZY16.sld
ZHANYING/TKJ/ZY2.dwg
ZHANYING/TKJ/ZY2.sld
ZHANYING/TKJ/ZY3.dwg
ZHANYING/TKJ/ZY3.sld
ZHANYING/TKJ/ZY4.dwg
ZHANYING/TKJ/ZY4.sld
ZHANYING/TKJ/ZY5.dwg
ZHANYING/TKJ/ZY5.sld
ZHANYING/TKJ/ZY6.dwg
ZHANYING/TKJ/ZY6.sld
ZHANYING/TKJ/ZY7.dwg
ZHANYING/TKJ/ZY7.sld
ZHANYING/TKJ/ZY8.dwg
ZHANYING/TKJ/ZY8.sld
ZHANYING/TKJ/ZY9.dwg
ZHANYING/TKJ/ZY9.sld
ZHANYING/TKJ/wdy.sld
ZHANYING/TXT/AX.txt
ZHANYING/TXT/AX1.txt
ZHANYING/TXT/BB.txt
ZHANYING/TXT/BB1.txt
ZHANYING/TXT/BX.txt
ZHANYING/TXT/BX1.txt
ZHANYING/TXT/CX.txt
ZHANYING/TXT/DMB.txt
ZHANYING/TXT/JDJX.txt
ZHANYING/TXT/JXJX.TXT
ZHANYING/TXT/WDTK.txt
ZHANYING/TXT/ZMGG.txt
ZHANYING/TXT/ZYSM.txt
ZHANYING/TXT/wgsm1.txt
ZHANYING/TXT/警告.txt
ZHANYING/XHQ.dwg
ZHANYING/XX1.DWG
ZHANYING/YDP.CTB
ZHANYING/YDP.LIN
ZHANYING/YS.DWG
ZHANYING/ZHAN YING.dwt
ZHANYING/ZHANYING.VLX
ZHANYING/ZK.exe
.exe windows:4 windows x86 arch:x86

97e39147ff0f463f343c9417d3b27e5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord660
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaR4Str
__vbaVarLateMemSt
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
ord614
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZHANYING/ZX.txt
ZHANYING/ZYAE1.SHX
ZHANYING/zhanying.cui
.xml
ZHANYING/zhanying.mnu
ZHANYING/zytxt1.shx
ZHANYING/新云软件.url
.url
使用必读.txt
战鹰外挂设计样例.dwg

Sharing

General

Malware Config

Signatures

Files

11649e225022e86f9adbebe5b5766305

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 292KB - Virtual size: 290KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 12KB - Virtual size: 8KB

419c3fe8c1eefea9336b96f74f0951dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comdlg32

shell32

winspool.drv

comctl32

msvcrt

advapi32

kernel32

gdi32

user32

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 32KB - Virtual size: 31KB

97e39147ff0f463f343c9417d3b27e5c

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.data Size: 4KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 292KB - Virtual size: 290KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 12KB - Virtual size: 8KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 32KB - Virtual size: 31KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 4KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 2KB