0d78f8ff57b80051d420a65e662a6963 | Triage

Sharing

General

Target

0d78f8ff57b80051d420a65e662a6963
Size

180KB
MD5

0d78f8ff57b80051d420a65e662a6963
SHA1

36a6db3c959ec1428b9a6d4a4d8e27859f3578b1
SHA256

f5cfa030811c570f04948cbc8a217398558483bf5c415bf51633d50af8b3013f
SHA512

b367d91e24d7cf1476511a2d8bb0202fec89fee0b840984549503c060190d14995d2950fe50889afd358fd4b231da90e509e049f1ac66303fbd51036a015bf81
SSDEEP

3072:ODnR8TKwj5PPFJf4wiCNxQvMo05XqptaYjq0i2D0ef9CIKHFdhs/:ODR+dPPFdomQvMo1a0i20ebylk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d78f8ff57b80051d420a65e662a6963

Files

0d78f8ff57b80051d420a65e662a6963
.exe windows:4 windows x86 arch:x86

e447de45877c18793d699d2a1f54d97e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallWindowProcW

kernel32

GetProcAddress
RtlMoveMemory

msvbvm60

ord696
MethCallEngine
ord598
ord631
ord632
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
ord644
ord100
ord616

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE