3b837c6bb108af8c90090488f47b882f[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b837c6bb108af8c90090488f47b882f.zip
Size

2.1MB
MD5

3b837c6bb108af8c90090488f47b882f
SHA1

ad7f5898ac0d77e5b85e8f4fd5811ba43bd080f8
SHA256

c92700910705fcee96e346a1518bc5989406693fb8fe4e52f5da609e732566f5
SHA512

a28050fc7407a75f3f0934ab78d42080d125e2c8775a755c9fd06e92f0411c9e15ba5d1cc89bf2f404ccb68f4eeaae1c44230933cf14a4f7183d9141be064616
SSDEEP

49152:b5u8cfCq+MITJ8rmNf5hxUHpiPPZyzbeIrFgB/gc8vO:bsCq+M+J4iriHp8BKrFgB/gc8G

Score

1^/10

Malware Config

Signatures

Files

3b837c6bb108af8c90090488f47b882f.zip
.zip
NEFT_Copy.bat
.exe windows x86

5d5f69b6ae1d72a10a7ed563a9cea6ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

PageSetupDlgA
PrintDlgA

kernel32

GlobalUnlock
RtlMoveMemory
GlobalLock

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord696
ord698
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord667
Zombie_GetTypeInfo
ord591
EVENT_SINK2_Release
ord593
ord594
ord301
ord595
ord596
ord303
ord598
ord305
ord520
ord307
ord309
ord709
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord313
ord712
ord606
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord650
ord581

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ