vbswg150b[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

vbswg150b.zip
Size

98KB
MD5

d15b48184164b22a6b74f1817e8b3360
SHA1

e78463054e18ab742bb612944e55c7981f6b7825
SHA256

6541252f370bf20867122908f7b030e0f2493a577e672339208ad726f6fb987e
SHA512

1e21e250c2a2d375dce3731977ec3f48d3ec16ba0bd4855c10df6e9725837a8c3d2b8f9d4e28c363907390ff5e1e66734f4541b1825a0190f39b77054a98525b
SSDEEP

3072:WRkAeAi7ZW6zcWzHO/c6hjIm9E0Rejm+Jx:+kei86zcWDO/p3ejJJx

Score

1^/10

Malware Config

Signatures

Files

vbswg150b.zip
.zip
History.txt
NewVbs/NewVbs.reg
NewVbs/Readme.txt
Readme.txt
Vbswg.exe
.exe windows x86

6d6bc664f75529c3f3e68a12f5619c78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
ord625
__vbaVarCmpNe
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
ord593
__vbaVarForInit
ord594
__vbaOnError
__vbaObjSet
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVar
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaR4Str
ord561
__vbaObjVar
__vbaAryConstruct
_adj_fpatan
__vbaR4Var
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
ord531
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaR8Str
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaVarDup
__vbaFpI2
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord619
__vbaR8IntI4
__vbaStrVarCopy
_allmul
_CItan
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sources/Antideletion.txt
.vbs
sources/Infectfiles-Search.txt
.vbs
sources/Mirc.txt
.vbs
sources/Outlook-Attached.txt
.vbs
sources/Outlook-InBody.txt
.vbs
sources/Pirch.txt
.vbs
sources/README FIRST.txt
sources/Startup.txt
.vbs

Sharing

General

Malware Config

Signatures

Files

6d6bc664f75529c3f3e68a12f5619c78

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 281KB - Virtual size: 281KB

.data Size: 512B - Virtual size: 25KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 281KB - Virtual size: 281KB

.data
Size: 512B - Virtual size: 25KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 22KB - Virtual size: 21KB