General

  • Target

    676776431fd9c95d10ffc1744598eb2ca0c63f372b9b5d005d704ed7c0880914

  • Size

    342KB

  • MD5

    9311b609782cb1ca1888797121883e8a

  • SHA1

    7f13dcc464264b8173d9a606cb696e79173dcaed

  • SHA256

    676776431fd9c95d10ffc1744598eb2ca0c63f372b9b5d005d704ed7c0880914

  • SHA512

    809d158b64832ba6c8baccd5e0a458b37f0358a9999f6be39a5323abcd7512222d322ef450d7c9d11969a8fdb05fb1e3d41a509a6ea0bde4c9ed983a53c4adde

  • SSDEEP

    6144:3rUxT5Y/SRitAdoyPvpuSlQcwfhUbSzPNfGVWP2mUEC3cS3n:3rUxT5GS0tAd5uSlQVhUkfoEC3Jn

Score
8/10

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

Files

  • 676776431fd9c95d10ffc1744598eb2ca0c63f372b9b5d005d704ed7c0880914
    .rar
  • CCC/aspRwWithJMail.ccc
    .vbs
  • CCC/aspSpy.ccc
    .vbs
  • CCC/aspx.ccc
    .js
  • CCC/php.ccc
  • CCC/phpSpy.ccc
    .js
  • Customize/Customize.aspx
    .asp .js
  • Customize/Customize.cfm
    .vbs
  • Customize/Customize.jsp
    .asp .js
  • caidao.exe
    .exe windows x86


    Headers

    Sections

  • db.mdb
  • db.tmp
    .dll windows x86

    1463d274512f2281ac766be23a73990a


    Headers

    Imports

    Exports

    Sections

  • readme.txt
    .vbs