0d688483acb03c6e1e5709581c3e1143_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0d688483acb03c6e1e5709581c3e1143_JaffaCakes118
Size

754KB
MD5

0d688483acb03c6e1e5709581c3e1143
SHA1

46d30b7912b2a4e57cbe2c65a83fd1bcdfc6b2b7
SHA256

2ac61a1d3c9355e09360c2529b5c19060373ce4dee01fe9d7223c94118d130f2
SHA512

82c8dbed7a11b38fc15a44d93e8b7187b3892855937adc3618d5b9188dad85c79f2289329a9b7c70367fb8de03950a35c71bc124f4f9db28c05624fc78f81fa3
SSDEEP

12288:cMJYhOXWj4z8E+EpBdSD6ZP+xAXPhwNpR4sZd9lvtTmJX7/pzdgEuYUkF:cMJYnw8Ex3cHNpl7bTkXjFeEuYUkF

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/le_05_35/CrCom.dll
unpack001/le_05_35/IENewWin.dll
unpack001/le_05_35/LCmnCtrl32.dll
unpack001/le_05_35/L_E.exe
unpack001/le_05_35/Plugin/ClearCache/ClearCache.dll
unpack001/le_05_35/Plugin/GetWebSnap/GetWebSnap.dll
unpack001/le_05_35/Plugin/RunScript/RunScript.dll
unpack001/le_05_35/Plugin/ShowSelHtml/ShowSelHtml.dll
unpack001/le_05_35/Plugin/URLHistory/URLHistory.dll
unpack001/le_05_35/myacc.dll

Files

0d688483acb03c6e1e5709581c3e1143_JaffaCakes118
.rar
Readme-说明.htm
.html
le_05_35/Config.dat
le_05_35/CrCom.dll
.dll windows:4 windows x86 arch:x86

25c3d4994c025b907a64368e955a0b7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary

ole32

CLSIDFromString

Exports

Exports

CrComObj
CrComObj2
TryFreeLib

Sections

.text
Size: 4KB - Virtual size: 394B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
le_05_35/DownManager/DLExpert.vbs
.vbs
le_05_35/DownManager/DownLoadExpress.vbs
.vbs
le_05_35/DownManager/FlashGet.vbs
.vbs
le_05_35/DownManager/HiDownload.vbs
.vbs
le_05_35/DownManager/NetAnts.vbs
.vbs
le_05_35/DownManager/NetTransport.vbs
.vbs
le_05_35/DownManager/ThunderBHO.vbs
.vbs
le_05_35/DownManager/list.ini
le_05_35/Error.Log
le_05_35/IENewWin.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c76217d44631d669e59e9092ef6592d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
EnterCriticalSection
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
DebugBreak
HeapReAlloc
HeapFree
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
GetLastError
DisableThreadLibraryCalls

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumValueA
RegSetValueExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 745B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
le_05_35/LCmnCtrl32.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9eea7c59a85682eea60e154c3fdc7043

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaAptOffset
_adj_fdiv_m64
__vbaRaiseEvent
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarTstLe
ord301
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord307
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaCyI4
DllFunctionCall
__vbaLbound
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord314
_adj_fprem
_adj_fdivr_m64
ord315
__vbaFailedFriend
ord316
__vbaFPException
ord717
ord644
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaAryLock
__vbaStrToAnsi
__vbaFpI4
__vbaRecDestructAnsi
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
le_05_35/L_E.exe
.exe windows:4 windows x86 arch:x86

7c751caadb3b58a101de2cbf118df094

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CoInternetCreateZoneManager

shlwapi

PathIsDirectoryW
PathCanonicalizeW
PathFileExistsW

user32

RegisterClipboardFormatA

oleaut32

SysAllocString

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemAlloc
CreateStreamOnHGlobal
StgCreateDocfile
IsEqualGUID
StgOpenStorage
CoTaskMemFree
ReleaseStgMedium

shell32

DragQueryFileA
SHGetSpecialFolderPathW

kernel32

GlobalUnlock
RtlMoveMemory
GlobalLock

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
ord588
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
ord512
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaCVarAryUdt
ord519
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaForEachCollAd
__vbaError
ord660
__vbaLsetFixstr
ord554
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
__vbaLenVar
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
EVENT_SINK2_Release
__vbaExitProc
__vbaForEachCollObj
ord300
ord301
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord305
ord306
ord520
__vbaBoolVar
ord307
ord521
ord522
ord309
ord523
__vbaBoolVarNull
_CIsin
ord709
ord631
__vbaVargVarMove
ord632
__vbaVarCmpGt
__vbaNextEachCollObj
__vbaLateMemStAd
__vbaChkstk
__vbaFileClose
__vbaCyVar
ord526
EVENT_SINK_AddRef
__vbaCyI2
ord529
__vbaStrCmp
__vbaExitEachColl
__vbaVarTstEq
__vbaAryConstruct2
__vbaCyI4
__vbaObjVar
DllFunctionCall
ord670
__vbaVarOr
__vbaVarLateMemSt
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
ord567
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaObjIs
__vbaVarAnd
ord311
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord711
ord313
__vbaPrintFile
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFailedFriend
ord530
ord608
__vbaFPException
__vbaInStrVar
ord717
ord319
ord533
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaCheckType
ord535
__vbaI2Var
ord536
ord644
ord645
_CIlog
__vbaFileOpen
ord570
ord648
__vbaNew2
__vbaInStr
__vbaVarLateMemCallLdRf
__vbaVar2Vec
__vbaCyMulI2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaFreeStrList
__vbaVarNot
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
ord579
__vbaI4Var
__vbaVarLateMemStAd
__vbaVarCmpEq
ord610
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
ord320
ord612
__vbaStrToAnsi
__vbaVarDup
ord321
ord613
__vbaVarCopy
__vbaFpI4
__vbaVarLateMemCallLd
ord616
__vbaRecDestructAnsi
__vbaLateMemCallLd
__vbaR8IntI2
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaCastObj
ord618
__vbaR8IntI4
__vbaI4Cy
__vbaStrVarCopy
__vbaVarNeg
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
ord546
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaRecAssign
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 952KB - Virtual size: 951KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
le_05_35/Plugin/ClearCache/ClearCache.dll
.dll regsvr32 windows:4 windows x86 arch:x86

78baaa99937a7ea2ade41525a98fa166

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
EVENT_SINK2_Release
ord301
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord307
ord309
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
ord670
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
ord717
__vbaStrVarVal
__vbaUbound
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord101
ord102
ord103
ord104
ord105
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord613
_CIatan
__vbaAryCopy
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
le_05_35/Plugin/ClearCache/ClearCache.ini
le_05_35/Plugin/ClearCache/data.ini
le_05_35/Plugin/GetWebSnap/GetWebSnap.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b5eed564dead02746817a93409025ed2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaAptOffset
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
EVENT_SINK2_Release
ord301
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord305
ord307
ord309
_CIsin
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord313
ord712
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaCheckType
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarDup
__vbaStrToAnsi
ord616
ord617
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
le_05_35/Plugin/GetWebSnap/GetWebSnap.ini
le_05_35/Plugin/RunScript/RunScript.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d1e1b0f572011b8e47a0c449d248391a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaForEachCollAd
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
ord554
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
EVENT_SINK2_Release
__vbaExitProc
ord300
ord301
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord306
ord307
ord309
_CIsin
ord709
ord631
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
ord567
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord536
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaFpI4
__vbaVarLateMemCallLd
ord617
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
ord618
__vbaAryCopy
__vbaCastObj
__vbaStrMove
ord650
_allmul
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
le_05_35/Plugin/RunScript/RunScript.ini
le_05_35/Plugin/RunScript/ViewPage.htm
.js
le_05_35/Plugin/RunScript/ViewPage.js
.js
le_05_35/Plugin/RunScript/jc_all.vbs
.vbs
le_05_35/Plugin/RunScript/jc_all_img.vbs
.vbs
le_05_35/Plugin/RunScript/rscfg.ini
le_05_35/Plugin/RunScript/v.ico
le_05_35/Plugin/RunScript/复件 ViewPage.js
.js
le_05_35/Plugin/RunScript/复件复件 ViewPage.htm
.js
le_05_35/Plugin/ShowSelHtml/ShowSelHtml.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a7f2c49039c609dddaf3331568f7e38e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaAptOffset
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
EVENT_SINK2_Release
__vbaForEachCollObj
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord305
_CIsin
__vbaNextEachCollObj
__vbaChkstk
EVENT_SINK_AddRef
__vbaExitEachColl
__vbaStrCmp
__vbaObjVar
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord313
ord712
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaVarLateMemCallLdRf
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaLateMemCall
__vbaVarDup
__vbaVarLateMemCallLd
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
le_05_35/Plugin/ShowSelHtml/ShowSelHtml.ini
le_05_35/Plugin/URLHistory/URLHistory.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3e4acea340fad880a04a828f14250c58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoTaskMemFree

kernel32

FileTimeToLocalFileTime
FileTimeToSystemTime

oleaut32

SysAllocString
SystemTimeToVariantTime

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaStrI2
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
EVENT_SINK2_Release
ord300
ord301
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord305
ord306
ord307
_CIsin
ord709
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaDateR8
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaVarSetUnk
__vbaNew
_CIsqrt
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord313
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaFPException
ord319
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
ord320
__vbaStrToAnsi
ord321
__vbaFpI4
ord616
__vbaRecDestructAnsi
_CIatan
ord618
__vbaCastObj
__vbaStrMove
_allmul
_CItan
ord546
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
le_05_35/Plugin/URLHistory/URLHistory.ini
le_05_35/Plugin/URLHistory/URLHistory.pdb
le_05_35/def_lexplorer.ini
le_05_35/lexplorer.ini
le_05_35/myacc.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2ae57e71bbd835ae676532a25533fb3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
GetShortPathNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
lstrlenW
lstrlenA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryExA
GetCurrentThreadId
VirtualFree
GetStringTypeW
GetStringTypeA
LCMapStringA
LCMapStringW
GetACP
GetCPInfo
DisableThreadLibraryCalls
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualAlloc
IsBadWritePtr
GetFileType
GetOEMCP
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetEnvironmentStringsW
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr

user32

CharNextA
MessageBoxA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegDeleteKeyA

ole32

CoGetClassObject
CoCreateInstance
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

RegisterTypeLi
SysStringLen
LoadRegTypeLi
SysFreeString
LoadTypeLi
SysAllocString
VarUI4FromStr

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
le_05_35/readme.txt
le_05_35/search/mul.ini
le_05_35/search/searchs.ini
le_05_35/shortcut.vbs
.vbs
le_05_35/theme/crystal/gray.png
.png
le_05_35/theme/crystal/normal.png
.png
le_05_35/theme/crystal/skin.ini
le_05_35/theme/iCandy/big.gif
.gif
le_05_35/theme/iCandy/big.png
.png
le_05_35/theme/iCandy/combine.gif
.gif
le_05_35/theme/iCandy/gray.png
.png
le_05_35/theme/iCandy/menu.gif
.gif
le_05_35/theme/iCandy/menu.png
.png
le_05_35/theme/iCandy/normal.png
.png
le_05_35/theme/iCandy/skin.ini
le_05_35/theme/iCandy/win_g.png
.png
le_05_35/theme/iCandy/win_n.png
.png
le_05_35/theme/kde/gray.png
.png
le_05_35/theme/kde/normal.png
.png
le_05_35/theme/kde/skin.ini
le_05_35/theme/vista/gray.png
.png
le_05_35/theme/vista/normal.png
.png
le_05_35/theme/vista/skin.ini
le_05_35/tips.txt

Sharing

General

Malware Config

Signatures

Files

25c3d4994c025b907a64368e955a0b7a

Headers

File Characteristics

Imports

kernel32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 394B

.rdata Size: 4KB - Virtual size: 350B

.data Size: 4KB - Virtual size: 36B

.reloc Size: 4KB - Virtual size: 74B

c76217d44631d669e59e9092ef6592d8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 745B

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 1012B

9eea7c59a85682eea60e154c3fdc7043

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 12KB - Virtual size: 9KB

7c751caadb3b58a101de2cbf118df094

Headers

File Characteristics

Imports

urlmon

shlwapi

user32

oleaut32

ole32

shell32

kernel32

msvbvm60

Sections

.text Size: 952KB - Virtual size: 951KB

.data Size: 4KB - Virtual size: 62KB

.rsrc Size: 32KB - Virtual size: 28KB

78baaa99937a7ea2ade41525a98fa166

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

b5eed564dead02746817a93409025ed2

Headers

File Characteristics

Imports

msvbvm60

.text
Size: 4KB - Virtual size: 394B

.rdata
Size: 4KB - Virtual size: 350B

.data
Size: 4KB - Virtual size: 36B

.reloc
Size: 4KB - Virtual size: 74B

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 745B

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1012B

.text
Size: 88KB - Virtual size: 87KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 952KB - Virtual size: 951KB

.data
Size: 4KB - Virtual size: 62KB

.rsrc
Size: 32KB - Virtual size: 28KB

.text
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 55KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 4KB