48c5c348a7e78af9e695b0b3bcd02e8c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48c5c348a7e78af9e695b0b3bcd02e8c
Size

294KB
MD5

48c5c348a7e78af9e695b0b3bcd02e8c
SHA1

cfaddd5850bb99f2e64794549fd3b70be2f390ad
SHA256

13efb830d981637ba74918a7ee80c59ad85594aee6570933bb412d54c114cd1a
SHA512

7442c988cd19368464aed3f6c27435b36f8a25cae16057531258fe920f0b2fdabfc72ad125cb9dd3b68270300f85470a55c6af7ae5cb25cfd70b34ea075c5cc8
SSDEEP

6144:cphS4+LAAbyVlj7LKCxRZn0m5P0jGXhuZKaxRWz/rWsSS5mtO1:cbS4+5byVn1F0SRvrWsSWmY1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TibiaBot NG 8.54.exe

Files

48c5c348a7e78af9e695b0b3bcd02e8c
.rar
TibiaBot NG 8.54.exe
.exe windows:4 windows x86 arch:x86

1393b9bcbc05e6fb2083bcb55e89de5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord518
ord666
ord593
ord594
ord595
ord631
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord606
ord717
ProcCallEngine
ord644
ord537
ord648
ord570
ord573
ord685
ord578
ord100
ord616
ord619
ord581

Sections

.yfger8f
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.atad2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

supN2
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ