3172b0a7b3289872df586a9b82086df1 | Triage

Sharing

General

Target

3172b0a7b3289872df586a9b82086df1
Size

60KB
MD5

3172b0a7b3289872df586a9b82086df1
SHA1

759361255a67452cc4165f3923b86977249e28a3
SHA256

e0c0db566faa9ca565707bbd233dcf507118620f346e1e844f239f970024fe53
SHA512

6b0ed1e08a5aa5a43c4db4e8692b52b8bae517d3a6f7d170c150449a622f4c821770ad1c1180a321ec1d1c8907e8dd69599f603ac2c8da002ab16cadf3f751b8
SSDEEP

768:lMs8W62c///EeeuGQ9qzU5jdK/IwM0HolF9Ms:M12cvESGQwzU54IwxHolF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3172b0a7b3289872df586a9b82086df1

Files

3172b0a7b3289872df586a9b82086df1
.exe windows:4 windows x86 arch:x86

231145677913a1a365215eccef850762

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
RtlMoveMemory
GlobalFree
GetModuleHandleA
GlobalAlloc
GetTickCount

gdi32

GetDeviceCaps

user32

SetWindowsHookExA
UnhookWindowsHookEx
SetWindowLongA
GetDC
CallWindowProcA

msvbvm60

EVENT_SINK_GetIDsOfNames
ord694
MethCallEngine
EVENT_SINK_Invoke
ord516
ord626
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord301
ord520
ord307
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord607
ord716
ord319
ProcCallEngine
ord537
ord644
ord570
EVENT_SINK2_AddRef
ord681
ord100
ord320
ord321
ord616
ord617
ord650
ord546
ord581

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ