0f28d9f5713a606bc1bc8554bb9fd694

General

Target

0f28d9f5713a606bc1bc8554bb9fd694
Size

934KB
MD5

0f28d9f5713a606bc1bc8554bb9fd694
SHA1

bf56f7f7dd8860e698f58aea2e2e658dbe705008
SHA256

080473b13a294961678932c9b543a55695995da095fbe446d2b7419ba894f618
SHA512

1de48bfe31388cc88d54ac0374f484291b43275991b0ee184febc39c7cb7b9e4aff1e31149e68adc56e63a76f3a41364b1c1f733ce80e3c126984349d08f5091
SSDEEP

24576:0KfWvLrUv+SVuPm+aGkIumDBqQOb2dr5CNiadAWOvja5:RkPUGsu++a2ume4EC5vjk

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MSNTRO~1.EXE
unpack001/msndll.exe

Files

0f28d9f5713a606bc1bc8554bb9fd694
.cab
MSNTRO~1.EXE
.exe windows:4 windows x86 arch:x86

d4a78e07997d20bdb9b2b485607fb592

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
ord583
ord585
ord694
ord588
MethCallEngine
EVENT_SINK_Invoke
ord516
ord517
ord518
ord519
ord553
ord665
ord667
Zombie_GetTypeInfo
ord591
ord595
ord598
ord599
ord520
ord709
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
DllFunctionCall
ord563
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord714
ord607
ord608
ord531
ord532
ord717
ord319
ord534
ProcCallEngine
ord535
ord644
ord537
ord648
ord570
ord572
ord681
ord576
ord685
ord578
ord100
ord579
ord320
ord321
ord614
ord616
ord617
ord618
ord619
ord542
ord543
ord544
ord545
ord547
ord581

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msndll.exe
.exe windows:4 windows x86 arch:x86

a4912284e917fd237ba3bcfdd9f2dda0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
ord516
_adj_fprem1
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
ord665
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord593
__vbaExitProc
ord594
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaVarZero
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaGet3
__vbaStrCmp
__vbaPutOwner3
__vbaAryConstruct2
DllFunctionCall
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaUI1ErrVar
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
ord717
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord537
ord644
ord645
_CIlog
__vbaFileOpen
ord648
ord570
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord578
ord100
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
ord617
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaR8IntI4
ord650
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4a78e07997d20bdb9b2b485607fb592

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: - Virtual size: 33KB

.rsrc Size: 768KB - Virtual size: 765KB

a4912284e917fd237ba3bcfdd9f2dda0

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 68KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: - Virtual size: 33KB

.rsrc
Size: 768KB - Virtual size: 765KB

.text
Size: 68KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 9KB