d3478209ec72828d58681d526b217aa573b4c439bb09376851639b5a020e238d[.]zip

General

Target

d3478209ec72828d58681d526b217aa573b4c439bb09376851639b5a020e238d.zip
Size

8KB
MD5

a3576a4e1eca56f88f9b40439daa4c4f
SHA1

a4521a1b956e2f0c1382155dd0fc2caf26a04fee
SHA256

90677a010b05242658d1e336d25d590e0e020523a330fff6d0e487f08fc3f945
SHA512

c0634468987212e335c8daa382dc78d08ac0a366609fa46d245eec5805b6da9d7f74d01a1177b12aaebf49e09da614ac4bed66c27a59a9c9e56e508891c945de
SSDEEP

192:7m2JC8cIq7CJ1Qr5YlH8GKL+vnrs5/MyOsWmmL+uYcEDNpUM4kX:L5cV7CeOOLGsjOOmKjiL+

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TOCL_GwLog.exe

d3478209ec72828d58681d526b217aa573b4c439bb09376851639b5a020e238d.zip
.zip

Password: infected
TOCL_GwLog.exe
.exe windows:4 windows x86

44815f4301535f82c7b7ae35c97365e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord519
ord669
ord595
ord709
ord631
EVENT_SINK_AddRef
ord527
ord528
ord529
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord717
ProcCallEngine
ord537
ord645
ord648
ord571
ord681
ord100
ord616
ord617
ord618
ord650
ord546

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ