a8b2ab05cae8d07d7619690437610862_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a8b2ab05cae8d07d7619690437610862_JaffaCakes118
Size

870KB
MD5

a8b2ab05cae8d07d7619690437610862
SHA1

29ff35ccdaf9b07a162efe4eeaa7c6dd01ba2bcd
SHA256

20099e62cacf4e7975284af6ebac55eda2c4c804bf9652b5d0ed3864a3644335
SHA512

b0de666a966eb556cd044ff11fa7b2da02bb499f56fc5c325893dfa518a5f6a267661bc82a305d4ace0e4c2f5a4dcadcd3707aca3a7b77854e305799144fa62f
SSDEEP

24576:IMueXK/1TbgikY4NZgi7SFgxwdlIlpoIfMwAxGfiEB:DJXKdTEiz+mIlpQ86EB

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/200652615117914/Control/BSE.oca
unpack001/200652615117914/Control/BSE.ocx
unpack001/200652615117914/Control/datepk.oca
unpack001/200652615117914/Control/datepk.ocx
unpack001/200652615117914/Control/yfDNetMenu.oca
unpack001/200652615117914/Control/yfDNetMenu.ocx
unpack001/200652615117914/yfDNetMenu.oca
unpack001/200652615117914/yfDNetMenu.ocx

Files

a8b2ab05cae8d07d7619690437610862_JaffaCakes118
.rar
200652615117914/1.dat
200652615117914/BG/bg.jpg
.jpg
200652615117914/BG/bg1.jpg
.jpg
200652615117914/BG/bg2.jpg
.jpg
200652615117914/BG/nopic.jpg
.jpg
200652615117914/BG/sr.jpg
.jpg
200652615117914/Commdialog.bas
.vbs
200652615117914/Control/BSE.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
200652615117914/Control/BSE.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

911ba694a196955b5e2424b02b28dd36

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
Zombie_GetTypeInfo
ord591
EVENT_SINK2_Release
ord301
ord307
ord632
EVENT_SINK_AddRef
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ProcCallEngine
ord644
ord573
EVENT_SINK2_AddRef
ord681
ord685
ord101
ord102
ord103
ord104
ord105

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
200652615117914/Control/SComboBox.ctl
.vbs
200652615117914/Control/SComboBox.ctx
200652615117914/Control/XPContainer.ctl
.vbs
200652615117914/Control/XPContainer.ctx
200652615117914/Control/XPContainer.log
200652615117914/Control/XPMCCombo.ctl
.vbs
200652615117914/Control/XPMCCombo.ctx
200652615117914/Control/XPMultiColumnCombo.vbw
200652615117914/Control/datepk.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
200652615117914/Control/datepk.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

754e8bd1a87d4e847df447bde6ab789d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

ord588
MethCallEngine
ord517
ord660
ord301
ord598
ord599
ord307
ord631
ord632
EVENT_SINK_AddRef
ord528
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
ord101
ord102
ord103
ord104
ord610
ord105
ord613
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
200652615117914/Control/isButton.ctl
.vbs
200652615117914/Control/xpFrame.ctl
.vbs
200652615117914/Control/xpFrame.ctx
200652615117914/Control/yfDNetMenu.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
200652615117914/Control/yfDNetMenu.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

002d464f5542e4ac4014a0becc3edf83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
ord693
__vbaVarVargNofree
__vbaFreeVar
__vbaCyMul
__vbaLenBstr
__vbaStrVarMove
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
ord513
__vbaVarIndexStore
__vbaNextEachVar
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaVarSetVarAddref
__vbaResume
__vbaCopyBytes
__vbaForEachCollAd
__vbaStrCat
ord629
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
ord556
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
__vbaVarIndexLoadRefLock
EVENT_SINK2_Release
__vbaExitProc
__vbaForEachCollObj
ord300
ord301
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord303
__vbaVarIndexStoreObj
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
ord306
__vbaForEachCollVar
__vbaBoolVar
ord307
ord309
__vbaBoolVarNull
__vbaVarTstLt
__vbaRefVarAry
_CIsin
__vbaErase
ord525
ord632
__vbaVarZero
__vbaNextEachCollObj
__vbaChkstk
__vbaCyVar
ord526
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaExitEachColl
__vbaVarTstEq
__vbaAryConstruct2
__vbaCyI4
__vbaNextEachCollVar
__vbaI2I4
ord562
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord601
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaRedimVar
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
ord607
__vbaVarDiv
ord608
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord537
ord644
_CIlog
__vbaErrorOverflow
ord647
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaVarAdd
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVerifyVarObj
ord616
__vbaVarCopy
__vbaUnkVar
__vbaVarLateMemCallLd
__vbaFpI4
__vbaRecDestructAnsi
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
_CIatan
ord618
__vbaStrMove
__vbaCastObj
__vbaForEachVar
__vbaI4Cy
_allmul
__vbaLateIdSt
ord652
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
200652615117914/DataEnvironment1.DCA
200652615117914/DataEnvironment1.Dsr
200652615117914/DataReport1.DCA
200652615117914/DataReport1.Dsr
200652615117914/DataReport1.dsx
200652615117914/DataReport2.DCA
200652615117914/DataReport2.Dsr
200652615117914/DataReport2.dsx
200652615117914/False
200652615117914/Form2.frm
200652615117914/Form2.frx
200652615117914/Module1.bas
.vbs
200652615117914/VB9D.tmp
200652615117914/data/1.txt
200652615117914/data/kq.mdb
200652615117914/dp.DCA
200652615117914/dp.dsx
200652615117914/gztj.frm
.vbs
200652615117914/gztj.frx
200652615117914/gztj.log
200652615117914/hygl.frm
.vbs
200652615117914/hygl.frx
200652615117914/hygl.log
200652615117914/hyxx.frm
200652615117914/hyxx.frx
200652615117914/hyxx.log
200652615117914/kaoqin.frm
.vbs
200652615117914/kaoqin.frx
200652615117914/kaoqintj.frm
200652615117914/kaoqintj.frx
200652615117914/kaoqintj.log
200652615117914/kqjl.frm
200652615117914/kqjl.frx
200652615117914/kqtj.DCA
200652615117914/kqtj.Dsr
200652615117914/main.frm
200652615117914/main.frx
200652615117914/pic/2005-10-26022212.jpg
200652615117914/pic/2005-10-26022313.jpg
200652615117914/pic/2005-10-26025622.jpg
200652615117914/pic/2005-10-26025636.jpg
200652615117914/pic/2005-10-26025709.jpg
200652615117914/pic/2005-10-26025828.jpg
200652615117914/pic/2005-10-26030137.jpg
200652615117914/pic/2005-10-26030358.jpg
200652615117914/pic/2005-10-26030816.jpg
200652615117914/pic/2005-10-26030849.jpg
200652615117914/pic/2005-10-26030912.jpg
200652615117914/pic/2005-10-26031033.jpg
200652615117914/pic/2005-10-26031045.jpg
200652615117914/pic/2005-10-26031622.jpg
200652615117914/pic/2005-10-26031832.jpg
200652615117914/pic/2005-10-26151930.jpg
200652615117914/pic/2005-10-26203400.jpg
200652615117914/set.ini
200652615117914/setTime.frm
.vbs
200652615117914/setTime.frx
200652615117914/skin.frm
200652615117914/skin.frx
200652615117914/sp.frm
.vbs
200652615117914/sp.frx
200652615117914/srts.frm
.vbs
200652615117914/srts.frx
200652615117914/sy.frm
.vbs
200652615117914/sy.frx
200652615117914/tcbl.frm
.vbs
200652615117914/tcbl.frx
200652615117914/temp/temp.ini
200652615117914/tichengtongji.frm
200652615117914/tichengtongji.frx
200652615117914/tichengtongji.log
200652615117914/user.DCA
200652615117914/user.Dsr
200652615117914/user.dsx
200652615117914/userd.DCA
200652615117914/userd.Dsr
200652615117914/yfDNetMenu.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
200652615117914/yfDNetMenu.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

002d464f5542e4ac4014a0becc3edf83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
ord693
__vbaVarVargNofree
__vbaFreeVar
__vbaCyMul
__vbaLenBstr
__vbaStrVarMove
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
ord513
__vbaVarIndexStore
__vbaNextEachVar
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaVarSetVarAddref
__vbaResume
__vbaCopyBytes
__vbaForEachCollAd
__vbaStrCat
ord629
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
ord556
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
__vbaVarIndexLoadRefLock
EVENT_SINK2_Release
__vbaExitProc
__vbaForEachCollObj
ord300
ord301
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord303
__vbaVarIndexStoreObj
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
ord306
__vbaForEachCollVar
__vbaBoolVar
ord307
ord309
__vbaBoolVarNull
__vbaVarTstLt
__vbaRefVarAry
_CIsin
__vbaErase
ord525
ord632
__vbaVarZero
__vbaNextEachCollObj
__vbaChkstk
__vbaCyVar
ord526
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaExitEachColl
__vbaVarTstEq
__vbaAryConstruct2
__vbaCyI4
__vbaNextEachCollVar
__vbaI2I4
ord562
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord601
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaRedimVar
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
ord607
__vbaVarDiv
ord608
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord537
ord644
_CIlog
__vbaErrorOverflow
ord647
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaVarAdd
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVerifyVarObj
ord616
__vbaVarCopy
__vbaUnkVar
__vbaVarLateMemCallLd
__vbaFpI4
__vbaRecDestructAnsi
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
_CIatan
ord618
__vbaStrMove
__vbaCastObj
__vbaForEachVar
__vbaI4Cy
_allmul
__vbaLateIdSt
ord652
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
200652615117914/ygtj.frm
.vbs
200652615117914/ygtj.frx
200652615117914/ygtj.log
200652615117914/yinyetj.frm
200652615117914/yinyetj.frx
200652615117914/yyhz.frm
200652615117914/yyhz.frx
200652615117914/下载说明.htm
.html .js polyglot
200652615117914/工程1.vbp
200652615117914/工程1.vbw
200652615117914/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 17KB - Virtual size: 20KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

911ba694a196955b5e2424b02b28dd36

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 108KB

.data Size: - Virtual size: 9KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 8KB - Virtual size: 6KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 40KB - Virtual size: 44KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

754e8bd1a87d4e847df447bde6ab789d

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.data Size: - Virtual size: 13KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 19KB - Virtual size: 20KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

002d464f5542e4ac4014a0becc3edf83

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 223KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 20KB - Virtual size: 18KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 19KB - Virtual size: 20KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

002d464f5542e4ac4014a0becc3edf83

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 17KB - Virtual size: 20KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 112KB - Virtual size: 108KB

.data
Size: - Virtual size: 9KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 40KB - Virtual size: 44KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 100KB - Virtual size: 96KB

.data
Size: - Virtual size: 13KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 19KB - Virtual size: 20KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 224KB - Virtual size: 223KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 19KB - Virtual size: 20KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 224KB - Virtual size: 223KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 20KB - Virtual size: 18KB