Static task
static1
Behavioral task
behavioral1
Sample
462225e4d7fc9114f906dbc236c10a633c5cdba1875daf757ce7ad3c14896dce.exe
Resource
win7-20220414-en
General
-
Target
462225e4d7fc9114f906dbc236c10a633c5cdba1875daf757ce7ad3c14896dce
-
Size
777KB
-
MD5
063ed0a9f0dbd546a15d0d49321d3638
-
SHA1
822481aca5d9e237471559877e303a2680b3452c
-
SHA256
462225e4d7fc9114f906dbc236c10a633c5cdba1875daf757ce7ad3c14896dce
-
SHA512
00bdc2b13c7001e300ed5625db15ab07d398da5bac9c5558aea611e959e4e5f5bed91769927edda0c2346b174142faaa52e5ce81668fe0af5110de40a2adb8c1
-
SSDEEP
12288:ZJSHKdKsR4HE2F6rQlMmhz3/4kPsQcSPobSVrhP459rBJXI:ZJf306R0zvCQcSPfdt4517XI
Malware Config
Signatures
Files
-
462225e4d7fc9114f906dbc236c10a633c5cdba1875daf757ce7ad3c14896dce.exe windows x86
bac992d16cc2e8cf5c070b0272f52637
Code Sign
01Certificate
IssuerCN=Enclose Gear 18',O=Gear Trophy Corp 18',C=CNNot Before26-11-2018 09:46Not After25-11-2022 09:46SubjectCN=Enclose Gear 18',O=Gear Trophy Corp 18',C=CN07Certificate
IssuerCN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=USNot Before03-05-2011 07:00Not After03-05-2031 07:00SubjectCN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:dc:58:e9:66:08:4c:0eCertificate
IssuerCN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=USNot Before16-10-2018 07:00Not After16-10-2023 07:00SubjectCN=Starfield Timestamp Authority - G2,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
95:c9:83:a3:96:8d:66:66:8b:37:96:e9:56:75:a2:3f:ec:10:e0:62:98:69:d8:98:65:7a:97:37:bc:be:18:6cSigner
Actual PE Digest95:c9:83:a3:96:8d:66:66:8b:37:96:e9:56:75:a2:3f:ec:10:e0:62:98:69:d8:98:65:7a:97:37:bc:be:18:6cDigest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Enclose Gear 18',O=Gear Trophy Corp 18',C=CN26-11-2018 22:16 Valid: false
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaAryConstruct2
__vbaPrintObj
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaGetOwner3
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaStrToAnsi
ord617
_CIatan
__vbaStrMove
__vbaCastObj
ord618
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 760KB - Virtual size: 758KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ