e7fe15732700c07ee4cebb3b39c8608db1fedb9609fcc8c8727eff42460be351

Sharing

Copy URL Twitter E-mail

General

Target

e7fe15732700c07ee4cebb3b39c8608db1fedb9609fcc8c8727eff42460be351
Size

2.7MB
MD5

10d412d8d96483d56029644a3dd0a2f2
SHA1

79b7f57b71e1e349552f13aeb5b53fa116b2bb8d
SHA256

e7fe15732700c07ee4cebb3b39c8608db1fedb9609fcc8c8727eff42460be351
SHA512

fa7464a79b9e057224d22195eccd02dffcf3cd14463cc748e33ea7c12d0e0329ef4ea7ab50d42776088d99be6c661080cc1da88978ec6daaeb0f40245ff88b28
SSDEEP

49152:ZhvKKi1+PE95dhKrcJORfvP7Jc0J7RiC4PafPfEwp0NCFdoByfmhQrz35U1:3vzk+s9DgrcgLy0HiNvwp0NCoIfmhQi1

Score

N/A

Malware Config

Signatures

Files

e7fe15732700c07ee4cebb3b39c8608db1fedb9609fcc8c8727eff42460be351
.exe windows x86

db483a8ac3376d431e66402c348d297e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcp60

_Toupper

cryptnet

CryptGetTimeValidObject
I_CryptNetGetHostNameFromUrl
CryptRetrieveObjectByUrlW
CryptRetrieveObjectByUrlA
DllRegisterServer
I_CryptNetGetUserDsStoreUrl
CertDllVerifyCTLUsage
LdapProvOpenStore
CertDllVerifyRevocation
CryptUninstallCancelRetrieval
CryptFlushTimeValidObject
CryptCancelAsyncRetrieval
I_CryptNetEnumUrlCacheEntry
CryptGetObjectUrl
CryptInstallCancelRetrieval
DllUnregisterServer

kernel32

LoadLibraryExA
CreateDirectoryExA
LoadLibraryA
CreateMutexW
Process32First
PrivMoveFileIdentityW
GetConsoleAliasesLengthW
GetLastError
TlsGetValue
TlsFree
VirtualUnlock
GetVDMCurrentDirectories
VirtualFreeEx
SetConsoleCP
GetConsoleAliasExesLengthA
IsDBCSLeadByteEx
HeapWalk
DeleteFiber
QueueUserAPC
IsBadHugeWritePtr
RequestDeviceWakeup
GetDateFormatA
GetStdHandle
GetVolumeInformationW
CompareFileTime
VirtualAlloc
HeapQueryInformation
CreateFiberEx
GetProfileStringW
SetEnvironmentVariableA
WriteFileEx
FlushConsoleInputBuffer
DnsHostnameToComputerNameA
CreateFileA
ResetWriteWatch
GetPrivateProfileSectionNamesW
Thread32Next
MultiByteToWideChar
Heap32Next
GetLocaleInfoA
_lcreat
MulDiv
SwitchToFiber
EscapeCommFunction
EnumUILanguagesA
GetAtomNameW
GetDiskFreeSpaceW
WriteFileGather
GetProcAddress
GetOverlappedResult

msvbvm60

__vbaLsetFixstrFree
__vbaPut4
rtcCos
__vbaLateIdStAd
__vbaVarTextTstGe
__vbaVarTextCmpNe
TipUnloadProject
__vbaMidStmtVar
__vbaR8IntI4
__vbaStrUI1
_CIlog
__vbaVarTextCmpGe
__vbaRsetFixstrFree
EVENT_SINK_QueryInterface
__vbaVarZero
__vbaAryRebase1Var
Zombie_GetTypeInfoCount
rtcGetDayOfMonth
__vbaLdZeroAry
__vbaFreeObjList
__vbaCyMul
__vbaCyErrVar
rtcSendKeys
rtcMIRR
__vbaCyAbs
__vbaStrToUnicode
GetMem2
__vbaCyForNext
rtcVarFromVar
rtDecFromVar
__vbaVarCmpGt
TipInvokeMethod
rtcBstrFromAnsi
__vbaVarTextLikeVar
PutMemNewObj
BASIC_CLASS_AddRef
__vbaR4Sgn
__vbaPutFxStr3
rtcGetTimeVar
__vbaVarTextTstEq
GetMem1
rtcSplit
EbGetErrorInfo
__vbaHresultCheckNonvirt
__vbaOnError
__vbaLbound

Sections

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 15.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

db483a8ac3376d431e66402c348d297e

Headers

File Characteristics

Imports

msvcp60

cryptnet

kernel32

msvbvm60

Sections

.rsrc Size: 169KB - Virtual size: 169KB

.data Size: - Virtual size: 15.3MB

.text Size: 876KB - Virtual size: 875KB

.tls Size: 512B - Virtual size: 4KB

.rsrc
Size: 169KB - Virtual size: 169KB

.data
Size: - Virtual size: 15.3MB

.text
Size: 876KB - Virtual size: 875KB

.tls
Size: 512B - Virtual size: 4KB