vbscript[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

vbscript.zip
Size

284KB
MD5

8419946e4b6dbe714758470b249fcc25
SHA1

5cc1fea4ecb9ee3178345eb288a509708ccd7151
SHA256

a135168c92ae573bc834569003e48d7f1d2fc5a6eab82d7f7a44bee7c054e0c5
SHA512

a0d7feb55de33f5a738a1155b22b81c81a94f043a5f3530da6dd92b1db8e13393c889835f842e4221bb32f6494a4bca6b3743b75f07ed8d0b64ae6b92391dec4
SSDEEP

6144:ds4IpWIv5cfUKCwRJkpdIHZPZ90eGpJv1EeEX3dEVWEaYq:q4IBBcsKgKHZPZ91qMFX3dEVfaYq

Score

1^/10

Malware Config

Signatures

Files

vbscript.zip
.zip
README.txt
vbscript.dll
.dll regsvr32 windows x64

f4c60143cf421284bee5a7de66f69acb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

atoi
wcscspn
_snwprintf_s
_resetstkoflw
toupper
towlower
_statusfp
wcscpy_s
strcat_s
strrchr
_ultow_s
swprintf_s
_errno
_ltow
free
wcstol
bsearch
_wtoi
div
iswspace
ldiv
_ismbblead
memchr
_callnewh
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
_clearfp
_vsnwprintf
wcsncmp
strcpy_s
strtoul
_controlfp
longjmp
_purecall
sprintf_s
_wcsdup
realloc
_wcsnicmp
memmove
wcsncpy_s
_wcsicmp
wcschr
malloc
modf
_setjmp
atan
cos
exp
floor
floorf
fmod
log
memcmp
memcpy
memset
pow
sin
sqrt

oleaut32

SafeArrayDestroy
SafeArrayCreate
SafeArrayRedim
CreateTypeLi
VariantChangeTypeEx
VarDateFromUdate
VarUdateFromDate
VariantChangeType
OleLoadPicture
SafeArrayDestroyDescriptor
SafeArrayDestroyData
LoadTypeLibEx
GetActiveObject
GetErrorInfo
VarR8FromStr
VarDateFromStr
SafeArrayLock
SafeArrayUnlock
RegisterTypeLi
LoadTypeLi
VarBstrFromR4
VarBstrFromI4
VarBstrFromDate
VarBstrFromR8
VarBstrFromUI4
VariantCopy
VariantCopyInd
SysStringByteLen
VariantInit
SysAllocStringByteLen
LoadRegTypeLi
SysFreeString
CreateTypeLib2
SysReAllocString
SysAllocStringLen
VariantClear
SysStringLen
SysAllocString

kernel32

GetSystemDefaultLCID
VirtualProtect
WerGetFlags
WerSetFlags
GetModuleHandleW
CloseHandle
GetUserDefaultUILanguage
CreateFileMappingW
CreateFileW
GetVersionExW
FindResourceExW
GetSystemDefaultUILanguage
UnmapViewOfFile
MapViewOfFile
SearchPathW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
Sleep
DebugBreak
IsDebuggerPresent
UnhandledExceptionFilter
RaiseException
TerminateProcess
GetCurrentProcess
MulDiv
LCMapStringW
GetVersion
CompareStringA
SetLastError
LCMapStringA
CompareStringW
GetLocaleInfoW
GetDateFormatA
GetDateFormatW
GetLocalTime
LocaleNameToLCID
GetUserDefaultLangID
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetComputerNameA
TlsFree
TlsAlloc
TlsSetValue
LoadLibraryExA
LockResource
GetModuleFileNameW
SizeofResource
LoadResource
FreeResource
FindResourceA
GetVersionExA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
IsValidCodePage
GetProcAddress
GetACP
IsValidLocale
GetUserDefaultLCID
LoadLibraryExW
FreeLibrary
VirtualQuery
RtlCaptureContext
GetLocaleInfoA
GetCurrentThreadId
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
DelayLoadFailureHook

user32

EnableWindow
GetWindowRect
GetWindowLongPtrA
SendDlgItemMessageA
DrawTextW
SetForegroundWindow
DialogBoxParamW
GetClientRect
SendMessageA
GetDC
GetWindowTextW
ReleaseDC
GetDlgItem
EndDialog
GetDesktopWindow
SetWindowPos
ShowWindow
SetWindowLongPtrA
MessageBoxIndirectW
GetDlgItemTextW
MapWindowPoints
SetWindowTextW
WinHelpW
MoveWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4c60143cf421284bee5a7de66f69acb

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

kernel32

user32

Exports

Exports

Sections

.text Size: 426KB - Virtual size: 426KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 19KB - Virtual size: 20KB

.pdata Size: 20KB - Virtual size: 19KB

.didat Size: 512B - Virtual size: 248B

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 426KB - Virtual size: 426KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 19KB - Virtual size: 20KB

.pdata
Size: 20KB - Virtual size: 19KB

.didat
Size: 512B - Virtual size: 248B

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 5KB - Virtual size: 5KB