65791e4efd1f794b6069599687db741441d31b4bf2e9e219bf012023fbc133ff

Sharing

Copy URL Twitter E-mail

General

Target

65791e4efd1f794b6069599687db741441d31b4bf2e9e219bf012023fbc133ff
Size

2.0MB
MD5

1091e124972681ee3db717e0f7ce0c2f
SHA1

f06b4880ff7811ea69f7a2e49fa226f836152f45
SHA256

65791e4efd1f794b6069599687db741441d31b4bf2e9e219bf012023fbc133ff
SHA512

b5558fb39b118d147cdd862ce0c7b95e2b75b1ef0b3b38928bad285be8670dc3b5c2f31310e47ef6657e113ab90811473fa29df5802008b80d1673ed97b325f0
SSDEEP

49152:moje8sa2RrO5gNzc0J7RiC4PafPfEwp0NCFdNeE5S4ZBk:mGe8strO5SQ0HiNvwp0NCZXQ

Score

N/A

Malware Config

Signatures

Files

65791e4efd1f794b6069599687db741441d31b4bf2e9e219bf012023fbc133ff
.exe windows x86

563d8cd98e6e3478de4a932e9976adaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvbvm60

__vbaLsetFixstrFree
rtcCos
__vbaVarCmpGt
__vbaRsetFixstrFree
GetMem1
_CIlog
rtDecFromVar
__vbaLdZeroAry
__vbaVarTextTstGe
rtcGetTimeVar
__vbaVarTextTstEq
__vbaLbound
__vbaPutFxStr3
__vbaFreeObjList
__vbaStrToUnicode
__vbaVarZero
Zombie_GetTypeInfoCount
EVENT_SINK_QueryInterface
__vbaCyAbs
__vbaCyForNext
rtcSplit
rtcMIRR
rtcGetDayOfMonth
rtcSendKeys
__vbaCyMul
__vbaVarTextCmpGe
EbGetErrorInfo
__vbaPut4
__vbaHresultCheckNonvirt
TipInvokeMethod
TipUnloadProject
__vbaR4Sgn
PutMemNewObj
__vbaR8IntI4
rtcVarFromVar
BASIC_CLASS_AddRef
GetMem2
__vbaMidStmtVar
__vbaLateIdStAd
__vbaVarTextLikeVar
rtcBstrFromAnsi
__vbaVarTextCmpNe
__vbaCyErrVar
__vbaAryRebase1Var
__vbaStrUI1
__vbaOnError

cryptnet

CertDllVerifyCTLUsage
LdapProvOpenStore
CertDllVerifyRevocation
I_CryptNetGetHostNameFromUrl
DllUnregisterServer
CryptGetObjectUrl
CryptGetTimeValidObject
DllRegisterServer
CryptFlushTimeValidObject
CryptInstallCancelRetrieval
CryptUninstallCancelRetrieval
CryptRetrieveObjectByUrlW
I_CryptNetEnumUrlCacheEntry
CryptCancelAsyncRetrieval
I_CryptNetGetUserDsStoreUrl
CryptRetrieveObjectByUrlA

kernel32

FlushConsoleInputBuffer
TlsFree
Heap32Next
VirtualUnlock
TlsGetValue
EscapeCommFunction
_lcreat
GetDiskFreeSpaceW
PrivMoveFileIdentityW
GetOverlappedResult
GetDateFormatA
LoadLibraryExA
Thread32Next
SetTapePosition
GetVolumeInformationW
GetProfileStringW
Process32First
HeapQueryInformation
WriteFileGather
CreateMutexW
VirtualFreeEx
CompareFileTime
GetLastError
SignalObjectAndWait
SetEnvironmentVariableA
GetLocaleInfoA
SetConsoleCP
CreateFileA
CreateFiberEx
WriteFileEx
DnsHostnameToComputerNameA
ResetWriteWatch
IsDBCSLeadByteEx
MultiByteToWideChar
GetConsoleAliasesLengthW
GetPrivateProfileSectionNamesW
QueueUserAPC
RequestDeviceWakeup
MulDiv
EnumUILanguagesA
GetVDMCurrentDirectories
Module32First
VirtualAlloc
IsBadHugeWritePtr
GetConsoleAliasExesLengthA
SwitchToFiber
GetAtomNameW
DeleteFiber
CreateProcessInternalW
CreateDirectoryExA

msvcp60

_Toupper
_Wcrtomb

Sections

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 14.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 707KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

563d8cd98e6e3478de4a932e9976adaa

Headers

File Characteristics

Imports

msvbvm60

cryptnet

kernel32

msvcp60

Sections

.rsrc Size: 42KB - Virtual size: 41KB

.data Size: - Virtual size: 14.3MB

.text Size: 707KB - Virtual size: 707KB

.tls Size: 512B - Virtual size: 4KB

.rsrc
Size: 42KB - Virtual size: 41KB

.data
Size: - Virtual size: 14.3MB

.text
Size: 707KB - Virtual size: 707KB

.tls
Size: 512B - Virtual size: 4KB