20a9a914f9c160e6ea438e93a2e53a3355e27766124684151ad85a34298559e8

Sharing

Copy URL

Twitter E-mail

General

Target

20a9a914f9c160e6ea438e93a2e53a3355e27766124684151ad85a34298559e8
Size

5.6MB
MD5

f49e3ae6385906e45462bda3522e3097
SHA1

b4fbb46cb94f7e2fca1b330b134af3f36a8279eb
SHA256

20a9a914f9c160e6ea438e93a2e53a3355e27766124684151ad85a34298559e8
SHA512

4fc7f295fe394b0a49b390cb4ab00397f11c4ffd9fc206517009f448c5e0044185dee66a80ca2403370f99abcd476279b1b5026db5ae387eaf7e65b2ebcead4e
SSDEEP

98304:YK39N1o74jrrpNnn46cFLDhGU7924w+gYMn6wl8FKBAb0nRi4/gKIafe5XQK:p39N1oIrpRn4hFBF99pb+bqFKaITgKIt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20a9a914f9c160e6ea438e93a2e53a3355e27766124684151ad85a34298559e8

Files

20a9a914f9c160e6ea438e93a2e53a3355e27766124684151ad85a34298559e8
.exe windows x86

8d2d86b4a247b0cf5909092309cf1565

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaCyMul
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
ord588
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord513
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
ord626
__vbaCopyBytes
__vbaStrCat
__vbaForEachCollAd
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
ord662
__vbaNameFile
ord556
_adj_fdiv_m32
__vbaAryVar
ord666
__vbaAryDestruct
ord669
__vbaExitProc
__vbaI4Abs
ord594
ord595
__vbaOnError
__vbaObjSet
__vbaCyAdd
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
__vbaStrFixstr
__vbaFPFix
__vbaVarTstLt
__vbaFpR8
_CIsin
__vbaErase
ord709
ord631
ord632
ord525
__vbaChkstk
__vbaFileClose
ord526
__vbaCyVar
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaStrCmp
__vbaCyI2
__vbaAryConstruct2
__vbaVarTstEq
__vbaCyI4
__vbaI2I4
__vbaPrintObj
__vbaObjVar
DllFunctionCall
__vbaFpUI1
__vbaCySub
__vbaCastObjVar
__vbaRedimPreserve
__vbaStrR4
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaR4Cy
__vbaStrR8
__vbaR8Cy
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaFpCmpCy
__vbaVarMul
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
ord608
__vbaFPException
ord717
__vbaInStrVar
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaR4ForNextCheck
__vbaGetOwner4
ord535
__vbaLsetFixstrFree
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord648
ord570
__vbaInStr
__vbaNew2
__vbaR8Str
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarSetVar
__vbaI4Var
__vbaForEachAry
__vbaFpCy
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord612
__vbaFpI2
__vbaFpI4
ord616
__vbaVarLateMemCallLd
ord617
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaAryCopy
ord618
__vbaCastObj
ord619
__vbaI4Cy
ord650
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
ord546
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaStrCy
__vbaFreeStr
__vbaFreeObj
ord581

kernel32

GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharUpperBuffW

Exports

Exports

�.�hG��{��9Xw��w{H�C�@��OT��7V�3&�J�Dc6�7�.��3JI2y�3_r��:��{4rn?�{��ީ��$��D]{�+N�̫T��k0��`5�ˈ<6ӿ� b�� /�i��HҼϕE��p�0��YL�rkh|�UW�\�I��`�r�܄iUo��ޮU��44�s��||*��HR�' HW� 9�{��@��b��-D��ȃ��W�_��a��HV|�CWbJ�S�̜C7�ʼ^ސ�-7n��M�+�ƒ�}B�V��8��|S~[�(��Q( J��B ��h�S��N>Y��Q��Ŕ��s�)�*L��n�@�M~&,�M܎J�}H=��kU�U0~��nT��Z��\�S��E�3v�a.�Iz��rK�OO�銍AUU(�Nx� H��4�5�z�g蜵 ��B�f�S �%��*�@lJ鄑A<�v��~��k��8��c��SK��j �ku5�]�W��3*@)J�#�ϰVh�0�tν~�>��,5�Ɵ�6��`��T��k�'��bx�[0�h�[$2Ly�f�.��?��:f/=-H?,2�8r�ř��Fb��^�T�\Fɸ�� -4��ޝC�@�PL�%[L��?��d\��X�Q��{�[q�s]�d�Sd-�ٿ��S��rX1=��or.Z�q^�z�]� ��Gu.p�Q��^pYI%��5}��_��b56$��:��.LҶ K�Y��BFK��<xh8m�iا�%�'/�)��v6Jvӌ�p�fH�Hؕ��P��.��)�ʪ�� %�0Ȕd ��*�|%J�#��<H��1�Y�%� ��R�e��*�l��w|�ڠ��.�gzw|�@��I��h4�׉��^�c��,D��,��/��"�T(,�f�S3��]�`1��۩�<��{��Wˌ]'�+'r�ݲ�3��Y��I%��<��L��W�%��h�!�� ֱ�r�ge��6��r�-��W��"��_-�0�k2�y�� S��~�Ӕ��H�Q��'N��x�i�Ӌ��7!�"��_�߬��2��<VK-a��"<F�)�D�ɟǤ�?��ѱm��S&��E��ߢ��7�j'V]}i�/P��OfS��)�)�;��щ��X̥�۪��uWCPc1Ȍ�q;P��3YP�*W��R�f��8Q*�"�)�Ԗ펌��Iz��w�|J/Ͱ��1(�R�9܂�2��^��hÇm��ۮ�!aL��$=3��wԑ��bC��c0�d��N��e@�?e@��{KJ�G�y��+�e A(�*�� *�n��͔{H��yo�x��ig�{��@.6�I�v��'��f�Yc`��O�\�� |6�Q3!�np 2Y��x�`��o��P�R��.� $g�p�P�D��j�|��Γ��Z%}��a1r�cU�1��1H�m�Ԧ2L��E�*�=�R\!�U�~��TqB_��iGM��J�(t��<�c5zf]<�b��f�-��i�3��-��p�]�˷ pi��^=5��OLH��q4g�ox��/��?|�̝6��?��ëf�� r]��r%��[��'��ur�ԉ��.h'�Q'�)��@ၙ�ꊹU��;L�:�ֆ�t��KR!Kt~�EB\��cQ��l3�Vqqh��4��vJ8��\TeB��X�i��_� ތ��5m��C+?��&��Fo��h�� V��6�j;�a��!&�!u>,��D��q�+(�u�>.o��<v�� G��;G��&��|�I��g��<��^ktY� ��k@XRt�ƽ�2j0��Q��t��]'.{m5Q��d��Mq��5�ؿ! ��L̯��9�yS4��D�z35ɣ�{g�4�٣�,�Q�Ad�&,ȿ'3�P%��c��[�mF��qXu��A=��)B��`b~��+��@��J/N}�:�z��ն�uInx0�n� �k^+��<�⸝!��D�Z�LCV�)�� /�$T{)%A0(q�p�JOg�1yq�Բ�F[�j�G��.WB[!y��u�V&i<:,��zD:�v�YR`�܊�g��@ ��A� H-J=F!�L�C�2��%K��|�Շ��ܻ(�ۋ��-��LLRK��OZŻda��JvN��o��e��RXYY�k*��t�3y*ʶ(!�edw]��i�8�'0�VY��g��<��FLE�b-F�[�>��"��Y+Ua ��5&1��*z�*9�O-��<� ��[��O��52�gs;b[+�Y#t��T�SوlҀԋ�+��^��"B��FX�է��2O�[��&�v�wfYAz�9�2��0v �j}�\ =A��P�;��BRC��U��։��hʑ�+��=�湧`�fC�f�r� 3��9�Nn��>0��b�q��qRxd�=�Q95�*��0��AI�ŋ.�J[ ��nm��lux�JkP} ]k"��9��R��9/}r E�5D�e�d5��ʁQ�y�5��vu�캓h'��]&H�a��"�Tg��N��g�U��Q��w�6$T (`J �J��Л M�*��gk�}��.��|s�utw�&��v`�p��Fɸ��h��?��D��8ƀ�aLv�d�ճ�RM�:��(�&��O�g8#_� )��+��ߢ�jۡ A/�6SW%=$��;#�� {��8�f윆�h��˝A�1?�r|w��0��֏�<��^��([�d>b�wq(1(��tl�޷�`��}��0|E)9(��Mw?RO��+��=�6�-q��&hN�Z��k��Q�{�÷8�NlT�wx�� V��6��c�7��o��V�`��

Sections

.text
Size: 584KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.E3s
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.{tU
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d]k
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d2d86b4a247b0cf5909092309cf1565

Headers

File Characteristics

Imports

msvbvm60

kernel32

user32

Exports

Exports

Sections

.text Size: 584KB - Virtual size: 580KB

.data Size: 4KB - Virtual size: 6KB

.E3s Size: 2.4MB - Virtual size: 2.4MB

.{tU Size: 4KB - Virtual size: 1KB

.d]k Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 448KB - Virtual size: 447KB

.text
Size: 584KB - Virtual size: 580KB

.data
Size: 4KB - Virtual size: 6KB

.E3s
Size: 2.4MB - Virtual size: 2.4MB

.{tU
Size: 4KB - Virtual size: 1KB

.d]k
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 448KB - Virtual size: 447KB