97b0b58dc0de5e03de54dc930399f3f92e21208ddcb1f77ea073b2165f658103

Sharing

Copy URL

Twitter E-mail

General

Target

97b0b58dc0de5e03de54dc930399f3f92e21208ddcb1f77ea073b2165f658103
Size

448KB
MD5

821b90f4f3a4d56cf89660ed6dc17761
SHA1

5d165df8a4a314f6a805715c142724372cc0e1b2
SHA256

97b0b58dc0de5e03de54dc930399f3f92e21208ddcb1f77ea073b2165f658103
SHA512

09943414a73911a26bf91ca557b40357938f237e8bb7e3468922c345ea0359bd596d241d35e35ff1ca2990efa13f22c05d63c8aae9550db7d09874137c56edb7
SSDEEP

6144:67gUTL1PTnpbBmfUvMC+5qx0otR++bqOHvoLBXPDvS5FZXS:2TL1PzaU0c0o1bhy6vS

Score

N/A

Malware Config

Signatures

Files

97b0b58dc0de5e03de54dc930399f3f92e21208ddcb1f77ea073b2165f658103
.exe windows x86

ab0bb79ef44944ce4963ad523deae242

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwUnmapViewOfSection

kernel32

GetProcAddress
VirtualAlloc
FindResourceW
VirtualProtect
GetCommandLineW
GetStartupInfoW
GetCurrentProcess
RtlMoveMemory
GetModuleFileNameW
WideCharToMultiByte
LoadResource
GetSystemDirectoryW
SizeofResource
GetTempPathW
lstrcpynW
GetModuleHandleW
LockResource
GetWindowsDirectoryW
VirtualFree
GetUserDefaultLCID

shlwapi

PathStripToRootW
PathRemoveFileSpecW

shell32

SHGetFolderPathW

user32

LoadStringW

oleaut32

SysReAllocString
SysAllocString
SysFreeString
SysAllocStringLen
SysAllocStringByteLen
SysStringLen

msvbvm60

__vbaVarTstGt
__vbaVarSub
ord583
__vbaStrI2
_CIcos
_adj_fptan
ord585
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaLineInputStr
__vbaFreeVarList
_adj_fdiv_m64
__vbaLineInputVar
ord516
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR8
__vbaVargVar
__vbaBoolVarNull
_CIsin
ord631
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
__vbaVarLateMemSt
__vbaLbound
_adj_fpatan
__vbaStrR8
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaI2Var
ord644
_CIlog
__vbaFileOpen
__vbaVar2Vec
__vbaVarLateMemCallLdRf
__vbaR8Str
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaI4Var
ord610
ord611
__vbaLateMemCall
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaFpI2
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab0bb79ef44944ce4963ad523deae242

Headers

File Characteristics

Imports

ntdll

kernel32

shlwapi

shell32

user32

oleaut32

msvbvm60

Sections

.text Size: 184KB - Virtual size: 180KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 256KB - Virtual size: 255KB

.text
Size: 184KB - Virtual size: 180KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 256KB - Virtual size: 255KB