6fc59bab397d53391bde198c2ea399de | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fc59bab397d53391bde198c2ea399de
Size

174KB
MD5

6fc59bab397d53391bde198c2ea399de
SHA1

20db7a3e6fd67e58996f58f3595e90a07d4d5383
SHA256

7ccd1027aad90f5ce3d37bcb9083cced7ae662089357e1246a01f3831bf02b46
SHA512

e2f41de3e15a0a0108d041c585e88cf721abff21cf93cd55159d6b7361b79a72d11cabacca450a84113934ef562282bd6071547089b73ed4e9c38297b27fc5c2
SSDEEP

3072:cges7wX39KsN4cEAkwQvsWm6Y0yiYIJ06e3VGgvUAFND+RGPZnH5AtGIif/idv8U:cgjuHEDJvq63YIJ0H39vFF8RWZnCnifU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQshuazuangongju/qqsz123.exe

Files

6fc59bab397d53391bde198c2ea399de
.rar
QQshuazuangongju/qqsz123.exe
.exe windows:4 windows x86 arch:x86

ce060f77c85b9ceac4133ebbea456222

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord319
ord534
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
ord320
ord321
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 1020KB - Virtual size: 1018KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQshuazuangongju/河源下载站-cngr.cn.url
.url
QQshuazuangongju/淘宝热卖.url
.url