evil2[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

evil2.7z
Size

50KB
MD5

5ee98d161e6da1c3659975ca6e988f1f
SHA1

c00116551e75045308f6d992b9e87490e4289aee
SHA256

13e920a281c68af53bc3d559b0b39b75268bad2407f3313f87653867701488a6
SHA512

dd4a8c984a5105154fff3ba32b123db73f2b0f4c14d492fcbf37197e4e0d497b9693d88b529a22e0bf465d0fe07b1ccb970d7fddef53453150c8a436076f6dc0
SSDEEP

768:qnj+XPFaHQGQKGBzgMWW+FCoHWEoMxnIPt+ahcJcuE0HYHvFR2dU1UvAVKnQqUtJ:m+/FawGE3+znoMyPFhcvE00vb2mJKQrX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6f47baf751d38446235f0db1756a852241c0209b5b55f83c6e4fa24d2c52eaef

Files

evil2.7z
.7z

Password: infected
6f47baf751d38446235f0db1756a852241c0209b5b55f83c6e4fa24d2c52eaef
.exe windows:4 windows x86

Password: infected

b5688d14696c0efcb4bfb3c1231064a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord518
ord626
ord598
ord520
ord525
EVENT_SINK_AddRef
ord528
ord529
ord560
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord531
ord716
ProcCallEngine
ord537
ord645
ord648
ord681
ord576
ord578
ord100
ord579
ord610
ord616
ord617
ord619
ord542
ord545
ord580

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ