c98dfa86cfaa78d96b5b8876febdbd8e08b4cbf7e01dd6ddb2bc59d6fffa8633

General

Target

c98dfa86cfaa78d96b5b8876febdbd8e08b4cbf7e01dd6ddb2bc59d6fffa8633
Size

78KB
MD5

4a59334b240966adeb910627b73a7659
SHA1

9b3f7a73f765fd313ac688093795a12f1eff8490
SHA256

c98dfa86cfaa78d96b5b8876febdbd8e08b4cbf7e01dd6ddb2bc59d6fffa8633
SHA512

c2a4a414f65d6ef30dcb6ba827822c3c13041d55d823d6e81ea5f7cdb5b5f43911f2b6475eb1c427ac3774f473ccc3f79e64330ae4fd4b736d0e22a083d10f43
SSDEEP

1536:a3xhRZHxVMt40lvQHWtpJsqdqi6g3yb9ShJC7D03izNY/XOA8dNqM4N:a3rTMmLHapqq0i93kSSnbNAXOJP4N

Score

N/A

Malware Config

Signatures

Files

c98dfa86cfaa78d96b5b8876febdbd8e08b4cbf7e01dd6ddb2bc59d6fffa8633
.cab
1.exe
.exe windows x86

76a03262564879ba52ba40c03a474c42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHGetValueW

shell32

ShellExecuteW

kernel32

VirtualFree
GetLastError
GetFullPathNameW
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentDirectoryA
GetDriveTypeA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LoadLibraryA
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileA
CloseHandle
FlushFileBuffers

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ppi.exe
.exe windows x86

52933075071aefe77709435d779567c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlMoveMemory

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
ord516
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
_CIsin
__vbaErase
ord631
__vbaVarZero
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaI2I4
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
ord717
__vbaUbound
__vbaVarCat
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
__vbaVar2Vec
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaFpI2
__vbaFpI4
ord616
_CIatan
ord618
__vbaUI1Str
__vbaStrMove
__vbaAryCopy
__vbaR8IntI4
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 312KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76a03262564879ba52ba40c03a474c42

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

shell32

kernel32

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

52933075071aefe77709435d779567c6

Headers

File Characteristics

Imports

kernel32

msvbvm60

Sections

.text Size: 312KB - Virtual size: 310KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 48KB - Virtual size: 44KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 312KB - Virtual size: 310KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 48KB - Virtual size: 44KB