SecuriteInfo[.]com[.]WIN[.]MACRO[.]SCRIPT[.]IRC[.]WORM[.]Virus[.]10774[.]19895[.]exe | Triage

Sharing

General

Target

SecuriteInfo.com.WIN.MACRO.SCRIPT.IRC.WORM.Virus.10774.19895.exe
Size

2.8MB
MD5

c11868d3bb172b2891c5b85dc32aa9a7
SHA1

f172c4779e51c56cc684fa40e54335b1fb1afc71
SHA256

c1b6839281cd3e6f3ae195552e698de0127abd5570880a93ec3add40d229eec9
SHA512

94001c9bfe2a0339f69e408a8069e554f847e3f945361e7309ab0382b2c5ae8eb0335b5c3526ebe814849718e90ed98292561932511f98c010d5049f4838b6a3
SSDEEP

12288:4x/puOfwTdsttmAgyAfsUgA2DhALKBfsnTIFM1vg914+JIUl9aJgnPYP:/OfLpBUnEFMtg9C+JIUraN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.WIN.MACRO.SCRIPT.IRC.WORM.Virus.10774.19895.exe

Files

SecuriteInfo.com.WIN.MACRO.SCRIPT.IRC.WORM.Virus.10774.19895.exe
.exe windows x86

4e3bb059a4bb7b776ab3c1ca8c44d314

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord518
ord626
ord553
ord660
ord666
ord593
ord594
ord595
ord520
ord522
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord560
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord608
ord716
ord531
ord532
ord534
ord535
ord645
ord570
ord576
ord577
ord578
ord685
ord100
ord610
ord613
ord617
ord619
ord542
ord545
ord580
ord581

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ