9bf94c9cd3f9b748c8e3deb923ccd49161f0100cbceaa2feb1121a21712136f8

Sharing

Copy URL Twitter E-mail

General

Target

9bf94c9cd3f9b748c8e3deb923ccd49161f0100cbceaa2feb1121a21712136f8
Size

600KB
MD5

63d76d2d9e10842bed00b14cec242cb0
SHA1

06789b1df62c704d302f03dde4a279e2b8c23f9f
SHA256

9bf94c9cd3f9b748c8e3deb923ccd49161f0100cbceaa2feb1121a21712136f8
SHA512

4a275596e21f77905ebec10b04dcd9023455a4d8d24cab5cc18f2e3306b4c101c26408e2dfab8fe61bc00b976783783eed5876121b829fbe724eb6c15f98dc4a
SSDEEP

12288:OY/aSgVPwLx9z3oIGHHr6KnJ2tSCiq7Fs8NkBTwWPmkfQw1kS+fVgauNYJaT+rSD:0E3o35Gn7Fs8NkBTwWPmEaSwVgsra6P8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bf94c9cd3f9b748c8e3deb923ccd49161f0100cbceaa2feb1121a21712136f8

Files

9bf94c9cd3f9b748c8e3deb923ccd49161f0100cbceaa2feb1121a21712136f8
.exe windows:4 windows x86

59f57cebec7930bfc2c680e9d83ab083

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwLoadDriver

user32

UnregisterHotKey
DispatchMessageA
GetMessageA
TranslateMessage
RegisterHotKey
SetLayeredWindowAttributes
GetCursorPos

psapi

EmptyWorkingSet
GetModuleInformation

kernel32

TerminateThread
RtlMoveMemory
GlobalFree
WriteProcessMemory
LoadLibraryA
FreeLibrary
VirtualProtectEx
OpenThread
CloseHandle
SetProcessWorkingSetSize
GlobalAlloc
GetTickCount
TerminateProcess
ReadProcessMemory

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaRedimPreserveVar
__vbaCyMul
__vbaFreeVar
__vbaAryMove
ord588
__vbaLineInputStr
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord516
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
__vbaCopyBytes
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
__vbaBoolErrVar
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaNameFile
__vbaLenVar
_adj_fdiv_m32
__vbaVarTstLe
ord666
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord592
ord593
__vbaExitProc
__vbaVarForInit
__vbaForEachCollObj
ord594
__vbaStrLike
__vbaObjSet
ord595
__vbaOnError
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
__vbaForEachCollVar
ord520
__vbaStrFixstr
ord522
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
__vbaErase
ord709
__vbaVarZero
ord632
__vbaNextEachCollObj
__vbaChkstk
__vbaCyVar
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaCyI2
__vbaExitEachColl
__vbaStrCmp
ord529
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaNextEachCollVar
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaR8Cy
__vbaCyUI1
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaRedimVar
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaStrUI1
__vbaExceptHandler
ord711
__vbaPrintFile
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord607
__vbaI2Str
ord608
ord716
ord531
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaR8Str
__vbaInStr
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
ord577
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
ord579
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaFpCy
__vbaAryLock
__vbaVarAdd
ord320
ord612
__vbaFreeVarg
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaAryVarVarg
__vbaFpI2
ord616
__vbaVarCopy
__vbaFpI4
__vbaVarLateMemCallLd
__vbaUnkVar
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaCastObj
__vbaR8IntI4
__vbaForEachVar
__vbaStrVarCopy
ord619
ord650
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
ord546
__vbaNextEachCollAd
__vbaUI1Var
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaRecAssign
__vbaFreeStr
__vbaFreeObj
ord580
ord581

Sections

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59f57cebec7930bfc2c680e9d83ab083

Headers

File Characteristics

Imports

ntdll

user32

psapi

kernel32

msvbvm60

Sections

.text Size: 584KB - Virtual size: 583KB

.data Size: 4KB - Virtual size: 35KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 584KB - Virtual size: 583KB

.data
Size: 4KB - Virtual size: 35KB

.rsrc
Size: 8KB - Virtual size: 5KB