01acd670121069c00f59fe58b0258821499bb4dd78ef24398eecd0e416479d8b

Sharing

Copy URL Twitter E-mail

General

Target

01acd670121069c00f59fe58b0258821499bb4dd78ef24398eecd0e416479d8b
Size

2.9MB
MD5

f0b04a4538bd7fa095bb4c70ddceb591
SHA1

6e7e22b0ace16db04449f0a1eb8533cad22bafee
SHA256

01acd670121069c00f59fe58b0258821499bb4dd78ef24398eecd0e416479d8b
SHA512

28bd8e4c6fce20436b62f7984e05b7e8cd74b2f37512b350251f4cef286482458e5b35bfecc54b88bc3358eb28a02b0b724561847b940be770e132461445efc4
SSDEEP

49152:tIWotkjXqG1nSQvUg/JpYYc0J7RiC4PafPfEwp0NCFdK4pw+HR0oBJIpTUlsheTF:9otkjXOQ470HiNvwp0NCppwkCpo6Ci0T

Score

N/A

Malware Config

Signatures

Files

01acd670121069c00f59fe58b0258821499bb4dd78ef24398eecd0e416479d8b
.exe windows x86

9c67a4925654cd6a2a14af776b2ad105

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcp60

_Toupper

cryptnet

CertDllVerifyRevocation
CryptUninstallCancelRetrieval
CryptFlushTimeValidObject
CryptInstallCancelRetrieval
CryptRetrieveObjectByUrlA
DllRegisterServer
CryptGetTimeValidObject
CryptGetObjectUrl
LdapProvOpenStore
I_CryptNetGetHostNameFromUrl
I_CryptNetEnumUrlCacheEntry
DllUnregisterServer
CryptCancelAsyncRetrieval
CertDllVerifyCTLUsage
I_CryptNetGetUserDsStoreUrl
CryptRetrieveObjectByUrlW

msvbvm60

__vbaVarTextTstEq
__vbaLateIdStAd
rtcGetTimeVar
__vbaR4Sgn
PutMemNewObj
__vbaCyAbs
__vbaCyErrVar
rtcSendKeys
__vbaLsetFixstrFree
EVENT_SINK_QueryInterface
__vbaVarTextLikeVar
__vbaVarTextCmpNe
__vbaVarZero
rtcSplit
__vbaMidStmtVar
__vbaRsetFixstrFree
TipInvokeMethod
rtDecFromVar
__vbaVarTextTstGe
__vbaVarTextCmpGe
__vbaR8IntI4
__vbaAryRebase1Var
TipUnloadProject
rtcGetDayOfMonth
rtcVarFromVar
__vbaLbound
GetMem2
GetMem1
__vbaLdZeroAry
__vbaHresultCheckNonvirt
__vbaStrUI1
__vbaOnError
rtcMIRR
rtcBstrFromAnsi
rtcCos
__vbaFreeObjList
__vbaCyMul
__vbaVarCmpGt
__vbaPut4
__vbaStrToUnicode
BASIC_CLASS_AddRef
__vbaCyForNext
EbGetErrorInfo
_CIlog
Zombie_GetTypeInfoCount
__vbaPutFxStr3

kernel32

CreateDirectoryExA
CreateProcessInternalW
Thread32Next
LoadLibraryExA
ResetWriteWatch
TlsFree
DeleteFiber
GetStdHandle
CreateMutexW
GetProcAddress
EscapeCommFunction
VirtualFreeEx
WriteFileGather
QueueUserAPC
HeapQueryInformation
GetConsoleAliasesLengthW
GetLocaleInfoA
GetDiskFreeSpaceW
SetTapePosition
VirtualAlloc
SwitchToFiber
IsDBCSLeadByteEx
FlushConsoleInputBuffer
GetOverlappedResult
_lcreat
SignalObjectAndWait
Heap32Next
GetAtomNameW
WriteFileEx
GetLastError
GetProfileStringW
SetEnvironmentVariableA
PrivMoveFileIdentityW
GetVDMCurrentDirectories
LoadLibraryA
GetVolumeInformationW
MulDiv
GetDateFormatA
GetConsoleAliasExesLengthA
TlsGetValue
IsBadHugeWritePtr
VirtualUnlock
DnsHostnameToComputerNameA
EnumUILanguagesA
GetPrivateProfileSectionNamesW
CompareFileTime
SetConsoleCP
Process32First
RequestDeviceWakeup
MultiByteToWideChar

Sections

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 14.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 670KB - Virtual size: 669KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9c67a4925654cd6a2a14af776b2ad105

Headers

File Characteristics

Imports

msvcp60

cryptnet

msvbvm60

kernel32

Sections

.rsrc Size: 11KB - Virtual size: 11KB

.data Size: - Virtual size: 14.0MB

.text Size: 670KB - Virtual size: 669KB

.tls Size: 512B - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 11KB

.data
Size: - Virtual size: 14.0MB

.text
Size: 670KB - Virtual size: 669KB

.tls
Size: 512B - Virtual size: 4KB