1401915d836c196ac1d3db023ea654b5

General

Target

1401915d836c196ac1d3db023ea654b5
Size

288KB
MD5

1401915d836c196ac1d3db023ea654b5
SHA1

33d2922a1af680c6c3211c19d81518694dc2962d
SHA256

36d801a11dc17f960f1ec6b259dcb8cd2314a7ca6418f805c2b526686ce57db7
SHA512

b22a690bfb26e12b14b4e6562c196ac148d30e3753687a596981175b14409efc3754c7776958068de8cbd82e8d5329da74eb06c136742166f671481331811d8d
SSDEEP

6144:ggIjFPspy2jhf4djs2+440/YQoiZjdl3taU9tv35Rq:gB+N8+eYVivaU9tv3Xq

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CHEAAT~1.EXE
unpack001/PROMED~2.EXE

Files

1401915d836c196ac1d3db023ea654b5
.cab
CHEAAT~1.EXE
.exe windows:4 windows x86 arch:x86

18a8f1cc88bfbadd72d06bfd1a86f94c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetFileAttributesA
WaitForSingleObject
GetCurrentDirectoryA
GetPrivateProfileStringA
GetTempPathA
GetModuleFileNameA
SetCurrentDirectoryA
SetFileAttributesA
CloseHandle
GetLastError
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
WriteFile
CreateFileA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteFileA
GetStringTypeW
GetFullPathNameA
GetDriveTypeA
RtlUnwind
CreateDirectoryA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
ReadFile
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
LCMapStringA
LCMapStringW
GetStringTypeA

user32

GetDlgItem
SetWindowTextA
EndDialog
LoadIconA
UpdateWindow
LoadImageA
DialogBoxParamA
MessageBoxA
SendMessageA
GetWindowTextA

shell32

ShellExecuteExA
ShellExecuteA
SHGetDesktopFolder
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PROMED~2.EXE
.exe windows:4 windows x86 arch:x86

e2777a8ec6ab285d3c780a89d081f3bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
ord593
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarOr
__vbaStrR4
_adj_fpatan
__vbaR4Var
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarCmpEq
__vbaVarAdd
__vbaVarDup
__vbaFpI2
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18a8f1cc88bfbadd72d06bfd1a86f94c

Headers

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 8KB - Virtual size: 5KB

e2777a8ec6ab285d3c780a89d081f3bf

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 32KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB