9dfd58c000175e05e8081786c819c48773a5445a232e897696b9d3487f888ff4

Sharing

Copy URL Twitter E-mail

General

Target

9dfd58c000175e05e8081786c819c48773a5445a232e897696b9d3487f888ff4
Size

4.0MB
MD5

5a220c489ae990c0dcca838241fda8a6
SHA1

2d49bf56140ac43564076b81dd72e677fa91b6ea
SHA256

9dfd58c000175e05e8081786c819c48773a5445a232e897696b9d3487f888ff4
SHA512

5f69b4c956ee54f5f1ede7b094de0c0dac28d329cb7ce15dedfb6dee57a5635950fd663ec2ac38ad5eb75ca36936d1042d4c28b2f023c45665314cd514dfce3b
SSDEEP

98304:vQMoEx7ZaUmDQuvGGmBrBABz437hHioYNpddv3ylm010Os0B9WV:hZZaUmDQuvGGmBrBABU7hHioYNpddv35

Score

N/A

Malware Config

Signatures

Files

9dfd58c000175e05e8081786c819c48773a5445a232e897696b9d3487f888ff4
.exe windows x86

ff93696688d99487c831e2d0fcb75b9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
FormatMessageW

wininet

FtpDeleteFileW
FtpFindFirstFileW
InternetCloseHandle
InternetConnectW
FtpRenameFileW
FtpGetCurrentDirectoryW
InternetWriteFile
FtpSetCurrentDirectoryW
FtpOpenFileW
InternetFindNextFileW
InternetOpenW
FtpCreateDirectoryW

avicap32

capCreateCaptureWindowW

user32

SendMessageW

gdiplus

GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile

gdi32

SetPixel
GetPixel
StretchBlt
SetStretchBltMode
PlgBlt

comctl32

InitCommonControlsEx

ole32

CLSIDFromString
CoCreateGuid

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
ord694
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaLateIdCall
ord588
__vbaStrVarMove
__vbaLenBstr
ord696
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
__vbaFpCDblR8
ord512
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaRaiseEvent
__vbaLineInputVar
__vbaFreeObjList
ord516
__vbaVarIndexLoadRef
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
ord628
__vbaCopyBytes
__vbaResume
ord550
__vbaVarCmpNe
__vbaStrCat
__vbaError
__vbaBoolErrVar
__vbaLsetFixstr
ord553
ord660
ord661
__vbaStrDate
__vbaSetSystemError
__vbaLenBstrB
ord662
__vbaHresultCheckObj
ord557
__vbaVargVarCopy
ord558
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaVarTstLe
ord667
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
__vbaCyErrVar
__vbaVarIndexLoadRefLock
ord591
ord592
__vbaStrBool
__vbaForEachCollObj
ord593
__vbaVarForInit
__vbaBoolStr
__vbaExitProc
ord300
ord594
__vbaFileCloseAll
ord301
__vbaObjSet
__vbaOnError
ord595
ord302
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord305
__vbaCyStr
ord306
__vbaForEachCollVar
__vbaBoolVar
ord520
ord307
ord308
ord309
__vbaRefVarAry
ord523
__vbaVarTstLt
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord524
ord631
__vbaErase
__vbaVargVarMove
__vbaNextEachCollObj
__vbaVarZero
ord525
__vbaVarCmpGt
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaVarAbs
ord528
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaR4Str
__vbaDateR8
ord560
__vbaNextEachCollVar
__vbaObjVar
ord561
DllFunctionCall
ord563
__vbaVarLateMemSt
__vbaVarOr
ord564
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
_CIsqrt
__vbaObjIs
__vbaLateIdCallSt
__vbaVarAnd
ord311
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaStr2Vec
__vbaVarMul
__vbaExceptHandler
ord711
ord313
ord712
__vbaStrToUnicode
__vbaPrintFile
__vbaR4ErrVar
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord607
ord714
__vbaR8ErrVar
__vbaI2Str
__vbaVarDiv
ord608
ord716
ord609
ord531
__vbaVarCmpLe
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord535
__vbaDateVar
__vbaLsetFixstrFree
__vbaI2Var
ord537
ord644
ord538
ord645
_CIlog
__vbaFileOpen
ord648
__vbaVar2Vec
ord570
__vbaVarLateMemCallLdRf
__vbaR8Str
__vbaInStr
__vbaNew2
__vbaVarInt
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaVarSetObj
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
ord611
__vbaLateMemCall
__vbaInStrB
__vbaAryLock
__vbaVarAdd
ord320
__vbaFreeVarg
__vbaStrToAnsi
ord612
__vbaVarDup
ord321
ord613
__vbaFpI2
__vbaUnkVar
__vbaVarCopy
ord616
__vbaFpI4
__vbaVarTstGe
__vbaVarLateMemCallLd
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
_CIatan
ord618
__vbaI2ErrVar
__vbaAryCopy
__vbaUI1Str
__vbaCastObj
__vbaStrMove
__vbaForEachVar
__vbaStrVarCopy
__vbaR8IntI4
ord619
__vbaVarNeg
ord650
_allmul
__vbaVarLateMemCallSt
__vbaLenVarB
__vbaLateIdSt
__vbaLateMemCallSt
ord545
_CItan
ord546
__vbaUI1Var
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
ord548
_CIexp
__vbaStrCy
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff93696688d99487c831e2d0fcb75b9f

Headers

File Characteristics

Imports

kernel32

wininet

avicap32

user32

gdiplus

gdi32

comctl32

ole32

msvbvm60

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.data Size: 4KB - Virtual size: 91KB

.rsrc Size: 52KB - Virtual size: 48KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 4KB - Virtual size: 91KB

.rsrc
Size: 52KB - Virtual size: 48KB