40group[.]tiff

General

Target

40group.tiff
Size

380KB
MD5

f59b3c50d97fe7fa58001c345cbea37e
SHA1

0e4c394560faf7853bcd9d51b7c959f0a093eb74
SHA256

8d5d36c8ffb0a9c81b145aa40c1ff3475702fb0b5f9e08e0577bdc405087e635
SHA512

257fb961278b6ac0a399f8e16d7cd7219388010982bb3183cb3c21c5b691a78ae15098b5958e31a385d3ff0b0d35050d72202d70e46e9becdbe830b662994a65
SSDEEP

6144:gfmMGxnAR50hXwLhF0l2LF7PWbPINovTnJtKa6hVN:GmMGxAR5xLFQL6/N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40group.tiff

Files

40group.tiff
.exe windows x86

a713ac67fc869fe2220aee2ca9a6827b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
ord589
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
ord516
_adj_fprem1
ord518
__vbaStrCat
__vbaVarCmpNe
ord661
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
ord300
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord599
ord306
__vbaBoolVar
ord520
ord309
__vbaBoolVarNull
_CIsin
ord631
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaPrintObj
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
ord600
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
ord608
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
ord645
_CIlog
__vbaFileOpen
__vbaInStr
__vbaR8Str
__vbaVar2Vec
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord612
__vbaVerifyVarObj
__vbaFpI2
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
ord617
_CIatan
__vbaCastObj
__vbaStrMove
__vbaR8IntI4
ord650
ord543
_allmul
__vbaLateIdSt
ord544
_CItan
ord546
__vbaAryUnlock
ord547
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a713ac67fc869fe2220aee2ca9a6827b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 336KB - Virtual size: 335KB

.data Size: 4KB - Virtual size: 39KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 336KB - Virtual size: 335KB

.data
Size: 4KB - Virtual size: 39KB

.rsrc
Size: 36KB - Virtual size: 32KB