e41693ec75b2899e1e2d5bdc650e8b72[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

e41693ec75b2899e1e2d5bdc650e8b72.bin
Size

13KB
MD5

4a62beb1fbf8e84ba2ab3d8087f6a089
SHA1

7c43363fc414f19d342e88b9ab272ef5b75ba2ab
SHA256

fc5a3d15f7ea78b5ea1fa1d87b8710e19ed905c24dd9a60b0d4c3e06eb3c8170
SHA512

8e5cc18289d9e0a81adef407a34a983c893e784cd0eb0aa1f3e2c20e6cb29bdb24f60e692566d0ed6cd497cbe5d8ede9c5133e32e9824951137b1d99caf4b4b2
SSDEEP

192:C9vNkl30euiWiRtN+Q2ebVW0hGQ6nMIjZbSxIhNskoGzPYAoUiRA+7GGfxCdAGq:CXkl3rLW2tT3huMsRhOOSUia4GAxCpq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4e249b49c34512257e3cc6207524e43e78b848c457536c353babfba4bae44914.dll

Files

e41693ec75b2899e1e2d5bdc650e8b72.bin
.zip

Password: infected
4e249b49c34512257e3cc6207524e43e78b848c457536c353babfba4bae44914.dll
.dll regsvr32 windows x86

Password: infected

21d69e7bd3ac540ace65b29f87e9e248

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord518
ord519
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
EVENT_SINK2_Release
__vbaExitProc
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
_CIsin
ord632
ord525
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
Zombie_GetTypeInfoCount
__vbaRedim
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord648
__vbaVar2Vec
__vbaInStr
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord101
__vbaVarSetVar
ord102
ord103
ord689
ord104
ord105
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
ord616
__vbaVarLateMemCallLd
ord617
_CIatan
__vbaCastObj
ord618
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

21d69e7bd3ac540ace65b29f87e9e248

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB