199f719affdf434be969f6860be673c6a1bed2ca5d7a83975289c89d46aca7f4

Sharing

Copy URL Twitter E-mail

General

Target

199f719affdf434be969f6860be673c6a1bed2ca5d7a83975289c89d46aca7f4
Size

2.7MB
MD5

ff3e94c124250db328f74bbcda63efaa
SHA1

9115bc76e19513b54121004439dbadefccb9db0c
SHA256

199f719affdf434be969f6860be673c6a1bed2ca5d7a83975289c89d46aca7f4
SHA512

e1cfd154fbc64d6217e4ddff82c018b241c6a2b0505b4ef30a427394e32262ebf05aec5db0b02dbf67fb79c659926d5d4862e66ed4d7518d3866311898f7ad9c
SSDEEP

49152:Q+o6i2gIa0v+QZ7Ndh8aGv5hIo2h5fvP7Jc0J7RiC4PafPfEwp0NCFd3ByfmhQrn:bta05ZJd702/Ly0HiNvwp0NC3IfmhQiC

Score

N/A

Malware Config

Signatures

Files

199f719affdf434be969f6860be673c6a1bed2ca5d7a83975289c89d46aca7f4
.exe windows x86

d5dde7e761fa6fcaea5a54956a037739

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcp60

_Toupper

kernel32

LoadLibraryA
GetDateFormatA
VirtualFreeEx
IsBadHugeWritePtr
CreateMutexW
DnsHostnameToComputerNameA
RequestDeviceWakeup
CreateDirectoryExA
TlsGetValue
WriteFileGather
GetConsoleAliasExesLengthA
SetConsoleCP
IsDBCSLeadByteEx
Module32First
TlsFree
SwitchToFiber
GetDiskFreeSpaceW
Thread32Next
HeapQueryInformation
GetConsoleAliasesLengthW
Process32First
PrivMoveFileIdentityW
CompareFileTime
ResetWriteWatch
GetProcAddress
GetAtomNameW
LoadLibraryExA
GetLastError
FlushConsoleInputBuffer
EnumUILanguagesA
GetLocaleInfoA
SignalObjectAndWait
CreateFiberEx
MulDiv
GetStdHandle
EscapeCommFunction
GetProfileStringW
GetPrivateProfileSectionNamesW
DeleteFiber
WriteFileEx
GetOverlappedResult
GetVolumeInformationW
CreateFileA
VirtualAlloc
GetVDMCurrentDirectories
CreateProcessInternalW
Heap32Next
VirtualUnlock
MultiByteToWideChar
SetTapePosition

msvbvm60

PutMemNewObj
__vbaCyMul
_CIlog
__vbaLdZeroAry
__vbaVarTextLikeVar
__vbaOnError
__vbaCyForNext
EVENT_SINK_QueryInterface
__vbaStrToUnicode
rtcGetDayOfMonth
__vbaVarTextTstGe
__vbaLbound
__vbaLateIdStAd
rtcBstrFromAnsi
__vbaLsetFixstrFree
__vbaR4Sgn
__vbaCyAbs
rtcSplit
Zombie_GetTypeInfoCount
rtcCos
__vbaPutFxStr3
EbGetErrorInfo
__vbaVarTextCmpNe
rtDecFromVar
__vbaMidStmtVar
__vbaFreeObjList
__vbaPut4
rtcSendKeys
rtcMIRR
TipUnloadProject
__vbaHresultCheckNonvirt
GetMem1
__vbaStrUI1
__vbaVarTextCmpGe
BASIC_CLASS_AddRef
rtcGetTimeVar
__vbaR8IntI4
__vbaVarZero
__vbaCyErrVar
__vbaVarTextTstEq
GetMem2
__vbaRsetFixstrFree
__vbaVarCmpGt
__vbaAryRebase1Var
rtcVarFromVar
TipInvokeMethod

cryptnet

CertDllVerifyRevocation
CryptUninstallCancelRetrieval
CertDllVerifyCTLUsage
CryptGetTimeValidObject
CryptRetrieveObjectByUrlW
I_CryptNetGetUserDsStoreUrl
LdapProvOpenStore
CryptInstallCancelRetrieval
CryptRetrieveObjectByUrlA
DllUnregisterServer
CryptCancelAsyncRetrieval
CryptGetObjectUrl
CryptFlushTimeValidObject
I_CryptNetGetHostNameFromUrl
I_CryptNetEnumUrlCacheEntry
DllRegisterServer

Sections

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 15.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5dde7e761fa6fcaea5a54956a037739

Headers

File Characteristics

Imports

msvcp60

kernel32

msvbvm60

cryptnet

Sections

.rsrc Size: 169KB - Virtual size: 169KB

.data Size: - Virtual size: 15.3MB

.text Size: 876KB - Virtual size: 876KB

.tls Size: 512B - Virtual size: 4KB

.rsrc
Size: 169KB - Virtual size: 169KB

.data
Size: - Virtual size: 15.3MB

.text
Size: 876KB - Virtual size: 876KB

.tls
Size: 512B - Virtual size: 4KB